-
Notifications
You must be signed in to change notification settings - Fork 825
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define IAM Permissions Boundary for Project #7144
Conversation
…tem-config-manager.js (aws-amplify#7053)
This pull request introduces 2 alerts when merging 838f7dc into c8069bd - view on LGTM.com new alerts:
|
Codecov Report
@@ Coverage Diff @@
## master #7144 +/- ##
==========================================
+ Coverage 52.72% 52.83% +0.11%
==========================================
Files 513 517 +4
Lines 25914 26038 +124
Branches 5058 5086 +28
==========================================
+ Hits 13662 13758 +96
- Misses 11286 11319 +33
+ Partials 966 961 -5
Continue to review full report at Codecov.
|
This pull request introduces 2 alerts when merging f5fa7e2 into afbaa08 - view on LGTM.com new alerts:
|
packages/amplify-provider-awscloudformation/src/permission-boundary/permission-boundary.ts
Outdated
Show resolved
Hide resolved
packages/amplify-provider-awscloudformation/src/permission-boundary/permission-boundary.ts
Outdated
Show resolved
Hide resolved
import { ResourceModifier } from '../pre-push-cfn-modifier'; | ||
|
||
export const iamRolePermissionBoundaryModifier: ResourceModifier<Role> = async resource => { | ||
if (resource?.Properties?.PermissionsBoundary) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we also check for type here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the transformer isn't meant to be a CFN validator. In valid CFN it can only be a string so at this point I think we can assume if it exists at all we should leave it alone
This pull request introduces 1 alert when merging 9ff685b into abb64f6 - view on LGTM.com new alerts:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚢 after changing global variable to module scoped one
This pull request introduces 1 alert when merging ccfd139 into d28dd1c - view on LGTM.com new alerts:
|
This pull request introduces 1 alert when merging d0ad684 into 572ddbd - view on LGTM.com new alerts:
|
👋 Hi, this pull request was referenced in the v5.0.0 release! Check out the release notes here https://github.com/aws-amplify/amplify-cli/releases/tag/v5.0.0. |
…ws-amplify#7144) Adds a new advanced project configuration option to specify a permissions boundary that will be applied to all IAM roles in the project. This is broken into 3 components: 1. add a permissions boundary state manager to amplify-cli-core 2. add a prompt to amplify configure project that writes the boundary to the state manager 3. adds a permissions boundary template modifier to the pre-push cloudformation transformer that reads the value from the state manager and applies it to cfn templates
…roject (aws-amplify#7144)" (aws-amplify#7453) This reverts commit acf031b.
Description of changes
Adds a new advanced project configuration option to specify a permissions boundary that will be applied to all IAM roles in the project. This is broken into 3 components:
amplify-cli-core
amplify configure project
that writes the boundary to the state managerIssue #, if available
#4618
Description of how you validated changes
Manually validated as well as unit tested and e2e tested
Checklist
yarn test
passesadd permission boundary docs docs#3157
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.