-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(s3): Reduce notifications handler permissions (#5925) #27274
Conversation
75976a6
to
05663d2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request
. Additionally, if clarification is needed add Clarification Request
to a comment.
This restricts them to resources only the buckets that is required. To ensure permissions don't get too large minmize is also enabled on the policy. Closes aws#5925
05663d2
to
f245a22
Compare
Clarification Request: I'm not sure if this falls as a feature or a bugfix. In either case no changes to readme or integration tests are required as there's no changes to end users and there isn't any changes in how the resource interactions, otherwise just security slightly tightened. |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, I see the build is failing right now. We would not be able to prioritize review for this PR till the build succeeds.
This could be a high impact PR since it is modifying permissions. I am not sure if this can be merged in. It looks like the integration tests were not run with this change. Could you run those?
*/ | ||
public readonly role: iam.IRole; | ||
private readonly policy: iam.Policy; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is breaking. A user could be using this property which now would become private
This PR has been in the BUILD FAILING state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week. |
This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error. |
The pull request linter fails with the following errors:
PRs must pass status checks before we can provide a meaningful review. If you would like to request an exemption from the status checks or clarification on feedback, please leave a comment on this PR containing |
Hi @vinayak-kukreja, Thanks for the review. I had a busy week but now I'm happy to make the PR again, while adding back the Could you also let me know whether this should a bugfix or feature and what kind of change I can put in the README and also integration test file? |
This restricts them to resources only the buckets that is required. To ensure permissions don't get too large minimize is also enabled on the policy.
Closes #5925
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license