Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IAM/Secrets Manager/ECS: Consolidate IAM policies under path #18458

Closed
2 tasks
automartin5000 opened this issue Jan 16, 2022 · 2 comments
Closed
2 tasks

IAM/Secrets Manager/ECS: Consolidate IAM policies under path #18458

automartin5000 opened this issue Jan 16, 2022 · 2 comments
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@automartin5000
Copy link

Description

Best practice of Secrets Manager recommends the use of using an env/ path pattern for secrets naming. CDK should detect the use of this pattern and consolidate IAM policies under env/*, especially when using the aws_ecs.secret construct.

Use Case

Simplify IAM policies, but also to solve this bug: #18457

Proposed Solution

Switch from inline policies to managed policies: #7448

Other information

No response

Acknowledge

  • I may be able to implement this feature request
  • This feature might incur a breaking change
@automartin5000 automartin5000 added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jan 16, 2022
@github-actions github-actions bot added the @aws-cdk/aws-iam Related to AWS Identity and Access Management label Jan 16, 2022
@automartin5000 automartin5000 mentioned this issue Jan 16, 2022
Closed
@rix0rrr
Copy link
Contributor

rix0rrr commented Feb 8, 2022

We will consider it, but this might be hard to implement in practice: to control the prefix of a secret name, we have to eject from CloudFormation automatic naming and control the whole secret name (which in turn brings other downsides).

@rix0rrr rix0rrr added effort/medium Medium work item – several days of effort p2 and removed needs-triage This issue or PR still needs to be triaged. labels Feb 8, 2022
@rix0rrr rix0rrr removed their assignment Feb 8, 2022
@NGL321 NGL321 mentioned this issue Mar 8, 2022
Closed
@github-actions
Copy link

This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels May 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rix0rrr @automartin5000