feat(s3): Reduce notifications handler permissions (#5925) #27274
Conversation
github-actions
bot
added
the
beginning-contributor
github-actions
bot
added
effort/medium
faridnsh
force-pushed
the
s3-notifications-permissions
branch
from
75976a6
to
05663d2
Compare
There was a problem hiding this comment.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.
This restricts them to resources only the buckets that is required. To ensure permissions don't get too large minmize is also enabled on the policy. Closes aws#5925
faridnsh
force-pushed
the
s3-notifications-permissions
branch
from
05663d2
to
f245a22
Compare
faridnsh
changed the title
|
Clarification Request: I'm not sure if this falls as a feature or a bugfix. In either case no changes to readme or integration tests are required as there's no changes to end users and there isn't any changes in how the resource interactions, otherwise just security slightly tightened. |
aws-cdk-automation
added
the
pr/reviewer-clarification-requested
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
There was a problem hiding this comment.
Hey, I see the build is failing right now. We would not be able to prioritize review for this PR till the build succeeds.
This could be a high impact PR since it is modifying permissions. I am not sure if this can be merged in. It looks like the integration tests were not run with this change. Could you run those?
| */ | ||
| public readonly role: iam.IRole; | ||
| private readonly policy: iam.Policy; |
There was a problem hiding this comment.
This is breaking. A user could be using this property which now would become private
vinayak-kukreja
removed
the
pr/reviewer-clarification-requested
|
This PR has been in the BUILD FAILING state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week. |
|
This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error. |
aws-cdk-automation
added
the
closed-for-staleness
|
The pull request linter fails with the following errors: PRs must pass status checks before we can provide a meaningful review. If you would like to request an exemption from the status checks or clarification on feedback, please leave a comment on this PR containing |
|
Hi @vinayak-kukreja, Thanks for the review. I had a busy week but now I'm happy to make the PR again, while adding back the Could you also let me know whether this should a bugfix or feature and what kind of change I can put in the README and also integration test file? |
This restricts them to resources only the buckets that is required. To ensure permissions don't get too large minimize is also enabled on the policy.
Closes #5925
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license