Role.addManagedPolicy does not work for imported roles #8307
Description
Inconsistent Behavior: aws_iam.Role.attachManagedPolicy vs aws_iam.ManagedPolicy.attachToRole
The Scenario
TLDR; aws_iam.Role.attachManagedPolicy does not attach the specified managed policy to the role, aws_iam.ManagedPolicy.attachToRole does.
I have two stacks: one stack deploys roles another deploys an application stack (both are in the same account). The roles stack is deployed first.
In the application stack, I would like to attach a managed policy to a role in the first.
Attempting to use aws_iam.Role.attachManagedPolicy does not create the association but aws_iam.ManagedPolicy.attachToRole does.
Environment
- CDK CLI Version: 1.39.0 (build 5d727c1)
- Module Version: 1.38.0
- Node.js Version: v14.0.0
- OS: macOS Mojave 10.14.6 (18G4032)
- Language: Typescript and Python
Other information
Steps to reproduce
- Deploy one stack with an IAM role
- In a second stack create a managed policy
- In the second stack Import the role using aws_iam.Role.fromRoleArn (importedRole)
- In the second stack attempt to add the managed policy to importedRole via importedRole.attachManagedPolicy
Observed
- cdk synth does not show any associations made between the role and the managed policy
- using ManagedPolicy.attachToRole works however
Expected
- cdk synth (and subsequently) cdk deploy should associate the role and managed policy when Role.attachManagedPolicy is used