Skip to content

Commit

Permalink
fix: The provided credentials do not have permission to create the se…
Browse files Browse the repository at this point in the history 
…rvice-linked role for EC2 Spot Instances (#183)

Fixes #182
  • Loading branch information
@kichik
kichik committed Dec 9, 2022
1 parent 3441881 commit 9f3c537
Show file tree
Hide file tree
Showing 5 changed files with 33 additions and 3 deletions.
10 changes: 10 additions & 0 deletions src/providers/ec2.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -383,6 +383,16 @@ export class Ec2Runner extends BaseProvider implements IRunnerProvider {
resource: '*',
})],
}));

stateMachineRole.grantPrincipal.addToPrincipalPolicy(new iam.PolicyStatement({
actions: ['iam:CreateServiceLinkedRole'],
resources: ['*'],
conditions: {
StringEquals: {
'iam:AWSServiceName': 'spot.amazonaws.com',
},
},
}));
}

status(statusFunctionRole: iam.IGrantable): IRunnerProviderStatus {
Expand Down
4 changes: 2 additions & 2 deletions test/default.integ.snapshot/github-runners-test.assets.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,15 +222,15 @@
}
}
},
"cb8b028063cbb5d802bc47dc5ba6314eaf9e718d1c9f0f62decd46320644f7a3": {
"1a0f45935e02a2424625930ad31932af8f58e40cd46546b8f0a367ae34ee2539": {
"source": {
"path": "github-runners-test.template.json",
"packaging": "file"
},
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
"objectKey": "cb8b028063cbb5d802bc47dc5ba6314eaf9e718d1c9f0f62decd46320644f7a3.json",
"objectKey": "1a0f45935e02a2424625930ad31932af8f58e40cd46546b8f0a367ae34ee2539.json",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
Expand Down
10 changes: 10 additions & 0 deletions test/default.integ.snapshot/github-runners-test.template.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11044,6 +11044,16 @@
]
}
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "spot.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
Expand Down
2 changes: 1 addition & 1 deletion test/default.integ.snapshot/manifest.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
"validateOnSynth": false,
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/cb8b028063cbb5d802bc47dc5ba6314eaf9e718d1c9f0f62decd46320644f7a3.json",
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/1a0f45935e02a2424625930ad31932af8f58e40cd46546b8f0a367ae34ee2539.json",
"requiresBootstrapStackVersion": 6,
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
"additionalDependencies": [
Expand Down
10 changes: 10 additions & 0 deletions test/default.integ.snapshot/tree.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14904,6 +14904,16 @@
]
}
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "spot.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
Expand Down

0 comments on commit 9f3c537

Please sign in to comment.