Some time we've changed the way we authenticate into AWS accounts. The unseen consequence of "permission boundary explicit deny".
Usually, when you create a resource, the API will generate an ID for that thing before saving it. Or even database might do it for you. There is a different way, and you might like it.