Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(codepipeline): generate a Role for every AWS-owned Action used in a Pipeline #3105

Merged
merged 1 commit into from
Jun 28, 2019
Merged

feat(codepipeline): generate a Role for every AWS-owned Action used in a Pipeline #3105

merged 1 commit into from
Jun 28, 2019

Conversation

skinny85
Copy link
Contributor

@skinny85 skinny85 commented Jun 27, 2019
edited
Loading

Instead of granting permissions to the Pipeline's Role,
which results in a Policy with a very wide range of permissions,
generate a separate Role for each AWS-owned Action added to the Pipeline.
The Pipeline Role will assume each Action-specific Role
(permissions are granted for that automatically)
before the Action is executed.

Also allow customers to override that default behavior by specifying their own Role for AWS-owned Actions.

While testing this change, I realized most of our Actions were generating an incomplete set of permissions to the Pipeline's artifact Bucket
(which was missed because the Actions previously executed in the context of the Pipeline Role,
which naturally has read-write permissions to that Bucket).
Corrected that as well.

Please read the contribution guidelines and follow the pull-request checklist.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@skinny85 skinny85 requested a review from rix0rrr June 27, 2019 17:14
@skinny85 skinny85 requested review from RomainMuller and a team as code owners June 27, 2019 17:14
@skinny85 skinny85 force-pushed the feature/role-per-pipeline-action branch from f5388eb to e4a89f4 Compare June 28, 2019 16:35
@skinny85
Copy link
Contributor Author

Rebased to make 100% sure the build passes (there are a lot of integ test changes here).

@skinny85 skinny85 merged commit 921dcc9 into aws:master Jun 28, 2019
@skinny85 skinny85 deleted the feature/role-per-pipeline-action branch June 28, 2019 17:47
@joshrp joshrp mentioned this pull request Jul 2, 2019
Closed
5 tasks
This was referenced Aug 22, 2019
Open
Open
Open
Open
Open
@NGL321 NGL321 added the contribution/core This is a PR that came from AWS. label Sep 27, 2019
This was referenced Dec 12, 2019
Closed
Closed
Closed
Merged
Closed
Open
Open
Open
Open
Open
Open
Open
Open
@snyk-bot snyk-bot mentioned this pull request Jan 20, 2020
Closed
@snyk-bot snyk-bot mentioned this pull request Jan 20, 2020
Closed
This was referenced Sep 24, 2024
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
@NOUIY NOUIY mentioned this pull request Oct 2, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rix0rrr rix0rrr rix0rrr approved these changes

@RomainMuller RomainMuller Awaiting requested review from RomainMuller

Assignees
No one assigned
Labels
contribution/core This is a PR that came from AWS.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@skinny85 @rix0rrr @NGL321