Serverless::Function does not propagate its tags to the generated IAM::Role resource

[kgeisink]

Description:

I am using cfn-python-lint with a custom validation rule to make sure that all resources which are taggable have the Tags property defined. When validating a template with an AWS::Serverless::Function resource (for example named MakeCoffee), the CloudFormation linter fails with the error 'Missing Tags Properties for Resources/MakeCoffeeRole/Properties'.

IAM::Role has only been taggable since August 29th, so I don't know whether this counts as a bug or a feature.

Steps to reproduce the issue:

1. Define a Serverless::Function resource with a Tags property in a template.
2. Deploy the template.

Edit: Just found out this is also reproducible by specifying a DeploymentPreference, as the generated CodeDeployServiceRole does not have tags either.

Observed result:

Generated IAM::Role is not tagged.

Expected result:

Generated IAM::Role should be tagged.

Additional information:

I found this related issue which solved the same problem for the ApiGateway::Stage resource generated from Serverless::Api: #384

[ShreyaGangishetty]

@kgeisink This sounds like a good feature to have in SAM!
It's a simple change to add this feature. For AWS::Serverless::Function you can look at how we add tags here. Similarly, you can add tags to IAM Role here

[mhaley-miovision]

@ShreyaGangishetty I see this was merged into develop back in October. When can we see this get officially released?