Feature Request: Support "ResourcePrefix:" argument for image-builder pipeline

[chrisdag]

Iam:
  ResourcePrefix:  <string>

... has been invaluable in deploying parallelcluster stacks in environments where the deploy user has an IAM Permission Boundary constraining certain actions, especially IAM roles or instance profiles made without a specific prefix pattern when naming the created resource.

However, in the same account with the same IAM Permission Boundary, we cannot generate custom parallelcluster AMIs using the native image builder process because image-builder does not support the IAM ResourcePrefix parameter and thus tries to create IAM roles beginning with prefix path "/parallelcluster" -- an action that is prohibited by the IAM Permission Boundary because the IAM role does not begin with the "authorized" prefix pattern.

If possible it would be great if the image building pipeline would also support a custom IAM: ResourcePrefix parameter!

Thanks!

[himani2411]

Hi @chrisdag

Thanks for reaching out. Happy to see that ResourcePrefix is helpful!
I will add this as a Feature Request in our Backlog.

[Mideky-hub]

Trying to take on it today. @himani2411, surely a PR later in the day