(ec2-alpha): Expose `VpcPeeringRole` role name

[moltar]

Describe the feature

createAcceptorVpcRole is a method that creates the role, but then the requester needs the same role to be specified via peerRoleArn.

This then introduces a "magic string" anti-pattern.

Use Case

To avoid magic strings.

Proposed Solution

Would be great to either have the role name available via some const, or even better have another method:

createRequestorPeerRole: IRole

And then createPeeringConnection would accept peerRole, instead of peerRoleArn.

Example:

requestorVpc.createPeeringConnection("Peering", {
  acceptorVpc,
  peerRole: requestorVpc.createRequestorPeerRole(awsAccount: string)
});

Other Information

aws-cdk/packages/@aws-cdk/aws-ec2-alpha/lib/vpc-v2-base.ts

Lines 624 to 628 in 31bf1bf

	const peeringRole = new Role(this, 'VpcPeeringRole', {
	assumedBy: new AccountPrincipal(requestorAccountId),
	roleName: 'VpcPeeringRole',
	description: 'Restrictive role for VPC peering',
	});

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

AWS CDK Library version (aws-cdk-lib)

N/A

AWS CDK CLI version

N/A

Environment details (OS name and version, etc.)

N/A

[pahud]

Hi @moltar,

You are right. We should not have peerRoleArn?: string in the interface but peerRole?: IRole is the established pattern and preferred.

Given this is an alpha module I think we should simply make it right and BC should be accepted.

We'll need a PR to make it right.

[moltar]

But in addition to make it the interface right, also somehow provide the hard-coded role name.

[pahud]

@moltar PR is almost ready.
Feel free to review and comment in #35606