Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(aws-iam): policy document optimization #14714

Closed
wants to merge 2 commits into from

Conversation

andreialecu
Copy link
Contributor

This closes #14713


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@gitpod-io
Copy link

gitpod-io bot commented May 15, 2021

@github-actions github-actions bot added the @aws-cdk/aws-iam Related to AWS Identity and Access Management label May 15, 2021
@andreialecu
Copy link
Contributor Author

It appears that the test failure is related to a test that asserts a policy is added 3 times with different resources but same actions, but this PR optimizes it to only be added once with 3 resources assigned to it.

@andreialecu
Copy link
Contributor Author

Bump.

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
  • Commit ID: 7ec6e58
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@rix0rrr
Copy link
Contributor

rix0rrr commented Jun 4, 2021

Thanks for the work, but as I mentioned in the issue, we early on decided not to do work like this because if we get it wrong, potential non-obvious things might happen leading to security issues.

I know you'll say "this is so simple and obvious it's impossible to get wrong", but we thought the same and promptly the PR we submitted had a bug in it that would lead to unintended permission widening 😅.

I would recommend you try to vend functionality like this as an add-on to the CDK. We might consider integration something like this once it has a proven track record, but until then I'm a little wary of all solutions that do work in this area.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management
Projects
None yet
Development

Successfully merging this pull request may close these issues.

(aws-iam): policy document optimization
3 participants