Allow use of assumed roles behind a proxy. #898
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The call to STS for the credentials of the assumed role does not route through the proxy unless the proxy is configured globally for the AWS SDK.
RomainMuller
approved these changes
Oct 11, 2018
There was a problem hiding this comment.
Looks fair to me. Thanks for the contribution. I'd like to have @rix0rrr's approval as well, in case there was a particular reason for the configuration to be the way it was that we're missing.
|
I'm slightly uncomfortable making global changes like this. But if we're going to do it, we should get rid of |
rix0rrr
requested changes
Oct 11, 2018
Everything now done via global config.
rix0rrr
approved these changes
Oct 12, 2018
eladb
suggested changes
Oct 12, 2018
|
Integ tests run successfully and this appears in the log of my proxy: I opened a ticket to the JS SDK to make the proxy configurable via constructor arguments, but otherwise this change is going to have to be it for now. |
eladb
pushed a commit
that referenced
this pull request
Oct 19, 2018
### Highlights - __A new construct library for AWS Step Functions__ ([docs](https://github.com/awslabs/aws-cdk/blob/master/packages/%40aws-cdk/aws-stepfunctions/README.md)). The library provides rich APIs for modeling state machines by exposing a programmatic interface for [Amazon State Language](https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html). - __A new construct library for Amazon S3 bucket deployments__ ([docs](https://github.com/awslabs/aws-cdk/blob/master/packages/%40aws-cdk/aws-s3-deployment/README.md)). You can use now automatically populate an S3 Bucket from a .zip file or a local directory. This is a building block for end-to-end support for static websites in the AWS CDK. ### Bug Fixes * **aws-apigateway:** make LambdaRestApi proxy by default ([#963](#963)) ([a5f5e2c](a5f5e2c)), closes [#959](#959) * **aws-cdk:** Allow use of assumed roles behind a proxy ([#898](#898)) ([f2b1048](f2b1048)) * **aws-cdk:** Auto-delete stacks that failed creating before new attempt ([#917](#917)) ([2af8309](2af8309)) * **aws-cloudfront:** expose distributionId ([#938](#938)) ([f58d98c](f58d98c)) * **aws-dynamodb:** don't emit empty array properties ([#909](#909)) ([841975a](841975a)) * **docs:** use ..code to display file structure in "writing constructs" ([#935](#935)) ([b743362](b743362)) ### Features * **assets:** isZipArchive indicates if this is a zip asset ([#944](#944)) ([65190f9](65190f9)) * **aws-cdk:** deploy supports CloudFormation Role ([#940](#940)) ([393be6f](393be6f)), closes [#735](#735) * **aws-cloudformation:** allow specifying custom resource type ([#943](#943)) ([9de3a84](9de3a84)) * **aws-cloudformation:** correctly handle the templateConfiguration property in the CreateUpdateStack Pipeline Action. ([#923](#923)) ([d251a46](d251a46)) * **aws-cloudfront:** add support for "webAclId" ([#969](#969)) ([3ec9d76](3ec9d76)) * **aws-codedeploy:** add auto rollback configuration to server Deployment Group. ([#925](#925)) ([7ee91cf](7ee91cf)) * **aws-codedeploy:** add instance tag filter support for server Deployment Groups. ([#824](#824)) ([e6e8c51](e6e8c51)) * **aws-codedeploy:** add support for setting CloudWatch alarms on a server Deployment Group. ([#926](#926)) ([27b26b1](27b26b1)) * add support for Step Functions ([#827](#827)) ([81b533c](81b533c)) * **aws-lambda:** add grantInvoke() method ([#962](#962)) ([1ee8135](1ee8135)), closes [#961](#961) * **aws-lambda:** improvements to the code and runtime APIs ([#945](#945)) ([36f29b6](36f29b6)), closes [#902](#902) [#188](#188) [#947](#947) [#947](#947) [#664](#664) * **aws-logs:** extractMetric() returns Metric object ([#939](#939)) ([5558fff](5558fff)), closes [#850](#850) * **aws-s3:** initial support for website hosting ([#946](#946)) ([2d3661c](2d3661c)) * **aws-s3-deployment:** bucket deployments ([#971](#971)) ([84d6876](84d6876)), closes [#952](#952) [#953](#953) [#954](#954) * **docs:** added link to CloudFormation concepts ([#934](#934)) ([666bbba](666bbba)) ### BREAKING CHANGES * **aws-apigateway:** specifying a path no longer works. If you used to provide a '/', remove it. Otherwise, you will have to supply `proxy: false` and construct more complex resource paths yourself. * **aws-lambda:** The construct `lambda.InlineJavaScriptLambda` is no longer supported. Use `lambda.Code.inline` instead; `lambda.Runtime.NodeJS43Edge` runtime is removed. CloudFront docs [stipulate](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-requirements-limits.html#lambda-requirements-lambda-function-configuration) that you should use node6.10 or node8.10. It is always possible to use any value by instantiating a `lambda.Runtime` object.
