fix: use managedpolicies and slice them, fixes: #2703 #2883
Conversation
|
This pull request fixes 2 alerts when merging 2db05b3 into 4a97971 - view on LGTM.com fixed alerts:
|
Codecov Report
@@ Coverage Diff @@
## master #2883 +/- ##
=========================================
Coverage ? 59.82%
=========================================
Files ? 217
Lines ? 11048
Branches ? 2139
=========================================
Hits ? 6609
Misses ? 4141
Partials ? 298
Continue to review full report at Codecov.
|
| // 6144 bytes is the maximum policy payload size, but there is structural overhead, hence the 6000 bytes | ||
| const MAX_BUILT_SIZE_BYTES = 6000; | ||
| // The overhead is the amount of static policy arn contents like region, accountid, etc. | ||
| const RESOURCE_OVERHEAD = 90; |
There was a problem hiding this comment.
can you add the math how we came up with the size
|
This pull request has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs. Looking for a help forum? We recommend joining the Amplify Community Discord server |
Issue #, if available:
fixed: #2703
Description of changes:
Use managed policies instead of policies for GraphQL API policy generation for auth and unauth roles. Also take into account the policy size and create multiple policies of needed. This means that 6144 bytes long can be 1 policy and 10 Managed Policies can be attached to a single role and that 10 can be raised to 20 by AWS Support, which raises the maximum policy size to ~120kb, which is 10 times the currently supported size.
This PR does not solve the policy size issue for API Gateway (#2084), but since sizes are adding up, perhaps customers can be unblocked by this change.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.