Extract an existing AWS IAM role for use in a CloudFormation template.

Edit: It has been a while since I wrote this article. Since then I have mostly converted over to using Golang instead of NodeJS. So I re-wrote this utility to do a little better job at extraction. The original failed to enumerate and script out the inline policies and the managed policies. This version should work better.

So you are probably reading this because you have some existing IAM roles that you would like to model a new IAM role after or you are now trying to retrofit that IAM role in a CloudFormation template (or AWS SAM Template). I have needed to do this many times and finally wrote a tiny utility to make it easier.

Note that you can use ManagedPolicyArns if your organization has a bunch of existing policies setup to make your IAM roles a bit more generalized. However it can get sketchy if your policies are not named exactly the same across multiple AWS accounts. For that reason I prefer to define the roles needed for a specific CloudFormation Stack so the the code deployment is modular and compartmentalized. The stack is not dependent on some existing role that could change out from under you.