Menu
In the AWS Console there is an option to set a description for an IAM Role. How do you do this with CloudFormation? The documentation does not state how to do this. So far I have tried.
Resources:
MyRole:
Type: "AWS::IAM::Role"
Properties:
Description: My Description
Resulting error: No actual CF error, but this description does not show in the Console
Resources:
MyRole:
Type: "AWS::IAM::Role"
Description: My Description
Properties:
.....
Resulting error: "Encountered unsupported property Description"
Resources:
MyRole:
Type: "AWS::IAM::Role"
Properties:
Tags:
Key: Description
Value: My Description
Resulting error: "Encountered unsupported property Tags"
Resources:
MyRole:
Type: "AWS::IAM::Role"
Tags:
Key: Description
Value: My Description
Properties:
.....
Resulting error: "Encountered unsupported property Tags"
444
An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS.
In the AWS Management Console section, under Delegate console access, choose the IAM role name for the existing IAM role that you want to assign users to. If the role has not yet been created, then create a New Role.
In order to assign an existing IAM role to an AWS Directory Service user or group, the role must have a trust relationship with AWS Directory Service. Here are the steps below to assign users or groups to an IAM role. 1. First, access the AWS Directory Service console navigation pane, here choose Directories.
IAM roles work like this: When a user logs in to your app, Amazon Cognito generates temporary AWS credentials for the user. These temporary credentials are associated with a specific IAM role. The IAM role lets you define a set of permissions to access your AWS resources.
Update November 2019:
The Description field is now supported in CloudFormation.
Properties:
AssumeRolePolicyDocument: Json
Description: String <--- Here
ManagedPolicyArns:
- String
MaxSessionDuration: Integer
Path: String
PermissionsBoundary: String
Policies:
- Policy
RoleName: String
Tags:
- Tag
Tested and can confirm John Rotenstein's answer remains the best option as of 29/Mar/2019. Sometimes updates can sneak in without making the documentation, but not in this case unfortunately.
(Would have preferred to put this as a comment however the reputation requirement is a pain)
Edit: July/2019 - Still no update, however this can be done through the SDK
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
