-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
stepfunctions-tasks: mediapackagevod service generates wrong action in role policy #28774
Labels
@aws-cdk/aws-iam
Related to AWS Identity and Access Management
@aws-cdk/aws-stepfunctions-tasks
bug
This issue is a bug.
effort/medium
Medium work item – several days of effort
p2
Comments
orekav
added
bug
This issue is a bug.
needs-triage
This issue or PR still needs to be triaged.
labels
Jan 19, 2024
github-actions
bot
added
the
@aws-cdk/aws-iam
Related to AWS Identity and Access Management
label
Jan 19, 2024
orekav
changed the title
(module name): (short issue description)
stepfunctions-tasks: mediapackagevod service generates wrong action in role policy
Jan 19, 2024
Thank you for the report and pull request. |
pahud
added
p2
effort/medium
Medium work item – several days of effort
and removed
needs-triage
This issue or PR still needs to be triaged.
labels
Jan 19, 2024
mergify bot
pushed a commit
that referenced
this issue
Jan 31, 2024
…ion in role policy (#28775) When we use CallAwsService for Step Functions task, CDK generates IAM policy to grant permission regarding the API call. However, if we specify `mediapackagevod` as service in CallAwsService, CDK generates wrong policy statement such as `mediapackagevod:deleteAsset`. Correct service prefix for MediaPackageVOD is `mediapackage-vod`. https://docs.aws.amazon.com/service-authorization/latest/reference/list_awselementalmediapackagevod.html > Amazon MediaPackageVOD (service prefix: mediapackage-vod) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies. This PR solves the issue by adding mediapackagevod into iamServiceMap. This is similar with #27623 and #28082. Closes #28774. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
SankyRed
pushed a commit
that referenced
this issue
Feb 8, 2024
…ion in role policy (#28775) When we use CallAwsService for Step Functions task, CDK generates IAM policy to grant permission regarding the API call. However, if we specify `mediapackagevod` as service in CallAwsService, CDK generates wrong policy statement such as `mediapackagevod:deleteAsset`. Correct service prefix for MediaPackageVOD is `mediapackage-vod`. https://docs.aws.amazon.com/service-authorization/latest/reference/list_awselementalmediapackagevod.html > Amazon MediaPackageVOD (service prefix: mediapackage-vod) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies. This PR solves the issue by adding mediapackagevod into iamServiceMap. This is similar with #27623 and #28082. Closes #28774. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
@aws-cdk/aws-iam
Related to AWS Identity and Access Management
@aws-cdk/aws-stepfunctions-tasks
bug
This issue is a bug.
effort/medium
Medium work item – several days of effort
p2
Describe the bug
Following code is properly creates a step in Step Functions
However, it creates wrong statement in the role policy.
Correct service prefix for
MediaPackageVoD
ismediapackage-vod
.https://docs.aws.amazon.com/service-authorization/latest/reference/list_awselementalmediapackagevod.html
This issue is similar with #27573 and #28081.
Expected Behavior
Action should be mediapackage-vod:deleteAsset
Current Behavior
Action is mediapackagevod:deleteAsset
Reproduction Steps
Sample code for reproduction is below:
Possible Solution
aws-cdk/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/aws-sdk/call-aws-service.ts
Additional Information/Context
No response
CDK CLI Version
2.122.0
Framework Version
No response
Node.js Version
v18.19.0
OS
MacOS
Language
TypeScript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: