iam: policy names attached to imported resources conflict with each other

[amwill04]

Unable to change to a dynamic policy name when using grantXXX() api.

Given the following within a stack:

const queue = new Queue(this, 'ICEQuoteQueue', {
    queueName: `a-queue-${this.props.environment}`,
    deliveryDelay: Duration.seconds(0),
    visibilityTimeout: Duration.seconds(30),
    retentionPeriod: Duration.days(4),
    receiveMessageWaitTime: Duration.seconds(0),
});
const group = Group.fromGroupArn(
    this,
    'Group',
    this.formatArn({ resource: 'group', service: 'iam', resourceName: 'Name' })
);

queue.grantSendMessages(group)

if I am to create multiple templates the above will create the same policy name meaning that anthing on the same account will override the policy statement.

Therefore if i deploy dev followed by test I will lose the send permissions in dev

Environment

• **CLI Version :1.33.1
• **Framework Version:1.33.1
• **OS :macos
• **Language :typescript

[rix0rrr]

This is probably not solveable in general, but maybe we can make it slightly less likely to collide by adding in the stack name or something.

[acere]

Encountered the same issue when granting privileges to the same IAM roles from two different stacks.
Is there any update on workarounds to rename the IAM policies created by grant* methods?

[github-actions]

This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

[thomaswr]

Having the same issue with granting permissions to imported IAM users in two different stacks.
My current workaround is to include the stack name in the id of the imported user.
But very easy to miss that.