DeployTimeSubstitutedFile: should allow passing IAM role

[antoniordz96]

Describe the feature

DeployTimeSubstitutedFile is an extension of BucketDeployment that allows users to upload individual files and specify to make substitutions in the file.

Our CDK assets bucket is encrypted and we need to grant the DeployTimeSubstitutedFile access to our KMS key. In the past we have used BucketDeployment and passed a role via the BucketDeployment props with right set of permissions.

Reference: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3_deployment.BucketDeployment.html#role

Use Case

Fetch assets from encrypted KMS S3 Buckets

Proposed Solution

Expose the role as parameter within DeployTimeSubstitutedFileProps and pass it down to BucketDeployment parent

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

2.93.0

Environment details (OS name and version, etc.)

Mac

[peterwoodworth]

Makes sense to me, we should allow role configurability whenever possible. Thanks for the request!

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.