feat(pipelines): pass role to s3 source action (aws#20576)

Fixes aws#20556 

Implements the role property for the `S3Source`, which is being passed down to the underlying `S3SourceAction`.

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: daschaa

packages/@aws-cdk/pipelines/lib/codepipeline/codepipeline-source.ts

@@ -291,6 +291,14 @@ export interface S3SourceOptions {
    * @default - The bucket name
    */
   readonly actionName?: string;
+
+  /**
+   * The role that will be assumed by the pipeline prior to executing
+   * the `S3Source` action.
+   *
+   * @default - a new role will be generated
+   */
+  readonly role?: iam.IRole;
 }
 
 class S3Source extends CodePipelineSource {
@@ -309,6 +317,7 @@ class S3Source extends CodePipelineSource {
       bucketKey: this.objectKey,
       trigger: this.props.trigger,
       bucket: this.bucket,
+      role: this.props.role,
       variablesNamespace,
     });
   }

packages/@aws-cdk/pipelines/test/codepipeline/codepipeline-sources.test.ts

@@ -255,3 +255,36 @@ test('can use source attributes in pipeline', () => {
     ],
   });
 });
+
+test('pass role to s3 codepipeline source', () => {
+  const bucket = new s3.Bucket(pipelineStack, 'Bucket');
+  const role = new Role(pipelineStack, 'TestRole', {
+    assumedBy: new AnyPrincipal(),
+  });
+  new ModernTestGitHubNpmPipeline(pipelineStack, 'Pipeline', {
+    input: cdkp.CodePipelineSource.s3(bucket, 'thefile.zip', {
+      role,
+    }),
+  });
+
+  Template.fromStack(pipelineStack).hasResourceProperties('AWS::CodePipeline::Pipeline', {
+    Stages: Match.arrayWith([{
+      Name: 'Source',
+      Actions: [
+        Match.objectLike({
+          Configuration: Match.objectLike({
+            S3Bucket: { Ref: Match.anyValue() },
+            S3ObjectKey: 'thefile.zip',
+          }),
+          Name: { Ref: Match.anyValue() },
+          RoleArn: {
+            'Fn::GetAtt': [
+              Match.stringLikeRegexp('TestRole.*'),
+              'Arn',
+            ],
+          },
+        }),
+      ],
+    }]),
+  });
+});