[Resolves Sceptre#1107] Documenting the iam_role config (Sceptre#1108)

This adds documentation for the iam_role configuration to the StackGroup docs page, which was described as needed in Sceptre#1107
alex-harvey-z3q · Sep 27, 2021 · a4b6af7 · a4b6af7
1 parent 5b8fa9d
commit a4b6af7
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/docs/_source/docs/stack_config.rst b/docs/_source/docs/stack_config.rst
@@ -20,6 +20,7 @@ particular Stack. The available keys are listed below.
 -  `parameters`_ *(optional)*
 -  `protected`_ *(optional)*
 -  `role_arn`_ *(optional)*
+-  `iam_role`_ *(optional)*
 -  `sceptre_user_data`_ *(optional)*
 -  `stack_name`_ *(optional)*
 -  `stack_tags`_ *(optional)*
@@ -179,6 +180,28 @@ role_arn
 The ARN of a `CloudFormation Service Role`_ that is assumed by CloudFormation
 to create, update or delete resources.
 
+iam_role
+~~~~~~~~
+
+This is the IAM Role ARN that **Sceptre** should *assume* using AWS STS when executing any actions
+on the Stack.
+
+This is different from the ``role_arn`` option, which sets a CloudFormation service role for the
+stack. The ``iam_role`` configuration does not configure anything on the stack itself.
+
+This is also different from the ``profile`` StackGroup configuration, though there are similarities.
+``profile`` references the name of a locally-defined profile configured using the AWS CLI. This is
+the *"user"* that Sceptre is operating as. However, `iam_role` is a defined role ARN (typically one
+with elevated permissions the user doesn't otherwise have access to) that the user will assume in
+order to execute the actions on a specific stack group.
+
+Using ``iam_role`` can be useful if the user or system executing Sceptre needs an alternative
+permissions set to perform the required actions on that stack, such as might be the case with a
+CI/CD system like Jenkins.
+
+In order to use this argument, however, the role needs to have an AssumeRolePolicyDocument that
+permits the user to assume that role.
+
 sceptre_user_data
 ~~~~~~~~~~~~~~~~~
 

diff --git a/docs/_source/docs/stack_group_config.rst b/docs/_source/docs/stack_group_config.rst
@@ -99,7 +99,6 @@ require_version
 A `PEP 440`_ compatible version specifier. If the Sceptre version does not fall
 within the given version requirement it will abort.
 
-
 .. _stack_group_config_cascading_config:
 
 Cascading Config