Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for stack policies #570

Merged
merged 1 commit into from
Mar 21, 2018
Merged

Add support for stack policies #570

merged 1 commit into from
Mar 21, 2018

Conversation

ejholmes
Copy link
Contributor

@ejholmes ejholmes commented Mar 16, 2018
edited
Loading

Closes #112

This is something I've wanted for a long time. Stack policies are a great way to add an extra layer of protection around sensitive resources, like databases, VPC subnets, etc.

It's entirely possible to make use of stack policies outside of stacker (we have for some time now), but it ends up being pretty manual. It'd be great to be able to automate it with stacker.

russellballestrini
russellballestrini approved these changes Mar 16, 2018
View reviewed changes
Copy link
Member

@russellballestrini russellballestrini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice.

phobologic
phobologic approved these changes Mar 19, 2018
View reviewed changes
stacker/providers/aws/default.py Outdated
@@ -414,6 +415,12 @@ def generate_cloudformation_args(stack_name, parameters, tags, template,
else:
args["TemplateBody"] = template.body

if stack_policy:
if stack_policy.url:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this for future code, or am I misunderstanding? I don't see any mention of stack_policy.url in this PR.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, can you throw some a debug statement or two in this block? That way we can see if someone is using a stack policy with -v

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, just for the future, in case we ever support uploading to S3 first. I'll add some debug statements to this.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you throw a comment in there, just so that if someone sees this they aren't confused in the future?

@ejholmes ejholmes merged commit a76abe6 into master Mar 21, 2018
@ejholmes ejholmes deleted the stack-policies branch March 21, 2018 04:03
phrohdoh pushed a commit to phrohdoh/stacker that referenced this pull request Dec 18, 2018
@ejholmes
Merge pull request cloudtools#570 from remind101/stack-policies
bd7967a 
Add support for stack policies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phobologic phobologic phobologic approved these changes

@russellballestrini russellballestrini russellballestrini approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ejholmes @phobologic @russellballestrini