Check if Service Linked Role Already Exists

[andreprawira]

We have a CDK project with several stacks, one of them is going to deploy OpenSearch and it needs "AWSServiceRoleForAmazonOpenSearchService" to exists before the actual resource being deployed.
We deploy this project to many fresh accounts and as a multi region deployment (active active in us-east-1 and ap-northeast-2). Below is our code

if region == "us-east-1":
            slr = iam.CfnServiceLinkedRole(
                self,
                f"{props.customer}-{region}-Service Linked Role",
                aws_service_name="es.amazonaws.com",
            )

domain = opensearchservice.Domain(...)

So far this code works, but in the future we might be deploying it in regions that are not us-east-1 or ap-northeast-2 and this will break our code, or if the stack deployment is ap-northeast-2 first then us-east-1, this will also break the logic because the role will only be deployed us-east-1 but the stack will deploy OS domain in ap-northeast-2.

The best logic is not to check based on the region, but based on role's existance

// pseudocode below
    if slr.alreadyExists
       continue
    else
       create slr role

However, i dont see this mentioned in AWS CDK docs or other posts, is it possible, or is there another alternative method that will work?

[tobi2736]

This is not mentioned in the AWS CDK documentation as it's not a native component of the CDK or AWS.

upsert-slr is a 3rd party construct of the AWS CDK.
These constructs are easy to use and extend the functionality of the CDK: They are reusable and save you time.

Since upsert-slr is MIT and publicly available (https://github.com/tmokmss/upsert-slr/), you could take the code from there and implement this logic yourself - no sense in that - but then you have the same logic and no external dependencies.