Describe the bug

When trying to create a bedrock agent via CDK we get the following error. (Most of the time)
Resource handler returned message: "Access denied for operation 'AWS::Bedrock::Agent'."

Log in cloudtrail said that Agent role doesn't have permission to call inference profile
Even though the role i created did have permission to invoke foundation model and inference profile.

After a lot of debugging found that Agent is being created as soon as the role is created. There is no waiting for policy to be attached to the role. So Agent creation fails.
But occasionally, Role is created with the policy and then the Agent creation is triggered and in this case Agent creation works as expected. Looks like there is a race condition happening here.

For now ive used a work around to just give inline policy while creating role.
But role.addPolicy(...) this doesn't work, this is creating race condition.

Code before
role.addToPolicy(...)
Code after (working with no race condition)
new Role(..., {inlinePolices...})

Regression Issue

• Select this option if this issue appears to be a regression.

Last Known Working CDK Library Version

No response

Expected Behavior

role.addToPolicy(...)
new Role(..., {inlinePolices...})
both of these syntax should be okay with Agent creation via CDK.

Current Behavior

Only new Role(..., {inlinePolices...}) syntax works reliably for creating agent with that role.

Reproduction Steps

described earlier.

Possible Solution

Mentioned earlier.

Additional Information/Context

No response

AWS CDK Library version (aws-cdk-lib)

^2.162.1

AWS CDK CLI version

2.1021.0

Node.js Version

22

OS

MacOS

Language

TypeScript

Language Version

No response

Other information

No response