Assets: grant permissions on a wildcard #484
Comments
|
Totally, and I like the simple solution |
rix0rrr
pushed a commit
that referenced
this issue
Aug 6, 2018
We need to give asset consumers permissions on all versions of an asset, not just the latest version. Otherwise, we will never be able to do rolling updates. Also add caching on AWS client instances, so with multiple asset uploads we don't have to construct a new S3 client for every asset (incurring credential lookups for each one). This fixes #484.
rix0rrr
added a commit
that referenced
this issue
Aug 20, 2018
We need to give asset consumers permissions on all versions of an asset, not just the latest version. Otherwise, as soon as we deploy a new version, the Lambda (or other construct) will immediately lose permissions to old versions and we won't be able to do rolling updates. OTHER CHANGES - Toolkit: add caching on credential providers, to reduce network roundtrips when multiple AWS clients are constructed. This fixes #484.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now, we only grant permissions on specific versions of an asset. That means that if we publish a new version, the Lambda or CodeBuild role using the assets immediately loses permissions to all previous versions of the asset, causing them to fail.
This is inconvenient for CodeBuilds, but will prevent gradual Lambda deployments for example.
We should probably name the asset something like
And give permissions on the
$IDprefix, so that all versions are accepted.The text was updated successfully, but these errors were encountered: