Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-eks): OpenIdConnectProvider does not work with Aspects #13783

Closed
hangchan opened this issue Mar 25, 2021 · 3 comments
Closed

(aws-eks): OpenIdConnectProvider does not work with Aspects #13783

hangchan opened this issue Mar 25, 2021 · 3 comments
Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service bug This issue is a bug. effort/medium Medium work item – several days of effort p1

Comments

@hangchan
Copy link

OpenIdConnectProvider does not work with Aspects. We have an iam policy which requires a boundary policy to be applied to all created roles. There doesn't seem to be a way to apply a boundary policy to the role that OpenIdConnectProvider creates. Tags are also not added to the resources that are created. The methods below works for all other resources in the stack

Reproduction Steps

self.provider = self.eks_cluster.open_id_connect_provider
iam.PermissionsBoundary.of(self).apply(boundary)
core.Tags.of(self).add('app', 'eks')

What did you expect to happen?

Have permission boundary and tags applied to the role and lambda created by the open_id_connect_provider custom resource.

What actually happened?

No permission boundary policy or tags applied to the resources created.

Environment

  • CDK CLI Version : 1.9.1
  • Framework Version:
  • Node.js Version: v15.5.0
  • OS : MacOS 10.14.6
  • Language (Version): Python 3.6.8

Other

This is 🐛 Bug Report
@hangchan hangchan added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Mar 25, 2021
@peterwoodworth peterwoodworth added the @aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service label Mar 25, 2021
@iliapolo iliapolo changed the title aws_cdk.aws_eks.OpenIdConnectProvider: OpenIdConnectProvider does not work with Aspects (aws-eks): OpenIdConnectProvider does not work with Aspects Mar 29, 2021
@iliapolo iliapolo added effort/medium Medium work item – several days of effort p1 and removed needs-triage This issue or PR still needs to be triaged. labels Mar 29, 2021
@iliapolo
Copy link
Contributor

iliapolo commented Mar 29, 2021
edited
Loading

Blocked by #13850 and #13851

@iliapolo iliapolo removed their assignment Jun 27, 2021
@otaviomacedo
Copy link
Contributor

Resolved by #14754

@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service bug This issue is a bug. effort/medium Medium work item – several days of effort p1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@otaviomacedo @iliapolo @hangchan @peterwoodworth