Manage AWS service-linked roles in a better way.
Project description
Upsert Service-Linked Role
AWS CDK construct to create a service-linked role (SLR) if there is no SLR for the same service, and if there is, skip the creation process.
Features
- Create a service-linked role. If it is already created in the same AWS account, just skip the creation.
- Standalone CFn template since no CDK assets are used. We use inline code for the Lambda function.
- Sleep some time after role creation to wait for IAM propagation.
Usage
npm install upsert-slr
import { ServiceLinkedRole } from 'upsert-slr';
new ServiceLinkedRole(this, 'ElasticsearchSlr', {
awsServiceName: 'es.amazonaws.com',
description: 'Service linked role for Elasticsearch',
});
Why do we need this?
CloudFormation also supports a service-linked role (doc). Why do we need this?
Because the resource behaves strangely when there is already a role with the same name. All we need is to simply create a role, and skip it if it already exists. Such behavior as upsert is achieved by this construct, upsert-slr
.
Also, even if CFn successfully creates a role, resources that depend on the role sometimes fail to be created because there is sometimes a delay before the role is actually available. See this stack overflow for more details.
To avoid the IAM propagation delay, this construct also waits for some time after a role is created.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for upsert_slr-1.0.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6ddcf1939f38481a037aa3bde1724d68ce88747f9337b4c1f0fca5a1adb63ea6 |
|
MD5 | 9f1323a50f3a2de4213201f03913e189 |
|
BLAKE2b-256 | 70d585098aa768a2776f034fb6e260247f256166ded909e24e0aac2d7b9572de |