Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(bootstrap): widen lookup role permissions for future extension (#…
…15423) The lookup role permissions are currently scoped to support exactly the context lookups supported by CDK right now. This means that if we add more lookups in the future, we will have to do a complicated dance that involves updating the bootstrap stack and version checking. Instead, increase the scope of the lookup role to be able to read everything in the target account except for secrets (anything that's encrypted by KMS cannot be read). People that currently have built their own lookup extensions to CDK can use this role to implement them. **NOTE**: this updates the bootstrap stack, but nothing in the CDK framework currently requires these changes. You can update at your leisure. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
- Loading branch information
cafdd3c
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks @rix0rrr . This is very useful.