Skip to content

Commit

Permalink
fix(codebuild): correctly pass the VPC subnet IDs to the Policy State…
Browse files Browse the repository at this point in the history 
…ment's condition when using a VPC. (aws#2506)

Fixes aws#2335
  • Loading branch information
@skinny85 @SanderKnape
skinny85 authored and SanderKnape committed May 14, 2019
1 parent 608028b commit 25f5ad1
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 4 deletions.
6 changes: 3 additions & 3 deletions packages/@aws-cdk/aws-codebuild/lib/project.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -903,9 +903,9 @@ export class Project extends ProjectBase {
this.addToRolePolicy(new iam.PolicyStatement()
.addResource(`arn:aws:ec2:${Aws.region}:${Aws.accountId}:network-interface/*`)
.addCondition('StringEquals', {
"ec2:Subnet": [
`arn:aws:ec2:${Aws.region}:${Aws.accountId}:subnet/[[subnets]]`
],
"ec2:Subnet": props.vpc
.selectSubnets(props.subnetSelection).subnetIds
.map(si => `arn:aws:ec2:${Aws.region}:${Aws.accountId}:subnet/${si}`),
"ec2:AuthorizedService": "codebuild.amazonaws.com"
})
.addAction('ec2:CreateNetworkInterfacePermission'));
Expand Down
5 changes: 4 additions & 1 deletion packages/@aws-cdk/aws-codebuild/test/integ.project-vpc.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -312,7 +312,10 @@
{
"Ref": "AWS::AccountId"
},
":subnet/[[subnets]]"
":subnet/",
{
"Ref": "MyVPCPrivateSubnet1Subnet641543F4"
}
]
]
}
Expand Down

0 comments on commit 25f5ad1

Please sign in to comment.