Skip to content

Commit

Permalink
fix(appsync): fully qualify service principal
Browse files Browse the repository at this point in the history 
In #22819, a feature flag was added to use standardized service
principal names instead of using a database lookup. This reference
wasn't updated which causes failures in new CDK applications that try
to create AppSync resources. This change passes the fully qualified
service principal when creating a service role for a new data source.

fixes #23035
  • Loading branch information
@jpignata
jpignata committed Nov 23, 2022
1 parent 6f4dcfd commit b2fb4d0
Show file tree
Hide file tree
Showing 17 changed files with 25 additions and 23 deletions.
4 changes: 3 additions & 1 deletion packages/@aws-cdk/aws-appsync/lib/data-source.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,9 @@ export abstract class BaseDataSource extends Construct {
super(scope, id);

if (extended.type !== 'NONE') {
this.serviceRole = props.serviceRole || new Role(this, 'ServiceRole', { assumedBy: new ServicePrincipal('appsync') });
this.serviceRole = props.serviceRole || new Role(this, 'ServiceRole', {
assumedBy: new ServicePrincipal('appsync.amazonaws.com'),
});
}
// Replace unsupported characters from DataSource name. The only allowed pattern is: {[_A-Za-z][_0-9A-Za-z]*}
const name = (props.name ?? id);
Expand Down
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-appsync/test/integ.api-import.js.snapshot/stack.template.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync.amazonaws.com"
"Service": "appsync"
}
}
],
Expand Down
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-appsync/test/integ.api-import.js.snapshot/tree.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync.amazonaws.com"
"Service": "appsync"
}
}
],
Expand Down
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-appsync/test/integ.appsync-lambda.js.snapshot/stack.template.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync.amazonaws.com"
"Service": "appsync"
}
}
],
Expand Down
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-appsync/test/integ.appsync-lambda.js.snapshot/tree.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync.amazonaws.com"
"Service": "appsync"
}
}
],
Expand Down
2 changes: 1 addition & 1 deletion ...s/@aws-cdk/aws-appsync/test/integ.auth-apikey.js.snapshot/aws-appsync-integ.template.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-appsync/test/integ.auth-apikey.js.snapshot/tree.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down
2 changes: 1 addition & 1 deletion ...-appsync/test/integ.graphql-elasticsearch.js.snapshot/appsync-elasticsearch.template.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-appsync/test/integ.graphql-elasticsearch.js.snapshot/tree.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down
2 changes: 1 addition & 1 deletion ...s/@aws-cdk/aws-appsync/test/integ.graphql-iam.js.snapshot/aws-appsync-integ.template.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-appsync/test/integ.graphql-iam.js.snapshot/tree.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down
2 changes: 1 addition & 1 deletion ...dk/aws-appsync/test/integ.graphql-opensearch.js.snapshot/appsync-opensearch.template.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-appsync/test/integ.graphql-opensearch.js.snapshot/tree.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down
2 changes: 1 addition & 1 deletion ...aws-cdk/aws-appsync/test/integ.graphql-schema.js.snapshot/code-first-schema.template.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-appsync/test/integ.graphql-schema.js.snapshot/tree.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down
8 changes: 4 additions & 4 deletions packages/@aws-cdk/aws-appsync/test/integ.graphql.js.snapshot/aws-appsync-integ.template.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down Expand Up @@ -420,7 +420,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down Expand Up @@ -1233,7 +1233,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down Expand Up @@ -1396,7 +1396,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down
8 changes: 4 additions & 4 deletions packages/@aws-cdk/aws-appsync/test/integ.graphql.js.snapshot/tree.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down Expand Up @@ -714,7 +714,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down Expand Up @@ -2057,7 +2057,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down Expand Up @@ -2316,7 +2316,7 @@
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
"Service": "appsync.amazonaws.com"
}
}
],
Expand Down

0 comments on commit b2fb4d0

Please sign in to comment.