-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS IAM: Unable to add AWSBackupServiceRolePolicyForBackup #30363
Comments
Hi @Roedy13 , thanks for reaching out. I see that the 2 roles mentioned generate diff arns -
Issue happens when the first policy arn is not generated correctly. In the CDK Docs, I found that for policies which have arn preceded by
So changing the code - managedPolicies: [
aws_iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSBackupServiceRolePolicyForBackup'), which is deployed successfully. Please let me know if this works for you. |
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
That seems to work. Thanks! |
|
Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one. |
Describe the bug
I'm trying to create a backup role with the policies "AWSBackupServiceRolePolicyForBackup" and "AWSBackupServiceRolePolicyForS3Backup"
Expected Behavior
I expect a role to be created with the attached permissions
Current Behavior
When I run this code, I get a CDK error:
Notice the the ARN listed for this role is NOT the same as the arn from the IAM webconsole, which is
arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup
Reproduction Steps
Try to deploy the code above
Possible Solution
I'm assuming that the ARN isn't being generated correctly from "aws_iam.ManagedPolicy.from_aws_managed_policy_name"
When I change the above code to
It works as expected
Additional Information/Context
No response
CDK CLI Version
2.142.1 (build ed4e152)
Framework Version
aws-cdk@2.142.1
Node.js Version
v18.18.2
OS
Debian 12
Language
Python
Language Version
3.12.1
Other information
No response
The text was updated successfully, but these errors were encountered: