Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(codepipeline/cfn): Use fewer statements for pipeline permissions #1009

Merged
merged 5 commits into from
Oct 29, 2018

Commits on Oct 25, 2018

  1. feat(iam): Allow looking up a statement by sid

    When trying to make minimal-permission IAM policies, it can be necessary
    to ensure the policy remains as compact as possible. In certain cases,
    the same permissions will be extended to multiple resources separately,
    and those can be represented using a single statement, instead of one
    per each resource. This feature allows code to select a "singleton" SID
    for their permissions, and look it up from an existing PolicyDocument so
    resources can be added to it instead of new statements being created.
    
    The feature is being used in order to avoid creating extremely large
    policy documents when adding CodePipeline actions to deploy a number of
    CloudFormation stacks using the same ChangeSet name (using a single
    statement instead of one per stack).
    
    BREAKING CHANGE: The `sid` attribute of the `PolicyStatement` class is
    now read-only and must be set at construction time if an `sid` is to be
    used. This also enables guaranteeing `sid` uniqueness in palces where it
    is required, such as SNS Topic policies.
    RomainMuller committed Oct 25, 2018
    Configuration menu
    Copy the full SHA
    6a9e166 View commit details
    Browse the repository at this point in the history
  2. Fix tyos

    RomainMuller committed Oct 25, 2018
    Configuration menu
    Copy the full SHA
    ff0c324 View commit details
    Browse the repository at this point in the history
  3. Stop messing with the statements, instead use a singleton-ifying cons…

    …truct on the policy editor side
    RomainMuller committed Oct 25, 2018
    Configuration menu
    Copy the full SHA
    46d1b65 View commit details
    Browse the repository at this point in the history

Commits on Oct 26, 2018

  1. Stop specifying the statement template key manually, determine it fro…

    …m actions and conditions instead
    RomainMuller committed Oct 26, 2018
    Configuration menu
    Copy the full SHA
    adec992 View commit details
    Browse the repository at this point in the history
  2. Configuration menu
    Copy the full SHA
    81ff065 View commit details
    Browse the repository at this point in the history