fix(codebuild): incorrect SSM Parameter ARN in Project's IAM permissi…

…ons (#11917) (CodeBuild) Build fails after introducing environmentVariables with type BuildEnvironmentVariableType.PARAMETER_STORE. Fixes #9980 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
aws · Dec 8, 2020 · 7a09c18 · 7a09c18
1 parent ae2e9c1
commit 7a09c18
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 5 deletions.
diff --git a/packages/@aws-cdk/aws-codebuild/lib/project.ts b/packages/@aws-cdk/aws-codebuild/lib/project.ts
@@ -929,11 +929,16 @@ export class Project extends ProjectBase {
 
     const resources = Object.values(props.environmentVariables)
       .filter(envVariable => envVariable.type === BuildEnvironmentVariableType.PARAMETER_STORE)
+      .map(envVariable =>
+        // If the parameter name starts with / the resource name is not separated with a double '/'
+        // arn:aws:ssm:region:1111111111:parameter/PARAM_NAME
+        (envVariable.value as string).startsWith('/')
+          ? (envVariable.value as string).substr(1)
+          : envVariable.value)
       .map(envVariable => Stack.of(this).formatArn({
         service: 'ssm',
         resource: 'parameter',
-        sep: ':',
-        resourceName: envVariable.value,
+        resourceName: envVariable,
       }));
 
     if (resources.length === 0) {

diff --git a/packages/@aws-cdk/aws-codebuild/test/test.project.ts b/packages/@aws-cdk/aws-codebuild/test/test.project.ts
@@ -796,7 +796,7 @@ export = {
           },
           'ENV_VAR2': {
             type: codebuild.BuildEnvironmentVariableType.PARAMETER_STORE,
-            value: '/params/param2',
+            value: 'params/param2',
           },
         },
       });
@@ -823,7 +823,7 @@ export = {
                   {
                     Ref: 'AWS::AccountId',
                   },
-                  ':parameter:/params/param1',
+                  ':parameter/params/param1',
                 ],
               ],
             },
@@ -843,7 +843,7 @@ export = {
                   {
                     Ref: 'AWS::AccountId',
                   },
-                  ':parameter:/params/param2',
+                  ':parameter/params/param2',
                 ],
               ],
             }],