AWS CDK: attach permissions to existing role

The great thing about AWS CDK is that it handles a lot of things under the hood for you. This includes IAM permissioning.

What if you need to extend the permissions of a service role that’s created by CDK for a resource that is in your CDK?

It’s simple.

Say you have a Lambda function,

const doSomethingLambda = new NodejsFunction(this, 'do-something-lambda', {
      memorySize: 1024,
      timeout: cdk.Duration.seconds(5),
      runtime: lambda.Runtime.NODEJS_14_X…