feat(autoscaling): bring your own IAM role (#1727)

Allow specifying an IAM role (`IRole`) when defining an AutoScalingGroup. This allows either passing a role created in the same stack or passing in an imported role. Fixes #1701
aws · Feb 11, 2019 · 2016b8d · 2016b8d
1 parent 016a5d6
commit 2016b8d
Show file tree

Hide file tree

Showing 4 changed files with 675 additions and 2 deletions.
diff --git a/packages/@aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts b/packages/@aws-cdk/aws-autoscaling/lib/auto-scaling-group.ts
@@ -159,6 +159,21 @@ export interface AutoScalingGroupProps extends CommonAutoScalingGroupProps {
    * AMI to launch
    */
   machineImage: ec2.IMachineImageSource;
+
+  /**
+   * An IAM role to associate with the instance profile assigned to this Auto Scaling Group.
+   *
+   * The role must be assumable by the service principal `ec2.amazonaws.com`:
+   *
+   * @example
+   *
+   *    const role = new iam.Role(this, 'MyRole', {
+   *      assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com')
+   *    });
+   *
+   * @default A role will automatically be created, it can be accessed via the `role` property
+   */
+  role?: iam.IRole;
 }
 
 /**
@@ -187,7 +202,7 @@ export class AutoScalingGroup extends cdk.Construct implements IAutoScalingGroup
   /**
    * The IAM role assumed by instances of this fleet.
    */
-  public readonly role: iam.Role;
+  public readonly role: iam.IRole;
 
   /**
    * Name of the AutoScalingGroup
@@ -217,7 +232,7 @@ export class AutoScalingGroup extends cdk.Construct implements IAutoScalingGroup
     this.securityGroups.push(this.securityGroup);
     this.apply(new cdk.Tag(NAME_TAG, this.node.path));
 
-    this.role = new iam.Role(this, 'InstanceRole', {
+    this.role = props.role || new iam.Role(this, 'InstanceRole', {
       assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com')
     });