Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(CDK CLI): migrate doesn't produce correct IAM policies #28014

Closed
mbonig opened this issue Nov 15, 2023 · 3 comments · Fixed by cdklabs/cdk-from-cfn#405
Closed

(CDK CLI): migrate doesn't produce correct IAM policies #28014

mbonig opened this issue Nov 15, 2023 · 3 comments · Fixed by cdklabs/cdk-from-cfn#405
Assignees
@TheRealAmazonKendra
Labels
bug This issue is a bug. effort/small Small work item – less than a day of effort p1 package/tools Related to AWS CDK Tools or CLI

Comments

@mbonig
Copy link
Contributor

mbonig commented Nov 15, 2023

Describe the bug

When importing this template:
https://github.com/awslabs/aws-cloudformation-templates/blob/master/aws/solutions/LambdaStaticIP/lambda-static.cfn.yaml

The IAM role has bad casing on the policy:

    const lambdaRole = new iam.CfnRole(this, 'LambdaRole', {
      assumeRolePolicyDocument: {
        version: '2012-10-17',
        statement: [
          {
            effect: 'Allow',
            principal: {
              service: 'lambda.amazonaws.com',
            },
            action: 'sts:AssumeRole',
          },
        ],
      },
      managedPolicyArns: [
        'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole',
      ],
      path: '/',
      policies: [
        {
          policyName: 'EC2Permissions',
          policyDocument: {
            version: '2012-10-17',
            statement: [
              {
                effect: 'Allow',
                action: 'ec2:DescribeNetworkInterfaces',
                resource: '*',
              },
              {
                effect: 'Allow',
                action: 'ec2:CreateNetworkInterface',
                resource: '*',
              },
              {
                effect: 'Allow',
                action: 'ec2:DeleteNetworkInterface',
                resource: '*',
              },
              {
                effect: 'Allow',
                action: 'ec2:DescribeInstances',
                resource: '*',
              },
              {
                effect: 'Allow',
                action: 'ec2:AttachNetworkInterface',
                resource: '*',
              },
            ],
          },
        },
      ],
    });

Expected Behavior

I expected the IAM policy documents to have the correct casing and be deployable.

Current Behavior

lowercase properties are incorrect for these IAM policy statements

Reproduction Steps

run cdk migrate on the linked template. Try to deploy, it will fail.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.106.0 (build 0d1a333)

Framework Version

No response

Node.js Version

v20.9.0

OS

Mac OS 14.1.1

Language

TypeScript

Language Version

No response

Other information

No response
@mbonig mbonig added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 15, 2023
@github-actions github-actions bot added the package/tools Related to AWS CDK Tools or CLI label Nov 15, 2023
@khushail khushail added p1 effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Nov 15, 2023
@khushail
Copy link
Contributor

thanks @mbonig for reporting this.

@TheRealAmazonKendra TheRealAmazonKendra mentioned this issue Nov 16, 2023
Merged
@github-actions github-actions bot mentioned this issue Dec 1, 2023
Closed
@udaypant udaypant linked a pull request Dec 7, 2023 that will close this issue
fix(typescript, python): iam policy keys are camel cased cdklabs/cdk-from-cfn#405
Merged
@TheRealAmazonKendra
Copy link
Contributor

The fix has now been released as of version 2.119.0.

@github-actions GitHub Actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TheRealAmazonKendra TheRealAmazonKendra

Labels
bug This issue is a bug. effort/small Small work item – less than a day of effort p1 package/tools Related to AWS CDK Tools or CLI
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(typescript, python): iam policy keys are camel cased cdklabs/cdk-from-cfn
4 participants
@mbonig @HBobertz @TheRealAmazonKendra @khushail