Would it be possible to specify the CFN Execution Role?

[roskelleycj]

The current GithubWorkflow design assumes that the CFN Execution Role that was defined in the CDK Bootstrap will be assumed during the Deployment. However, this is quite problematic for organizations that desire to use CDK AND not grant ALL CDK apps the exact same permissions. E.g., AdministratorAccess is just to much power to be granted. In fact this is one of the reasons that the CDK deploy allows the CFN Execution Role to be specified. See the --role-arn option for cdk deploy.

Could this be addressed in the GithubWorkflow design?

Or perhaps I've misunderstood the current design? Or missed the option where this could be specified?

[kaizencc]

This isn't a use case I've considered either, but I'm not certain exactly what the path forward is here.

Could this be addressed in the GitHubWorkflow design? Probably, through exposing a property. But I confess that I'm not at all familiar with the --role-arn option and am going to need to dive in a little deeper before I understand the use case you'd like me to address.

Stay tuned, I'll update.