Merged
eladb
pushed a commit
that referenced
this pull request
Oct 19, 2018
### Highlights - __A new construct library for AWS Step Functions__ ([docs](https://github.com/awslabs/aws-cdk/blob/master/packages/%40aws-cdk/aws-stepfunctions/README.md)). The library provides rich APIs for modeling state machines by exposing a programmatic interface for [Amazon State Language](https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html). - __A new construct library for Amazon S3 bucket deployments__ ([docs](https://github.com/awslabs/aws-cdk/blob/master/packages/%40aws-cdk/aws-s3-deployment/README.md)). You can use now automatically populate an S3 Bucket from a .zip file or a local directory. This is a building block for end-to-end support for static websites in the AWS CDK. ### Bug Fixes * **aws-apigateway:** make LambdaRestApi proxy by default ([#963](#963)) ([a5f5e2c](a5f5e2c)), closes [#959](#959) * **aws-cdk:** Allow use of assumed roles behind a proxy ([#898](#898)) ([f2b1048](f2b1048)) * **aws-cdk:** Auto-delete stacks that failed creating before new attempt ([#917](#917)) ([2af8309](2af8309)) * **aws-cloudfront:** expose distributionId ([#938](#938)) ([f58d98c](f58d98c)) * **aws-dynamodb:** don't emit empty array properties ([#909](#909)) ([841975a](841975a)) * **docs:** use ..code to display file structure in "writing constructs" ([#935](#935)) ([b743362](b743362)) ### Features * **assets:** isZipArchive indicates if this is a zip asset ([#944](#944)) ([65190f9](65190f9)) * **aws-cdk:** deploy supports CloudFormation Role ([#940](#940)) ([393be6f](393be6f)), closes [#735](#735) * **aws-cloudformation:** allow specifying custom resource type ([#943](#943)) ([9de3a84](9de3a84)) * **aws-cloudformation:** correctly handle the templateConfiguration property in the CreateUpdateStack Pipeline Action. ([#923](#923)) ([d251a46](d251a46)) * **aws-cloudfront:** add support for "webAclId" ([#969](#969)) ([3ec9d76](3ec9d76)) * **aws-codedeploy:** add auto rollback configuration to server Deployment Group. ([#925](#925)) ([7ee91cf](7ee91cf)) * **aws-codedeploy:** add instance tag filter support for server Deployment Groups. ([#824](#824)) ([e6e8c51](e6e8c51)) * **aws-codedeploy:** add support for setting CloudWatch alarms on a server Deployment Group. ([#926](#926)) ([27b26b1](27b26b1)) * add support for Step Functions ([#827](#827)) ([81b533c](81b533c)) * **aws-lambda:** add grantInvoke() method ([#962](#962)) ([1ee8135](1ee8135)), closes [#961](#961) * **aws-lambda:** improvements to the code and runtime APIs ([#945](#945)) ([36f29b6](36f29b6)), closes [#902](#902) [#188](#188) [#947](#947) [#947](#947) [#664](#664) * **aws-logs:** extractMetric() returns Metric object ([#939](#939)) ([5558fff](5558fff)), closes [#850](#850) * **aws-s3:** initial support for website hosting ([#946](#946)) ([2d3661c](2d3661c)) * **aws-s3-deployment:** bucket deployments ([#971](#971)) ([84d6876](84d6876)), closes [#952](#952) [#953](#953) [#954](#954) * **docs:** added link to CloudFormation concepts ([#934](#934)) ([666bbba](666bbba)) ### BREAKING CHANGES * **aws-apigateway:** specifying a path no longer works. If you used to provide a '/', remove it. Otherwise, you will have to supply `proxy: false` and construct more complex resource paths yourself. * **aws-lambda:** The construct `lambda.InlineJavaScriptLambda` is no longer supported. Use `lambda.Code.inline` instead; `lambda.Runtime.NodeJS43Edge` runtime is removed. CloudFront docs [stipulate](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-requirements-limits.html#lambda-requirements-lambda-function-configuration) that you should use node6.10 or node8.10. It is always possible to use any value by instantiating a `lambda.Runtime` object.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We have to use assumed roles and route though a proxy in order to get credentials and connect to AWS. When using the CDK the call to STS for the credentials of the assumed role does not route through the proxy unless the proxy is configured globally for the AWS SDK.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.