fix(codedeploy): LambdaDeploymentGroup now takes IRole

[rix0rrr]

Change the arguments of LambdaDeploymentGroup to take interfaces
wherever possible.

Fixes #1833.

BREAKING CHANGE: If an existing role is provided to a LambdaDeploymentGroup,
you will need to provide the assuming service principal (codedeploy.amazonaws.com)
yourself.

---

Pull Request Checklist

• Testing
  • Unit test added (prefer not to modify an existing test, otherwise, it's probably a breaking change)
  • CLI change?: coordinate update of integration tests with team
  • cdk-init template change?: coordinated update of integration tests with team
• Docs
  • jsdocs: All public APIs documented
  • README: README and/or documentation topic updated
• Title and Description
  • Change type: title prefixed with fix, feat will appear in changelog
  • Title: use lower-case and doesn't end with a period
  • Breaking?: last paragraph: "BREAKING CHANGE: <describe what changed + link for details>"
  • Issues: Indicate issues fixed via: "Fixes #xxx" or "Closes #xxx"
• Sensitive Modules (requires 2 PR approvers)
  • IAM Policy Document (in @aws-cdk/aws-iam)
  • EC2 Security Groups and ACLs (in @aws-cdk/aws-ec2)
  • Grant APIs (only if not based on official documentation with a reference)

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.

[skinny85]

cc @sam-goodwin

[RomainMuller]

This part of the behavior is not retained by the new code. That constitutes a breaking change.

Either it needs to be restored (if props.role is set, then make the role assumable by code deploy.amazonaws.com), or the breaking change needs to be mentioned.

[rix0rrr]

You are right.

I removed it because this doesn't match our behavior anywhere else where we do BOYR, but it does constitute a breaking change. And the build is probably failing because there's a test asserting that we DO do this :).