Is there a way of dealing with circular dependencies such as Create an aws role in account A that can assume a role in account B, create that role in account B and allow it's trust policy to only be assumable by the role created in account A?
09/23/2019, 7:13 PM
In general most of the AWS resources that have this problem have a separate resource that you can use to break the cycle - like RolePolicyAttachment which can be created later than the Role.
The specifics would depend on your exact use case.
If it so happens that there are not available resources for your case - I’d be interested to understand it - but the solution then may be to conditionally create some of the resources and then need a two-step deployment process. But that shouldn’t be necessary.