fast-vegetable-68654
05/12/2021, 3:10 PMrootAccountId
) and use it when creating the principal for a role.
const rootAccountId = organization.getOutput('rootAccountId'); <-- output from another stack
const adminRole = createRole({
allowedActions: accountRoles.admin,
principal: {
AWS: [rootAccountId.apply((id) => `arn:aws:iam::${id}:root`)],
},
roleName: 'admin',
});
export function createRole({
allowedActions,
principal,
roleName,
}: {
allowedActions: string[];
principal: aws.iam.Principal;
roleName: string;
}) {
const role = new aws.iam.Role(`${roleName}-role`, {
assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal(principal),
});
...
}