Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[appmesh] Add IAM Grants to Resources #11639

Closed
2 tasks
dfezzie opened this issue Nov 23, 2020 · 1 comment · Fixed by #13596
Closed
2 tasks

[appmesh] Add IAM Grants to Resources #11639

dfezzie opened this issue Nov 23, 2020 · 1 comment · Fixed by #13596
Assignees
@skinny85
Labels
@aws-cdk/aws-appmesh Related to AWS App Mesh effort/large Large work item – several weeks of effort feature-request A feature should be added or improved. p2
Milestone
[GA] AppMesh

Comments

@dfezzie
Copy link
Contributor

dfezzie commented Nov 23, 2020

Per the CDK Design Guidelines App Mesh should have grants on a per resource basis.

Use Case

Granting permissions to other services to call App Mesh is an important part of stabilizing the App Mesh L2 APIs

Proposed Solution

For each resource, we should implement a grant for Describe, Delete, Update, TagResource, and UntagResource. There should also be high level ListAll and DescribeAll permissions as described in the CDK Design Guidelines.

For Virtual Nodes and Virtual Gateways, we should implement a grant for StreamAggregatedResources

Other

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request
@dfezzie dfezzie added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Nov 23, 2020
@github-actions github-actions bot added the @aws-cdk/aws-appmesh Related to AWS App Mesh label Nov 23, 2020
@dfezzie dfezzie mentioned this issue Nov 23, 2020
Open
9 tasks
@skinny85 skinny85 added this to the [DevPreview] AppMesh milestone Dec 1, 2020
@skinny85 skinny85 added effort/large Large work item – several weeks of effort p2 and removed needs-triage This issue or PR still needs to be triaged. labels Dec 5, 2020
@alexbrjo alexbrjo mentioned this issue Mar 15, 2021
Merged
@mergify mergify bot closed this as completed in #13596 May 20, 2021
mergify bot pushed a commit that referenced this issue May 20, 2021
@alexbrjo
feat(appmesh): add IAM grants for StreamAggregatedResources (#13596)
f4a2938 
This adds the IAM grant `grantStreamAggregatedResources` to VirtualNodes and VirtualGateways. Example below

```ts
const gateway = new appmesh.VirtualGateway(stack, 'testGateway', { mesh: mesh });
const envoyUser = new iam.User(stack, 'envoyUser');

/**
 * This will grant `grantStreamAggregatedResources` ONLY for this gateway.
 */
gateway.grantStreamAggregatedResources(envoyUser)
``` 

resolves #11639


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

hollanddd pushed a commit to hollanddd/aws-cdk that referenced this issue Aug 26, 2021
@alexbrjo @hollanddd
feat(appmesh): add IAM grants for StreamAggregatedResources (aws#13596)
5d23b17 
This adds the IAM grant `grantStreamAggregatedResources` to VirtualNodes and VirtualGateways. Example below

```ts
const gateway = new appmesh.VirtualGateway(stack, 'testGateway', { mesh: mesh });
const envoyUser = new iam.User(stack, 'envoyUser');

/**
 * This will grant `grantStreamAggregatedResources` ONLY for this gateway.
 */
gateway.grantStreamAggregatedResources(envoyUser)
``` 

resolves aws#11639


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skinny85 skinny85

Labels
@aws-cdk/aws-appmesh Related to AWS App Mesh effort/large Large work item – several weeks of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
[GA] AppMesh
Development

Successfully merging a pull request may close this issue.

feat(appmesh): add IAM grants for StreamAggregatedResources alexbrjo/aws-cdk
2 participants
@skinny85 @dfezzie