Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: bootstrap arguments for permissions boundary #22792

Merged
merged 41 commits into from
Nov 23, 2022
Merged

feat: bootstrap arguments for permissions boundary #22792

Changes from 1 commit
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
e2db370
feat: bootstrap arguments for permissions boundary
Naumel Nov 4, 2022
2353ce9
Update cdk.ts
Naumel Nov 4, 2022
302d4dc
Collapsing old commits
Naumel Nov 7, 2022
8cea87e
Integ tests
Naumel Nov 7, 2022
3749a90
Conditional permissions boundary
Naumel Nov 7, 2022
767755b
Proper string used in the test for default permissions boundary
Naumel Nov 7, 2022
efc8653
Split template cases based on th supplied argument.
Naumel Nov 9, 2022
074450b
Typo fix
Naumel Nov 9, 2022
09c2bff
String-ify permissionsboundary
Naumel Nov 9, 2022
82101af
AWS::NoValue for no param permissions boundary
Naumel Nov 9, 2022
35f922a
yaml is super fun
Naumel Nov 9, 2022
c102960
Update packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml
Naumel Nov 9, 2022
defeea8
Incorporating feedback
Naumel Nov 14, 2022
8961c3b
README rephrase
Naumel Nov 14, 2022
d47e3b5
Added policy name validation
Naumel Nov 14, 2022
9d5e667
Adjusted param name and policy name input validation
Naumel Nov 15, 2022
ee95f76
Merge branch 'main' into perm-bound
mergify[bot] Nov 15, 2022
3ddfade
SDK call to IAM to create an example policy that can be referenced by…
Naumel Nov 17, 2022
a52f790
Update packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml
Naumel Nov 17, 2022
396cf32
Update packages/aws-cdk/lib/api/bootstrap/bootstrap-environment.ts
Naumel Nov 17, 2022
ccd90f7
Update packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml
Naumel Nov 17, 2022
ea88b89
Intermediary work for feedback, 4 unit tests are still failing
Naumel Nov 18, 2022
1debcdf
Update packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml
Naumel Nov 21, 2022
157415c
Fixed the build
Naumel Nov 21, 2022
e75869f
Update packages/aws-cdk/README.md
Naumel Nov 21, 2022
96a8f64
Update packages/aws-cdk/README.md
Naumel Nov 21, 2022
303ba4d
Adding the change overview notes
Naumel Nov 21, 2022
3823e1e
Merge branch 'main' into perm-bound
mergify[bot] Nov 21, 2022
2fa9d19
Update packages/aws-cdk/README.md
Naumel Nov 21, 2022
bd7fbc2
Apply suggestions from code review
Naumel Nov 21, 2022
0745549
Partition must be part of the IAM policy arn for a successful getPoli…
Naumel Nov 21, 2022
dbf096c
Swapped the two error throwing points
Naumel Nov 21, 2022
3a660ee
Have dual policy definition for the time being
Naumel Nov 21, 2022
0b994a0
Fixed the param name for the template
Naumel Nov 22, 2022
1e7d1bd
adjusted the test for the input param name
Naumel Nov 22, 2022
8e29fb7
renaming remaining
Naumel Nov 22, 2022
58510fc
Fixing bootstrap prompt when using example policy
Naumel Nov 22, 2022
7f03db2
previous commit redo
Naumel Nov 22, 2022
16cf026
Apply missed partition in arn
Naumel Nov 22, 2022
79ecf77
Bubble up any IAM call error
Naumel Nov 22, 2022
7669755
Merge branch 'main' into perm-bound
mergify[bot] Nov 23, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions packages/aws-cdk/lib/cli.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,8 @@ async function parseCommandLineArguments() {
.command('bootstrap [ENVIRONMENTS..]', 'Deploys the CDK toolkit stack into an AWS environment', (yargs: Argv) => yargs
.option('bootstrap-bucket-name', { type: 'string', alias: ['b', 'toolkit-bucket-name'], desc: 'The name of the CDK toolkit bucket; bucket will be created and must not exist', default: undefined })
.option('bootstrap-kms-key-id', { type: 'string', desc: 'AWS KMS master key ID used for the SSE-KMS encryption', default: undefined, conflicts: 'bootstrap-customer-key' })
.option('create-default-permissions-boundary', { type: 'boolean', alias: ['dpb', 'default-permissions-boundary'], desc: 'Use the default permissions boundary.', default: undefined, conflicts: 'permissions-boundary' })
.option('permissions-boundary', { type: 'string', alias: ['pb', 'permissions-boundary'], desc: 'Use the permissions boundary specified by name.', default: undefined, conflicts: 'create-default-permissions-boundary' })
.option('bootstrap-customer-key', { type: 'boolean', desc: 'Create a Customer Master Key (CMK) for the bootstrap bucket (you will be charged but can customize permissions, modern bootstrapping only)', default: undefined, conflicts: 'bootstrap-kms-key-id' })
.option('qualifier', { type: 'string', desc: 'String which must be unique for each bootstrap stack. You must configure it on your CDK app if you change this from the default.', default: undefined })
.option('public-access-block-configuration', { type: 'boolean', desc: 'Block public access configuration on CDK toolkit bucket (enabled by default) ', default: undefined })
Expand Down