GitHub

(ec2:Vpc): VPC Flow Logs on Imported VPCs Create Unnecessary IAM Role with iam:PassRole ...

When creating a VPC Flow Log with an S3 destination on an imported VPC (using Vpc.fromVpcAttributes()), CDK automatically creates an IAM role even though VPC Flow Logs to S3 do not require an IAM role ...
GitHub

iam-role documentation is rubbish

The docs/UPGRADE-6.0.md document clearly states that multiple iam-*-role modules have been merged into a single iam-role sub module. But the first thing people see is ...