aws cdk-import: Cannot import IAM Inline Policies using cdk-import
feature
#26420
Labels
@aws-cdk/aws-iam
Related to AWS Identity and Access Management
bug
This issue is a bug.
p1
package/tools
Related to AWS CDK Tools or CLI
Describe the bug
I have an existing IAM Group/User/Role that has inline policies attached to it, in my AWS console account.
For instance: Construct code of an existing IAM group with one inline policy attached to it -
When I'm trying to import this IAM resource along with its inline policies using
cdk-import
feature, the cli command skips importing inline policies with warningunsupported resource type
and imports just the IAM resource.I am also unable to add any existing inline policy (using
attachInlinePolicy
) after the IAM resource is imported.When I do a
cdk diff
, I can see that the IAM group and inline policy are seen as two individual resources for creation into the stack.But when I try
cdk import
oncecdk deploy
fails with error messageSample-group already exists
, the inline policy is getting skipped from import.And running another
cdk import
orcdk deploy
didn't work either.Is importing IAM inline policies not yet supported in
cdk-import
feature? or am I doing something wrong here?If so, what is the recommended way w.r.t importing IAM Inline Policies?
Expected Behavior
IAM Inline Policies should be successfully imported like other IAM resources using the
cdk-import
feature (during or after the IAM resources, that these policies are attached to, are imported).Current Behavior
IAM Inline Policies are getting skipped from import operation with error message "
unsupported resource type AWS::IAM::Policy, skipping import
", whereas performingcdk deploy <stack_name>
fails with error message - "Sample-Inline already exists on the group Sample-group
".Reproduction Steps
cdk diff <stack_name>
to confirm if two resources (group, inline policy) are listed for creation in the stack.cdk deploy <stack_name>
). It fails with error like - "<iam_group_name> already exists
"cdk import <stack_name>
and confirm the import operation on the resources. The IAM group will be imported successfully, but inline policy will be skipped from import, with error message "unsupported resource type AWS::IAM::Policy, skipping import
".Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.85.0 (build 4e0d726)
Framework Version
No response
Node.js Version
v16.20.0
OS
MacOs
Language
Typescript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: