fix: cloudformation service principal is invalid (#99)

original was just 'cloudformation', which is not a valid service principal. Changed to 'cloudformation.amazonaws.com', which is cloudformation's service principal. reference: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html closes #61
cdklabs · May 4, 2023 · 2940378 · 2940378
1 parent f73cd15
commit 2940378
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/stackset.ts b/src/stackset.ts
@@ -616,7 +616,7 @@ export class StackSet extends Resource implements IStackSet {
     const deploymentTypeConfig = (props.deploymentType ?? DeploymentType.selfManaged())._bind(this);
     if (deploymentTypeConfig.permissionsModel === PermissionModel.SELF_MANAGED) {
       this._role = deploymentTypeConfig.adminRole ?? new iam.Role(scope, 'AdminRole', {
-        assumedBy: new iam.ServicePrincipal('cloudformation'),
+        assumedBy: new iam.ServicePrincipal('cloudformation.amazonaws.com'),
       });
 
       this._role.addToPrincipalPolicy(new iam.PolicyStatement({