fix(iam): Role.fromRoleName fails on AWS created roles (#25389)

This reverts commit 637fc6a.

Fixes #25360

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

packages/aws-cdk-lib/aws-iam/lib/role.ts

@@ -320,10 +320,6 @@ export class Role extends Resource implements IRole {
    * @param options allow customizing the behavior of the returned role
    */
   public static fromRoleName(scope: Construct, id: string, roleName: string, options: FromRoleNameOptions = {}) {
-    // Validate the role name only if not a token
-    if (!Token.isUnresolved(roleName)) {
-      this.validateRoleName(roleName);
-    }
     return Role.fromRoleArn(scope, id, Stack.of(scope).formatArn({
       region: '',
       service: 'iam',
@@ -373,15 +369,6 @@ export class Role extends Resource implements IRole {
     });
   }
 
-  private static validateRoleName(roleName: string) {
-    // https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html
-    const regexp: RegExp = /[\w+=,.@-]+/;
-    const matches = regexp.exec(roleName);
-    if (!(matches && matches.length === 1 && matches[0] === roleName)) {
-      throw new Error(`The role name ${roleName} does not match the IAM conventions.`);
-    }
-  }
-
   public readonly grantPrincipal: IPrincipal = this;
   public readonly principalAccount: string | undefined = this.env.account;
 

packages/aws-cdk-lib/aws-iam/test/role.test.ts

@@ -1294,14 +1294,3 @@ test('cross-env role ARNs include path', () => {
     },
   });
 });
-
-test('fromRoleName should validate role name (only if not a token)', () => {
-  const app = new App();
-  const stack = new Stack(app, 'MyStack');
-  expect(() => {
-    Role.fromRoleName(stack, 'Invalid role name', 'arn:aws:iam::***:role/myrole');
-  }).toThrow(/does not match the IAM conventions/);
-  expect(() => {
-    Role.fromRoleName(stack, 'Token', '${Token[TOKEN.26]}');
-  }).not.toThrow();
-});