Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(codepipeline-actions): reduce S3SourceAction role permissions to just the key #15304

Conversation

berenddeboer
Copy link
Contributor

@berenddeboer berenddeboer commented Jun 24, 2021

The pipeline source action's role was given read permissions to the entire bucket. Limit that to just the source path it needs.

Similar to #15112.


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@gitpod-io
Copy link

gitpod-io bot commented Jun 24, 2021

@berenddeboer berenddeboer changed the title fix(codebuild): reduce pipeline s3 source action role permission to just the key fix(pipeline): reduce pipeline s3 source action role permission to just the key Jun 24, 2021
@skinny85 skinny85 self-assigned this Jun 24, 2021
@berenddeboer
Copy link
Contributor Author

Not sure why the build failed, doesn't seem to be related to anything I did:

Installing from NPM...
npx: installed 256 in 2.832s
npm ERR! code ETARGET
npm ERR! notarget No matching version found for @aws-cdk/assertions@1.109.0.

@berenddeboer berenddeboer changed the title fix(pipeline): reduce pipeline s3 source action role permission to just the key fix(codepipeline): reduce pipeline s3 source action role permission to just the key Jun 25, 2021
@skinny85 skinny85 changed the title fix(codepipeline): reduce pipeline s3 source action role permission to just the key fix(codepipeline-actions): reduce S3SourceAction role permissions to just the key Jun 28, 2021
Copy link
Contributor

@skinny85 skinny85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution @berenddeboer!

@mergify
Copy link
Contributor

mergify bot commented Jun 28, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
  • Commit ID: 7b334f1
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit d2c76aa into aws:master Jun 29, 2021
@mergify
Copy link
Contributor

mergify bot commented Jun 29, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

hollanddd pushed a commit to hollanddd/aws-cdk that referenced this pull request Aug 26, 2021
…just the key (aws#15304)

The pipeline source action's role was given read permissions to the entire bucket. Limit that to just the source path it needs.

Similar to aws#15112.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants