IAM role reuse not working

[mathiasbc]

In my organization my user does not have permission to create IAM roles. I had that permission for a couple of minutes and I was able to create the needed role for my zappa application and it worked correctly. However Zappa wasn't able to reuse that previously created role on future deployments. Complaining:

Creating LambdaPreview IAM Role... An error occurred (AccessDenied) when calling the CreateRole operation: User: arn:aws:iam::<my_arn>:user/<my_user> is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::<my_arn>:role/LambdaPreview

[Miserlou]

Dang. There needs to be a more graceful way of handling this.

Zappa is currently way too aggressive about creating new Roles. If I remember correctly, it creates them if the IAM role isn't exactly the same as the local one, even if they are functionally equivalent.

This may have been solved by a new (but unpublished) feature added by @puhitaku - does this help you? #201

[Miserlou]

So now you can set "manage_roles": false along with the role_name setting to use a pre-defined role, and Zappa won't try to update it. Does that satisfy?