Skip to content

Commit

Permalink
feat(iam): Adding managedPolicyName to IManagedPolicy
Browse files Browse the repository at this point in the history
  • Loading branch information
@jerry-shao
jerry-shao committed Apr 6, 2024
1 parent bf2cf51 commit a1e105e
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 17 deletions.
20 changes: 5 additions & 15 deletions ...ework-integ/test/aws-codepipeline-actions/test/integ.pipeline-elastic-beanstalk-deploy.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,28 +45,18 @@ const serviceRole = new iam.Role(stack, 'service-role', {
roleName: 'codepipeline-elasticbeanstalk-action-test-serivce-role',
assumedBy: new iam.ServicePrincipal('elasticbeanstalk.amazonaws.com'),
managedPolicies: [
{
managedPolicyArn: 'arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth',
},
{
managedPolicyArn: 'arn:aws:iam::aws:policy/AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy',
},
iam.ManagedPolicy.fromAwsManagedPolicyName('AWSElasticBeanstalkEnhancedHealth'),
iam.ManagedPolicy.fromAwsManagedPolicyName('AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy'),
],
});

const instanceProfileRole = new iam.Role(stack, 'instance-profile-role', {
roleName: 'codepipeline-elasticbeanstalk-action-test-instance-profile-role',
assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'),
managedPolicies: [
{
managedPolicyArn: 'arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier',
},
{
managedPolicyArn: 'arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker',
},
{
managedPolicyArn: 'arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier',
},
iam.ManagedPolicy.fromAwsManagedPolicyName('AWSElasticBeanstalkWebTier'),
iam.ManagedPolicy.fromAwsManagedPolicyName('AWSElasticBeanstalkMulticontainerDocker'),
iam.ManagedPolicy.fromAwsManagedPolicyName('AWSElasticBeanstalkWorkerTier'),
],
});

Expand Down
4 changes: 2 additions & 2 deletions packages/aws-cdk-lib/aws-codepipeline-actions/lib/elastic-beanstalk/deploy-action.ts
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import { Construct } from 'constructs';
import * as codepipeline from '../../../aws-codepipeline';
import { Aws } from '../../../core';
import { ManagedPolicy } from '../../../aws-iam';
import { Action } from '../action';
import { deployArtifactBounds } from '../common';

Expand Down Expand Up @@ -52,7 +52,7 @@ export class ElasticBeanstalkDeployAction extends Action {

// Per https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo.iam.managed-policies.html
// it doesn't seem we can scope this down further for the codepipeline action.
options.role.addManagedPolicy({ managedPolicyArn: `arn:${Aws.PARTITION}:iam::aws:policy/AdministratorAccess-AWSElasticBeanstalk` });
options.role.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess-AWSElasticBeanstalk'));

// the Action's Role needs to read from the Bucket to get artifacts
options.bucket.grantRead(options.role);
Expand Down
9 changes: 9 additions & 0 deletions packages/aws-cdk-lib/aws-iam/lib/managed-policy.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,12 @@ export interface IManagedPolicy {
* @attribute
*/
readonly managedPolicyArn: string;

/**
* The name of the managed policy
* @attribute
*/
readonly managedPolicyName: string;
}

/**
Expand Down Expand Up @@ -117,6 +123,7 @@ export class ManagedPolicy extends Resource implements IManagedPolicy, IGrantabl
resource: 'policy',
resourceName: managedPolicyName,
});
public readonly managedPolicyName = managedPolicyName;
}
return new Import(scope, id);
}
Expand All @@ -143,6 +150,7 @@ export class ManagedPolicy extends Resource implements IManagedPolicy, IGrantabl
public static fromManagedPolicyArn(scope: Construct, id: string, managedPolicyArn: string): IManagedPolicy {
class Import extends Resource implements IManagedPolicy {
public readonly managedPolicyArn = managedPolicyArn;
public readonly managedPolicyName = Stack.of(scope).splitArn(managedPolicyArn, ArnFormat.SLASH_RESOURCE_NAME).resourceName!;
}
return new Import(scope, id);
}
Expand All @@ -166,6 +174,7 @@ export class ManagedPolicy extends Resource implements IManagedPolicy, IGrantabl
resource: 'policy',
resourceName: managedPolicyName,
});
public readonly managedPolicyName = managedPolicyName;
}
return new AwsManagedPolicy();
}
Expand Down
3 changes: 3 additions & 0 deletions packages/aws-cdk-lib/aws-iam/test/managed-policy.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ describe('managed policy', () => {
':iam::aws:policy/service-role/SomePolicy',
]],
});
expect(stack.resolve(mp.managedPolicyName)).toEqual('service-role/SomePolicy');
});

test('simple customer managed policy', () => {
Expand All @@ -33,12 +34,14 @@ describe('managed policy', () => {
':iam::1234:policy/SomeCustomerPolicy',
]],
});
expect(stack.resolve(mp.managedPolicyName)).toEqual('SomeCustomerPolicy');
});

test('managed policy by arn', () => {
const mp = ManagedPolicy.fromManagedPolicyArn(stack, 'MyManagedPolicyByArn', 'arn:aws:iam::1234:policy/my-policy');

expect(stack.resolve(mp.managedPolicyArn)).toEqual('arn:aws:iam::1234:policy/my-policy');
expect(stack.resolve(mp.managedPolicyName)).toEqual('my-policy');
});

test('managed policy with statements', () => {
Expand Down

0 comments on commit a1e105e

Please sign in to comment.