fix: aws function predefined role

platform/src/components/aws/function.ts

@@ -36,6 +36,7 @@ import {
 } from "@pulumi/aws";
 import { Permission, permission } from "./permission.js";
 import { Vpc } from "./vpc.js";
+import { parseIamRoleArn } from "./helpers/arn.js";
 import { buildPython, buildPythonContainer } from "../../runtime/python.js";
 import { Image } from "@pulumi/docker-build";
 import { rpc } from "../rpc/rpc.js";
@@ -1047,7 +1048,7 @@ export interface FunctionArgs {
  */
 export class Function extends Component implements Link.Linkable {
   private function: Output<lambda.Function>;
-  private role?: iam.Role;
+  private role: Output<iam.Role>;
   private logGroup: Output<cloudwatch.LogGroup | undefined>;
   private fnUrl: Output<lambda.FunctionUrl | undefined>;
   private missingSourcemap?: boolean;
@@ -1080,11 +1081,11 @@ export class Function extends Component implements Link.Linkable {
     const copyFiles = normalizeCopyFiles();
     const vpc = normalizeVpc();
 
+    const role = buildRole();
     const linkData = buildLinkData();
     const linkPermissions = buildLinkPermissions();
     const { bundle, handler: handler0 } = buildHandler();
     const { handler, wrapper } = buildHandlerWrapper();
-    const role = createRole();
     const { zipPath, image } = createBuildAsset();
 
     const bundleHash = calculateHash();
@@ -1337,6 +1338,16 @@ export class Function extends Component implements Link.Linkable {
       });
     }
 
+    function buildRole() {
+      return output(args.role).apply((role) => {
+        if (role) {
+          const roleName = parseIamRoleArn(role).roleName;
+          return iam.Role.get(`${name}Role`, roleName);
+        }
+        return createRole();
+      });
+    }
+
     function buildLinkData() {
       return output(args.link || []).apply((links) => Link.build(links));
     }
@@ -1512,8 +1523,6 @@ export class Function extends Component implements Link.Linkable {
     }
 
     function createRole() {
-      if (args.role) return;
-
       const policy = all([args.permissions || [], linkPermissions, dev]).apply(
         ([argsPermissions, linkPermissions, dev]) =>
           iam.getPolicyDocumentOutput({
@@ -1819,7 +1828,7 @@ export class Function extends Component implements Link.Linkable {
                 path.join($cli.paths.platform, "functions", "empty-function"),
               ),
               handler: unsecret(handler),
-              role: args.role ?? role!.arn,
+              role: role.arn,
               runtime,
               timeout: timeout.apply((timeout) => toSeconds(timeout)),
               memorySize: memory.apply((memory) => toMBs(memory)),
@@ -1922,18 +1931,11 @@ export class Function extends Component implements Link.Linkable {
    * The underlying [resources](/docs/components/#nodes) this component creates.
    */
   public get nodes() {
-    const self = this;
     return {
       /**
        * The IAM Role the function will use.
        */
-      get role() {
-        if (!self.role)
-          throw new Error(
-            `"nodes.role" is not available when a pre-existing role is used.`,
-          );
-        return self.role;
-      },
+      role: this.role,
       /**
        * The AWS Lambda function.
        */