fix: make eventual-cli role region-specific (#365)

Author: sam

packages/@eventual/aws-cdk/src/service.ts

@@ -271,7 +271,7 @@ export class Service<S = any> extends Construct {
     const eventualServiceScope = new Construct(systemScope, "EventualService");
 
     const accessRole = new Role(eventualServiceScope, "AccessRole", {
-      roleName: `eventual-cli-${this.serviceName}`,
+      roleName: `eventual-cli-${this.serviceName}-${Stack.of(this).region}`,
       assumedBy: new AccountRootPrincipal(),
     });
 

packages/@eventual/cli/src/role.ts

@@ -7,7 +7,7 @@ export async function assumeCliRole(
 ): Promise<AwsCredentialIdentity> {
   const stsClient = new sts.STSClient({ region });
   const identity = await stsClient.send(new sts.GetCallerIdentityCommand({}));
-  const roleArn = `arn:aws:iam::${identity.Account}:role/eventual-cli-${service}`;
+  const roleArn = `arn:aws:iam::${identity.Account}:role/eventual-cli-${service}-${region}`;
   const { Credentials } = await stsClient.send(
     new sts.AssumeRoleCommand({
       RoleArn: roleArn,