CloudFormation: AWS::IAM::Role now supports RoleId (#7442)

getmoto · Mar 8, 2024 · b2ff3d9 · b2ff3d9
1 parent 06bfd7f
commit b2ff3d9
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 2 deletions.
diff --git a/moto/iam/models.py b/moto/iam/models.py
@@ -838,13 +838,15 @@ def physical_resource_id(self) -> str:
 
     @classmethod
     def has_cfn_attr(cls, attr: str) -> bool:
-        return attr in ["Arn"]
+        return attr in ["Arn", "RoleId"]
 
     def get_cfn_attribute(self, attribute_name: str) -> str:
         from moto.cloudformation.exceptions import UnformattedGetAttTemplateException
 
         if attribute_name == "Arn":
             return self.arn
+        if attribute_name == "RoleId":
+            return self.id
         raise UnformattedGetAttTemplateException()
 
     def get_tags(self) -> List[Dict[str, str]]:

diff --git a/tests/test_iam/test_iam_cloudformation.py b/tests/test_iam/test_iam_cloudformation.py
@@ -27,6 +27,13 @@
               - ec2.amazonaws.com
             Action:
               - 'sts:AssumeRole'
+Outputs:
+  RootRole:
+    Value: !Ref RootRole
+  RoleARN:
+    Value: {"Fn::GetAtt": ["RootRole", "Arn"]}
+  RoleID:
+    Value: {"Fn::GetAtt": ["RootRole", "RoleId"]}
 """
 
 
@@ -1417,8 +1424,16 @@ def test_iam_cloudformation_create_role():
     role = [res for res in resources if res["ResourceType"] == "AWS::IAM::Role"][0]
     assert role["LogicalResourceId"] == "RootRole"
 
+    outputs = cf_client.describe_stacks(StackName=stack_name)["Stacks"][0]["Outputs"]
+    outputs = {o["OutputKey"]: o["OutputValue"] for o in outputs}
+
     iam_client = boto3.client("iam", region_name="us-east-1")
-    assert len(iam_client.list_roles()["Roles"]) == 1
+    roles = iam_client.list_roles()["Roles"]
+    assert len(roles) == 1
+
+    assert roles[0]["RoleName"] == [v for k, v in outputs.items() if k == "RootRole"][0]
+    assert roles[0]["Arn"] == [v for k, v in outputs.items() if k == "RoleARN"][0]
+    assert roles[0]["RoleId"] == [v for k, v in outputs.items() if k == "RoleID"][0]
 
     cf_client.delete_stack(StackName=stack_name)