Enhancement | Add steps and example code when creating new Roles in the Ref-Arch

[marianod92]

When a new Role is created in the ref-arch to access AWS accounts, for example, a Developer role, the commands given in this document do not generate the records for that profile/role in the ~/.aws/[PROJECT]/config file.

While mitigating this issue, as a workaround it would be useful to add in the reference documentation how to manually edit the ~/.aws/[PROJECT]/config file.

[profile PROJECT-shared-developers]
output = json
region = us-east-2
role_arn = arn:aws:iam::ACCOUNT_ID:role/Developers
source_profile = PROJECT-security
mfa_serial = arn:aws:iam::ACCOUNT_ID:mfa/[YOUR_USERNAME]
[profile PROJECT-apps-devstg-developers]
output = json
region = us-east-2
role_arn = arn:aws:iam::ACCOUNT_ID:role/Developers
source_profile = PROJECT-security
mfa_serial = arn:aws:iam::ACCOUNT_ID:mfa/[YOUR_USERNAME]
[profile PROJECT-apps-prd-developers]
output = json
region = us-east-2
role_arn = arn:aws:iam::ACCOUNT_ID:role/Developers
source_profile = PROJECT-security
mfa_serial = arn:aws:iam::ACCOUNT_ID:mfa/[YOUR_USERNAME]
...

Below is an example block used for one of the configurations already running:

Also, if possible, it would be very useful to add the steps to create a new role (with code examples) and to add a user to an IAM group.