AWS Cloudformation DB Instance IAM Roles

Question

I'm trying to associate an IAM role with by DB Instance as documented here: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Authorizing.IAM.AddRoleToDBCluster.html

I can do it via the UI and see if via:

aws rds describe-db-instances --db-instance-identifier=myInstanceName
...
            "AssociatedRoles": [
                {
                    "RoleArn": "arn:aws:iam::123456789123:role/myRoleName",
                    "FeatureName": "s3Import",
                    "Status": "ACTIVE"
                }
            ]
...

However I cannot find any reference of how to set this via cloud formation.

I tried setting AssociatedRoles but it fails saying:

Encountered unsupported property AssociatedRoles

jbasko jbasko · Accepted Answer · 2019-05-10T08:43:40

I think you can't do it with CloudFormation (unless, of course, you build a custom resource, but if you don't know how to do it already it will be an overkill).

AWS Cloudformation DB Instance IAM Roles

1 Answers