I'm fairly new to AWS I created a role and now I've found I need another. Is there away to join multiple roles to make another or do I have to just build something new ?
Resources:
ECROLE:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser
EXTRAROLE:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
ECROLEINSTANCEPROFILE:
Type: "AWS::IAM::InstanceProfile"
Properties:
Path: /
Roles:
- !Ref ECROLE
I'd like to just add something here ... - !Ref EXTRAROLE
InstanceProfileName: ECROLEINSTANCEPROFILE
Outputs:
ECROLEKEY:
Description: Role to be used for interacting with ECR.
Value: !Ref ECROLE
Export:
Name: ECROLEOUTPUT
In the AWS::IAM::InstanceProfile" stanza I've put the kind of thing I was thinking ...
Thanks
The Roles property in AWS::IAM::InstanceProfile is currently limited to exactly 1 Role (see AWS::IAM::InstanceProfile Roles.
Creating a new Role is going to be your best bet.
If you find that you are sharing permissions between a number of different roles, then creating reusable Managed Policies will help with that. That said, in your example, you're already using existing managed policies.