Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

@aws-cdk/aws-iam:standardizedServicePrincipals: produces invalid templates when using some L2 constructs #23066

Closed
lowpast opened this issue Nov 24, 2022 · 2 comments
Closed

@aws-cdk/aws-iam:standardizedServicePrincipals: produces invalid templates when using some L2 constructs #23066

lowpast opened this issue Nov 24, 2022 · 2 comments
Assignees
@rix0rrr
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management bug This issue is a bug. duplicate This issue is a duplicate.

Comments

@lowpast
Copy link

lowpast commented Nov 24, 2022

Describe the bug

When enabling the feature flag @aws-cdk/aws-iam:standardizedServicePrincipals and using the L2 construct for AppSync "AppsyncFunction", the synthesized template is invalid.

Expected Behavior

The produced assume role policy is valid
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync.amazonaws.com"
}
}

Current Behavior

An invalid assume role policy is produced
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "appsync"
}
}

As "Service": "appsync" is not a valid principal.

Reproduction Steps

Enable the feature flag @aws-cdk/aws-iam:standardizedServicePrincipals
Create a new AppsyncFunction
npx cdk synth
npx cdk deploy <stack_name>

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.51.1

Framework Version

No response

Node.js Version

16.18

OS

OSx, AmazonLinux2

Language

Typescript

Language Version

No response

Other information

No response
@lowpast lowpast added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 24, 2022
@github-actions github-actions bot added the @aws-cdk/aws-iam Related to AWS Identity and Access Management label Nov 24, 2022
@peterwoodworth
Copy link
Contributor

We've addressed this issue, see here #23035

@peterwoodworth peterwoodworth added duplicate This issue is a duplicate. and removed needs-triage This issue or PR still needs to be triaged. labels Nov 24, 2022
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rix0rrr rix0rrr

Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management bug This issue is a bug. duplicate This issue is a duplicate.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rix0rrr @lowpast @peterwoodworth