feat(iam): add ability to create IAM role descriptions

aws · Feb 9, 2020 · cee8825 · cee8825
1 parent bc0fe14
commit cee8825
Show file tree

Hide file tree

Showing 2 changed files with 74 additions and 0 deletions.
diff --git a/packages/@aws-cdk/aws-iam/lib/role.ts b/packages/@aws-cdk/aws-iam/lib/role.ts
@@ -122,6 +122,13 @@ export interface RoleProps {
    * @default Duration.hours(1)
    */
   readonly maxSessionDuration?: Duration;
+
+  /**
+   * A description of the role. It can be up to 1000 characters long.
+   *
+   * @default - No description.
+   */
+  readonly description?: string;
 }
 
 /**
@@ -293,6 +300,11 @@ export class Role extends Resource implements IRole {
     this.permissionsBoundary = props.permissionsBoundary;
     const maxSessionDuration = props.maxSessionDuration && props.maxSessionDuration.toSeconds();
     validateMaxSessionDuration(maxSessionDuration);
+    const description = (props.description && props.description?.length > 0) ? props.description : undefined;
+
+    if (description && description.length > 1000) {
+      throw new Error('Role description must be no longer than 1000 characters.');
+    }
 
     const role = new CfnRole(this, 'Resource', {
       assumeRolePolicyDocument: this.assumeRolePolicy as any,
@@ -302,6 +314,7 @@ export class Role extends Resource implements IRole {
       permissionsBoundary: this.permissionsBoundary ? this.permissionsBoundary.managedPolicyArn : undefined,
       roleName: this.physicalName,
       maxSessionDuration,
+      description
     });
 
     this.roleId = role.attrRoleId;

diff --git a/packages/@aws-cdk/aws-iam/test/role.test.ts b/packages/@aws-cdk/aws-iam/test/role.test.ts
@@ -345,4 +345,65 @@ describe('IAM role', () => {
       }
     });
   });
+
+  test('can have a description', () => {
+    const stack = new Stack();
+
+    new Role(stack, 'MyRole', {
+      assumedBy: new ServicePrincipal('sns.amazonaws.com'),
+      description: "This is a role description."
+    });
+
+    expect(stack).toMatchTemplate({ Resources:
+      { MyRoleF48FFE04:
+         { Type: 'AWS::IAM::Role',
+         Properties:
+          { AssumeRolePolicyDocument:
+           { Statement:
+            [ { Action: 'sts:AssumeRole',
+              Effect: 'Allow',
+              Principal: { Service: 'sns.amazonaws.com' } } ],
+              Version: '2012-10-17' },
+            Description: 'This is a role description.' } } } });
+  });
+
+  test('should not have an empty description', () => {
+    const stack = new Stack();
+
+    new Role(stack, 'MyRole', {
+      assumedBy: new ServicePrincipal('sns.amazonaws.com'),
+      description: ""
+    });
+
+    expect(stack).toMatchTemplate({ Resources:
+      { MyRoleF48FFE04:
+         { Type: 'AWS::IAM::Role',
+         Properties:
+          { AssumeRolePolicyDocument:
+           { Statement:
+            [ { Action: 'sts:AssumeRole',
+              Effect: 'Allow',
+              Principal: { Service: 'sns.amazonaws.com' } } ],
+              Version: '2012-10-17' }} } } });
+  });
+
+  test('description can only be 1000 characters long', () => {
+    const stack = new Stack();
+
+    expect(() => {
+      new Role(stack, 'MyRole', {
+        assumedBy: new ServicePrincipal('sns.amazonaws.com'),
+        description: "1000+ character long description: Lorem ipsum dolor sit amet, consectetuer adipiscing elit. \
+        Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, \
+        nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat \
+        massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate eget, arcu. In enim justo, rhoncus ut, \
+        imperdiet a, venenatis vitae, justo. Nullam dictum felis eu pede mollis pretium. Integer tincidunt. Cras dapibus. \
+        Vivamus elementum semper nisi. Aenean vulputate eleifend tellus. Aenean leo ligula, porttitor eu, consequat vitae, \
+        eleifend ac, enim. Aliquam lorem ante, dapibus in, viverra quis, feugiat a, tellus. Phasellus viverra nulla ut metus \
+        varius laoreet. Quisque rutrum. Aenean imperdiet. Etiam ultricies nisi vel augue. Curabitur ullamcorper ultricies nisi. \
+        Nam eget dui. Etiam rhoncus. Maecenas tempus, tellus eget condimentum rhoncus, sem quam semper libero, sit amet adipiscing \
+        sem neque sed ipsum."
+      });
+    }).toThrow(/Role description must be no longer than 1000 characters./);
+  });
 });