aws-sam-cli
aws-sam-cli copied to clipboard
aws
Bootstrap doesn't support --role_arn
Description
Running sam deploy --guided the first time to create the S3 bucket via a CloudFormation template, the --role_arn parameter isn't supported in https://github.com/awslabs/aws-sam-cli/blob/master/samcli/lib/bootstrap/bootstrap.py
Steps to reproduce
Run sam deploy --guided and it fails because we have policies that require all CloudFormation stacks to use a specific role.
Observed result
Please provide command output with --debug flag set.
Expected result
I'm able to run sam deploy --guided --role_arn <my_role_arn> and SAM will provision it's CloudFormation stack with the role I specified.
Additional environment details (Ex: Windows, Mac, Amazon Linux etc)
- OS: Mac
sam --version: SAM CLI, version 0.47.0
Would you accept a pull request adding this?
sam deploy does support --role-arn
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-deploy.html
@sriram-mv correct, but if it needs to bootstrap the S3 bucket, the role_arn does not get used.
Makes sense, in the meantime a workaround is setup the role_arn in a aws profile and pass in that profile during guided.
sam deploy -g --profile role_profile
@sriram-mv the CloudFormation role we are using isn't assume-able by users, it's a service role, so I don't think what you proposed would work
@sriram-mv thoughts on including https://github.com/awslabs/aws-sam-cli/pull/1933 in an upcoming release? It would simplify our getting started activities