chore: add support for IAM Identity Center in security diff #1052
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For issue aws/aws-cdk#29835
This is the first of 2 PRs. The other PR will be to the main aws-cdk repository.
Notice that AWS::SSO::PermissionSet has a property called
ManagedPolicies
. That's why I add that property check. And judging by the db.json that we create in this package (the service spec), AWS::SSO::PermissionSet is the only resource with that property name:AWS::SSO is the IAM Identity Center, and therefore changes to AWS SSO resources are security sensitive. Hence the issue.
Testing
As you'll see in the next pull request, I have integration tests for this change