Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-redshift-alpha: add functionality for default IAM role #22551

Closed
2 tasks
sean-beath opened this issue Oct 18, 2022 · 2 comments · Fixed by #23554
Closed
2 tasks

aws-redshift-alpha: add functionality for default IAM role #22551

sean-beath opened this issue Oct 18, 2022 · 2 comments · Fixed by #23554
Labels
@aws-cdk/aws-redshift Related to Amazon Redshift effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. needs-cfn This issue is waiting on changes to CloudFormation before it can be addressed. p2

Comments

@sean-beath
Copy link
Contributor

sean-beath commented Oct 18, 2022
edited
Loading

Describe the feature

Allow users to define a default IAM role for the cluster being created.

Use Case

I'm always frustrated when I need to deploy my cluster and then go through the console to add a default IAM role on the cluster.

Proposed Solution

Have a post-deployment Lambda that uses boto3 to define the role as being the default role.
Example code of how this could be implemented:

       import sys
            import os
            import json
            import cfnresponse
            import logging
            from pip._internal import main

            main(['install', 'boto3', '--target', '/tmp/'])
            sys.path.insert(0,'/tmp/')

            import boto3
            from botocore.exceptions import ClientError

            def lambda_handler(event, context):

                print(boto3.__version__)

                if event['RequestType'] == 'Delete':
                    cfnresponse.send(event, context, cfnresponse.SUCCESS, {'Data': 'Delete complete'})
                else:
                    try:
                        client = boto3.client('redshift')
                        response = client.modify_cluster_iam_roles(
                            ClusterIdentifier=os.environ['RedshiftClusterIdentifier'],
                            DefaultIamRoleArn=os.environ['RedshiftClusterRole']
                        )
                        print(response)
                    except Exception as e:
                        logger.error(e)
                        cfnresponse.send(event, context, cfnresponse.FAILED, {'Data': 'Create failed'})

                cfnresponse.send(event, context, cfnresponse.SUCCESS, {'Data': 'Create complete'})

                return {
                    'statusCode': 200,
                    'body': json.dumps('Deployed Default Role')
                }

Other Information

There is currently no way to define a default role using CFN.

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.43.1

Environment details (OS name and version, etc.)

MacOS Monterey 12.5
@sean-beath sean-beath added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Oct 18, 2022
@github-actions github-actions bot added the @aws-cdk/aws-redshift Related to Amazon Redshift label Oct 18, 2022
@peterwoodworth
Copy link
Contributor

You could create an AwsCustomResource in your stack to easily make the API call you need to.

I would recommend doing that for now. Reach out and create an issue on the CloudFormation coverage roadmap if you'd like to see this be done automatically through CFN without the need to use a custom resource

@peterwoodworth peterwoodworth added p2 effort/small Small work item – less than a day of effort needs-cfn This issue is waiting on changes to CloudFormation before it can be addressed. and removed needs-triage This issue or PR still needs to be triaged. labels Nov 4, 2022
@sean-beath sean-beath mentioned this issue Jan 4, 2023
Merged
4 tasks
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-redshift Related to Amazon Redshift effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. needs-cfn This issue is waiting on changes to CloudFormation before it can be addressed. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(redshift): support default role for redshift clusters sean-beath/aws-cdk
3 participants
@peterwoodworth @comcalvi @sean-beath