[codepipeline] Issues with default created roles for actions

Reproduction Steps

I have set a role to a pipeline with multiple actions :

    const Codepipeline = new codepipeline.Pipeline(this, 'Codepipeline', {
      role: IamRoleCodepipeline,
      stages: [
        {
          stageName: 'DEV',
          actions: [
            new codepipeline_actions.ManualApprovalAction({
              actionName: 'Deploy-Validation',
              notificationTopic: SnsTopicCodepipeline,
              runOrder: 1
            }),

In that case, CDK create additional roles for each actions (useless because permissions are in the “main” role defined at the beginning). Ok, it’s interesting to give the selected permissions for each actions, a best practice.

But in that case I have an error at this CodePipeline stage when executing it : The provided role cannot be assumed: 'Access denied when attempting to assume the role 'arn:aws:iam::123456789:role/pipeline-ecs-CodepipelineDEVD-1P2J04U72KI7H''

And indeed, in Trusted entities of the “default role” created on our behalf, I have the Account ID where CodePipeline is deployed; and no access for Codepipeline Service !

So, to prevent that, I have to set the prop role: IamRoleCodepipeline, for each actions to get it works.

What did you expect to happen?

If we set/create and attach a role to CodePipeline, no need te create “default” roles on our behalf. That role must have the priority (it’s the case when using/creating via CloudFormation).

Maybe add a prop (boolean) to create a default role on each actions needed if wanted ?

What actually happened?

Actually, I have plenty of role created by default for each actions, useless in my case. I just want to set 1 role for Codepipeline and set some other when, for example, I need to set a Role created on another account to STS on it.

Environment

• **CLI Version :CDK 1.60.0
• **Framework Version:6.14.8
• **Node.js Version:v12.15.0
• **OS :Linux
• **Language (Version):*TypeScript *

Other

This is 🐛 Bug Report