fix(redshift-alpha): use same role for database-query singleton function

packages/@aws-cdk/aws-redshift-alpha/lib/private/database-query.ts

@@ -64,6 +64,7 @@ export class DatabaseQuery<HandlerProps> extends Construct implements iam.IGrant
 
     const provider = new customresources.Provider(this, 'Provider', {
       onEventHandler: handler,
+      role: this.getProviderRole(handler),
     });
 
     const queryHandlerProps: DatabaseQueryHandlerProps & HandlerProps = {
@@ -116,4 +117,20 @@ export class DatabaseQuery<HandlerProps> extends Construct implements iam.IGrant
     }
     return adminUser;
   }
+
+  /**
+   * Get or create the IAM role for the singleton lambda function.
+   * We only need one function since it's just acting as a trigger.
+   * */
+  private getProviderRole(handler: lambda.SingletonFunction): iam.IRole {
+    const id = handler.constructName + 'ProviderRole';
+    const existing = cdk.Stack.of(this).node.tryFindChild(id);
+
+    return existing != null
+      ? existing as iam.Role
+      : new iam.Role(this, id, {
+        assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
+        managedPolicies: [iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AWSLambdaBasicExecutionRole')],
+      });
+  }
 }

packages/@aws-cdk/aws-redshift-alpha/test/integ.cluster-distkey.js.snapshot/aws-cdk-redshift-distkey-create.template.json

@@ -604,7 +604,7 @@
    "UpdateReplacePolicy": "Delete",
    "DeletionPolicy": "Delete"
   },
-  "TableProviderframeworkonEventServiceRoleC3128F67": {
+  "TableQueryRedshiftDatabase3de5bea727da479686625efb56431b5fProviderRole71E75E1A": {
    "Type": "AWS::IAM::Role",
    "Properties": {
     "AssumeRolePolicyDocument": {
@@ -637,7 +637,7 @@
    "UpdateReplacePolicy": "Delete",
    "DeletionPolicy": "Delete"
   },
-  "TableProviderframeworkonEventServiceRoleDefaultPolicyAD08715D": {
+  "TableQueryRedshiftDatabase3de5bea727da479686625efb56431b5fProviderRoleDefaultPolicyBBFA0AEC": {
    "Type": "AWS::IAM::Policy",
    "Properties": {
     "PolicyDocument": {
@@ -671,10 +671,10 @@
      ],
      "Version": "2012-10-17"
     },
-    "PolicyName": "TableProviderframeworkonEventServiceRoleDefaultPolicyAD08715D",
+    "PolicyName": "TableQueryRedshiftDatabase3de5bea727da479686625efb56431b5fProviderRoleDefaultPolicyBBFA0AEC",
     "Roles": [
      {
-      "Ref": "TableProviderframeworkonEventServiceRoleC3128F67"
+      "Ref": "TableQueryRedshiftDatabase3de5bea727da479686625efb56431b5fProviderRole71E75E1A"
      }
     ]
    },
@@ -704,7 +704,7 @@
     "Handler": "framework.onEvent",
     "Role": {
      "Fn::GetAtt": [
-      "TableProviderframeworkonEventServiceRoleC3128F67",
+      "TableQueryRedshiftDatabase3de5bea727da479686625efb56431b5fProviderRole71E75E1A",
       "Arn"
      ]
     },
@@ -720,8 +720,8 @@
     "Timeout": 900
    },
    "DependsOn": [
-    "TableProviderframeworkonEventServiceRoleDefaultPolicyAD08715D",
-    "TableProviderframeworkonEventServiceRoleC3128F67"
+    "TableQueryRedshiftDatabase3de5bea727da479686625efb56431b5fProviderRoleDefaultPolicyBBFA0AEC",
+    "TableQueryRedshiftDatabase3de5bea727da479686625efb56431b5fProviderRole71E75E1A"
    ],
    "UpdateReplacePolicy": "Delete",
    "DeletionPolicy": "Delete"

packages/@aws-cdk/aws-redshift-alpha/test/integ.cluster-distkey.js.snapshot/aws-cdk-redshift-distkey-update.template.json

@@ -604,7 +604,7 @@
    "UpdateReplacePolicy": "Delete",
    "DeletionPolicy": "Delete"
   },
-  "TableProviderframeworkonEventServiceRoleC3128F67": {
+  "TableQueryRedshiftDatabase3de5bea727da479686625efb56431b5fProviderRole71E75E1A": {
    "Type": "AWS::IAM::Role",
    "Properties": {
     "AssumeRolePolicyDocument": {
@@ -637,7 +637,7 @@
    "UpdateReplacePolicy": "Delete",
    "DeletionPolicy": "Delete"
   },
-  "TableProviderframeworkonEventServiceRoleDefaultPolicyAD08715D": {
+  "TableQueryRedshiftDatabase3de5bea727da479686625efb56431b5fProviderRoleDefaultPolicyBBFA0AEC": {
    "Type": "AWS::IAM::Policy",
    "Properties": {
     "PolicyDocument": {
@@ -671,10 +671,10 @@
      ],
      "Version": "2012-10-17"
     },
-    "PolicyName": "TableProviderframeworkonEventServiceRoleDefaultPolicyAD08715D",
+    "PolicyName": "TableQueryRedshiftDatabase3de5bea727da479686625efb56431b5fProviderRoleDefaultPolicyBBFA0AEC",
     "Roles": [
      {
-      "Ref": "TableProviderframeworkonEventServiceRoleC3128F67"
+      "Ref": "TableQueryRedshiftDatabase3de5bea727da479686625efb56431b5fProviderRole71E75E1A"
      }
     ]
    },
@@ -704,7 +704,7 @@
     "Handler": "framework.onEvent",
     "Role": {
      "Fn::GetAtt": [
-      "TableProviderframeworkonEventServiceRoleC3128F67",
+      "TableQueryRedshiftDatabase3de5bea727da479686625efb56431b5fProviderRole71E75E1A",
       "Arn"
      ]
     },
@@ -720,8 +720,8 @@
     "Timeout": 900
    },
    "DependsOn": [
-    "TableProviderframeworkonEventServiceRoleDefaultPolicyAD08715D",
-    "TableProviderframeworkonEventServiceRoleC3128F67"
+    "TableQueryRedshiftDatabase3de5bea727da479686625efb56431b5fProviderRoleDefaultPolicyBBFA0AEC",
+    "TableQueryRedshiftDatabase3de5bea727da479686625efb56431b5fProviderRole71E75E1A"
    ],
    "UpdateReplacePolicy": "Delete",
    "DeletionPolicy": "Delete"