Ability to generate role names without cruft appended.

[garretwilson]

If I specify a AWS::Serverless::Function with resource ID of MyFunction, by default with create a function named something like my-stack-name-MyFunction-xX1xX2xX3xX4, with some stuff added to the end. Fortunately I found FunctionName, which allows me to specify the function name to e.g. !Sub "${AWS::StackName}-myFunciton", and SAM honors my request.

Unfortunately let's say I specify a policy:

      Policies:
        - EventBridgePutEventsPolicy:
          …

SAM will create a AWS::IAM::Role for me. Unfortunately the name will look something like my-stack-na-MyFunctionRole-X1X2X3X4X5X6X. There's that cruft again that I don't want. Even worse, because of AWS role name limitations, to get the cruft appended SAM had to truncate my-stack-name-… to my-stack-na-…. (Note that this particular example doesn't actually reach the limit of AWS role name lengths; I used a shorter name to make it easier to read. But what I described does happen when the stack name and function names together are longer than in this example.)

I have already guaranteed that a combination of the stack name and the function name are unique in my region, and in fact across my account. There is no need for the extra junk on the end, especially since it corrupts the prefix of the role name. You may think I'm being picky, but there's enough resources flying around already on even a simple AWS deployment, and the last thing I need is to be bombarded with random strings to slow down my scanning. Plus yes, I'm picky about keeping a tidy, clean deployment.

I understand that if I abandon SAM and use pure CloudFormation, I could choose exactly the role name I want. If enough issues accumulate (e.g. #3264), that may be what I'll need to do.

[hawflau]

Seems to be a SAM Transform issue. Transferring to the right repo