Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DeployTimeSubstitutedFile: should allow passing IAM role #26879

Closed
1 of 2 tasks
antoniordz96 opened this issue Aug 25, 2023 · 2 comments · Fixed by #26896
Closed
1 of 2 tasks

DeployTimeSubstitutedFile: should allow passing IAM role #26879

antoniordz96 opened this issue Aug 25, 2023 · 2 comments · Fixed by #26896
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p1

Comments

@antoniordz96
Copy link

antoniordz96 commented Aug 25, 2023
edited
Loading

Describe the feature

DeployTimeSubstitutedFile is an extension of BucketDeployment that allows users to upload individual files and specify to make substitutions in the file.

Our CDK assets bucket is encrypted and we need to grant the DeployTimeSubstitutedFile access to our KMS key. In the past we have used BucketDeployment and passed a role via the BucketDeployment props with right set of permissions.

Reference: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3_deployment.BucketDeployment.html#role

Use Case

Fetch assets from encrypted KMS S3 Buckets

Proposed Solution

Expose the role as parameter within DeployTimeSubstitutedFileProps and pass it down to BucketDeployment parent

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.93.0

Environment details (OS name and version, etc.)

Mac
@antoniordz96 antoniordz96 added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Aug 25, 2023
@github-actions github-actions bot added the @aws-cdk/aws-iam Related to AWS Identity and Access Management label Aug 25, 2023
@peterwoodworth peterwoodworth added p1 effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Aug 25, 2023
@peterwoodworth
Copy link
Contributor

Makes sense to me, we should allow role configurability whenever possible. Thanks for the request!

@lpizzinidev lpizzinidev mentioned this issue Aug 26, 2023
Merged
mrgrain added a commit to lpizzinidev/aws-cdk that referenced this issue Aug 28, 2023
@mrgrain
Merge branch 'main' into awsgh-26879
b0ed7ac
@mergify mergify bot closed this as completed in #26896 Aug 28, 2023
mergify bot pushed a commit that referenced this issue Aug 28, 2023
@lpizzinidev
feat(s3-deployment): specify lambda execution role in DeployTimeSubst…
6c2143c 
…itutedFile (#26896)

Exposes the `role` property in `DeployTimeSubstitutedFile`.
The role will be passed to the generated `BucketDeployment` lambda function.

Closes #26879.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@github-actions github-actions bot mentioned this issue Sep 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(s3-deployment): specify lambda execution role in DeployTimeSubstitutedFile lpizzinidev/aws-cdk
2 participants
@antoniordz96 @peterwoodworth