[s3] BucketNotifications should take an IRole #9918
Description
I would like to have the ability to be able to point to an existing IAM role when CDK needs to provision a lambda to extend cloudformation functionality
Use Case
CDK provisions lambdas to extend certain features that CloudFormation can not provide on its own. An example would be when attaching notifications to S3 bucket. CDK would provision BucketNotificationsHandler, which would consist of a lambda, iam role and iam policy being provisioned. However this is a problem for some enterprise customers such as myself, where our company will not allow the provisioning of IAM roles through cloudformation.
Proposed Solution
Quick solution would be an optional IRole argument on resources where potentially a lambda that CDK uses could be created.
Ideally I think when doing CDK bootstrap, all lambdas that CDK requires should be provisioned so that it doesn't contaminate stacks with resources that users might not know of. Then CDK bootstrap command could be extended for increase control of IAM roles, policies and resources that will be provisioned.
Other
- 👋 I may be able to implement this feature request
-
⚠️ This feature might incur a breaking change
This is a 🚀 Feature Request