-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(cloud9): support setting environment owner #23878
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great job on the first PR! 🎉
I've left some comments on the code below. Also, about the PR itself:
- Your PR title is very mechanical. We try to write our PR titles so that they make sense when users read them in a release announcement. For example, these messages will show up here: https://github.com/aws/aws-cdk/releases/tag/v2.62.0 . Users won't necessarily care about the specific changes to classes that were made, but care more about the feature that was added. Instead of
added owner to Ec2EnvironmentProps
, something likesupport setting environment owner
might be more clear. - Also make it clear in your PR body why you did the change, how the change works, and what interesting design decisions you made (and why). This will help a reviewer make sense of the change you made.
Flip through the Contributing Guide one more time to make sure you're familiar with the practices of how we do things.
|
||
test('can use CodeCommit repo', () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please describe what the test is trying to assert here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh and because this is a feat
ure, we generally also ask people to write a small section in the README.md
about the use case we unlock, why you want this and a small of example of how you're supposed to use it.
✅ Updated pull request passes all PRLinter validations. Dissmissing previous PRLinter review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Almost there!
I know writing [documentation] will be one of the hardest tasks we have to do, but also one of the most important ones. Don't worry if it's not perfect the first time, this takes a lot of practice.
I added some suggestions of what we might write here. Go through them and rewrite your text after seeing what I'm proposing, or accept what I wrote.
### create a new Cloud9 environment with an owner as an Iam User. | ||
|
||
```ts | ||
const user = new iam.User(stack, 'User'); | ||
declare const vpc: ec2.Vpc; | ||
new cloud9.Ec2Environment(this, 'C9Env', { | ||
vpc, | ||
imageId: cloud9.ImageId.AMAZON_LINUX_2, | ||
owner: cloud9.Owner.User(user) | ||
}); | ||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This example isn't necessary any more, the previous example already covers that.
```ts | ||
new cloud9.Ec2Environment(this, 'C9Env', { | ||
// provides root account id. | ||
owner: cloud9.Owner.AccountRoot('root account id') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
owner: cloud9.Owner.AccountRoot('root account id') | |
owner: cloud9.Owner.AccountRoot('111111111111') |
@@ -104,3 +104,39 @@ new cloud9.Ec2Environment(this, 'C9Env', { | |||
imageId: cloud9.ImageId.AMAZON_LINUX_2, | |||
}); | |||
``` | |||
|
|||
## Specifying Owners | |||
`Owner` is a user that owns a Cloud9 environment . `Owner` has their own access permissions, resources. And we can specify an `Owner`in an Ec2 environment which could be of two types, 1. AccountRoot and 2. Iam User. It allows AWS to determine who has permissions to manage the environment, either an IAM user or the account root user |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's try and explain a bit more what this represents.
For example:
`Owner` is a user that owns a Cloud9 environment . `Owner` has their own access permissions, resources. And we can specify an `Owner`in an Ec2 environment which could be of two types, 1. AccountRoot and 2. Iam User. It allows AWS to determine who has permissions to manage the environment, either an IAM user or the account root user | |
Every Cloud9 Environment has an **owner**. An owner has full control over the environment, and can invite additional members to the environment for collaboration purposes. For more information, see [Working with shared environments in AWS Cloud9](https://docs.aws.amazon.com/cloud9/latest/user-guide/share-environment.html)). | |
By default, the owner will be the identity that creates the Environment, which is most likely your CloudFormation Execution Role when the Environment is created using CloudFormation. Provider a value for the `owner` property to assign a different owner, either a specific IAM User or the AWS Account Root User. | |
`Owner` is a user that owns a Cloud9 environment . `Owner` has their own access permissions, resources. And we can specify an `Owner`in an Ec2 environment which could be of two types, 1. AccountRoot and 2. Iam User. It allows AWS to determine who has permissions to manage the environment, either an IAM user or the account root user (but using the account root user is not recommended, see [environment sharing best practices](https://docs.aws.amazon.com/cloud9/latest/user-guide/share-environment.html#share-environment-best-practices)). |
## Specifying Owners | ||
`Owner` is a user that owns a Cloud9 environment . `Owner` has their own access permissions, resources. And we can specify an `Owner`in an Ec2 environment which could be of two types, 1. AccountRoot and 2. Iam User. It allows AWS to determine who has permissions to manage the environment, either an IAM user or the account root user | ||
|
||
### AccountRoot |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
### AccountRoot | |
To specify the AWS Account Root User as the environment owner, use `Owner.accountRoot()`: |
}) | ||
``` | ||
|
||
### Iam User |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
### Iam User | |
To specify a specific IAM User as the environment owner, use `Owner.user()`. The user should have the `AWSCloud9Administrator` managed policy: |
@@ -136,7 +142,6 @@ export class Ec2Environment extends cdk.Resource implements IEc2Environment { | |||
} | |||
return new Import(scope, id); | |||
} | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't remove this line, we try to keep an empty line between functions so they are easier to visually distinguish.
* The class for different types of owners | ||
* | ||
* |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* The class for different types of owners | |
* | |
* | |
* An environment owner |
*/ | ||
export class Owner { | ||
/** | ||
* import from Owner Iuser |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* import from Owner Iuser | |
* Make an IAM user the environment owner |
|
||
|
||
/** | ||
* import from Owner account root |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* import from Owner account root | |
* Make the Account Root User the environment owner (not recommended) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good!
I'm giving you a provisional approval. That means that it's approved if you do a couple small things, but I trust you to do what I'm asking (or not do it if you feel you have good reasons not to), and I don't necessarily need to see it again afterwards.
How that works is I'm approving it , but I'm putting the pr/do-not-merge
label on it so it doesn't get automatically merged yet.
After you've made the final changes, you can remove the do-not-merge
label and automation will take over.
If all is well (if you are in the "owners" file in the repository), my approval will not be undone if you change the PR. If my approval gets dismissed when you change the PR, then let me know and I'll reapprove. Also, in that case make a new PR to add your name to the .mergify.yml
file in the top level directory, so that doesn't happen again in the future.
|
||
`Owner` is a user that owns a Cloud9 environment . `Owner` has their own access permissions, resources. And we can specify an `Owner`in an Ec2 environment which could be of two types, 1. AccountRoot and 2. Iam User. It allows AWS to determine who has permissions to manage the environment, either an IAM user or the account root user (but using the account root user is not recommended, see [environment sharing best practices](https://docs.aws.amazon.com/cloud9/latest/user-guide/share-environment.html#share-environment-best-practices)). | ||
|
||
### To specify the AWS Account Root User as the environment owner, use `Owner.accountRoot()` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this needs to be a heading.
### To specify the AWS Account Root User as the environment owner, use `Owner.accountRoot()` | |
To specify the AWS Account Root User as the environment owner, use `Owner.accountRoot()` |
}) | ||
``` | ||
|
||
### To specify a specific IAM User as the environment owner, use `Owner.user()`. The user should have the `AWSCloud9Administrator` managed policy |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here:
### To specify a specific IAM User as the environment owner, use `Owner.user()`. The user should have the `AWSCloud9Administrator` managed policy | |
To specify a specific IAM User as the environment owner, use `Owner.user()`. The user should have the `AWSCloud9Administrator` managed policy |
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Closes #22474
All Submissions:
Adding new Construct Runtime Dependencies:
New Features
yarn integ
to deploy the infrastructure and generate the snapshot (i.e.yarn integ
without--dry-run
)?By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license