From 77eccf478ddc3b35cbba63e780fb2695b050cc08 Mon Sep 17 00:00:00 2001 From: Janice Date: Wed, 24 Aug 2022 12:08:07 -0700 Subject: [PATCH 1/2] fix: add permission to envmanagerrole --- internal/pkg/deploy/env.go | 2 +- .../templates/environment/partials/environment-manager-role.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/internal/pkg/deploy/env.go b/internal/pkg/deploy/env.go index dd3e2fda9dc..d6ab1ff2e7f 100644 --- a/internal/pkg/deploy/env.go +++ b/internal/pkg/deploy/env.go @@ -14,7 +14,7 @@ const ( // LegacyEnvTemplateVersion is the version associated with the environment template before we started versioning. LegacyEnvTemplateVersion = "v0.0.0" // LatestEnvTemplateVersion is the latest version number available for environment templates. - LatestEnvTemplateVersion = "v1.12.1" + LatestEnvTemplateVersion = "v1.12.2" ) // CreateEnvironmentInput holds the fields required to deploy an environment. diff --git a/internal/pkg/template/templates/environment/partials/environment-manager-role.yml b/internal/pkg/template/templates/environment/partials/environment-manager-role.yml index 4c0e036b972..5ddfc5f035a 100644 --- a/internal/pkg/template/templates/environment/partials/environment-manager-role.yml +++ b/internal/pkg/template/templates/environment/partials/environment-manager-role.yml @@ -95,6 +95,7 @@ EnvironmentManagerRole: Effect: Allow Action: - "states:StartExecution" + - "states:DescribeStateMachine" Resource: - !Sub "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${AppName}-${EnvironmentName}-*" - Sid: CloudFormation From b04bf934edc45a107062d24a6f473b73273f72fa Mon Sep 17 00:00:00 2001 From: Janice Date: Wed, 24 Aug 2022 12:44:53 -0700 Subject: [PATCH 2/2] chore: update integ tests --- .../stack/testdata/environments/template-with-basic-manifest.yml | 1 + .../environments/template-with-custom-empty-security-group.yml | 1 + .../environments/template-with-custom-security-group.yml | 1 + .../environments/template-with-default-access-log-config.yml | 1 + .../environments/template-with-imported-certs-observability.yml | 1 + 5 files changed, 5 insertions(+) diff --git a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-basic-manifest.yml b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-basic-manifest.yml index d67c4395665..4c213932b0e 100644 --- a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-basic-manifest.yml +++ b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-basic-manifest.yml @@ -175,6 +175,7 @@ Resources: Effect: Allow Action: - "states:StartExecution" + - "states:DescribeStateMachine" Resource: - !Sub "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${AppName}-${EnvironmentName}-*" - Sid: CloudFormation diff --git a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-custom-empty-security-group.yml b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-custom-empty-security-group.yml index 67321d8e868..4c7fc5e7a93 100644 --- a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-custom-empty-security-group.yml +++ b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-custom-empty-security-group.yml @@ -677,6 +677,7 @@ Resources: Effect: Allow Action: - "states:StartExecution" + - "states:DescribeStateMachine" Resource: - !Sub "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${AppName}-${EnvironmentName}-*" - Sid: CloudFormation diff --git a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-custom-security-group.yml b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-custom-security-group.yml index 66c08704248..21c1636e083 100644 --- a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-custom-security-group.yml +++ b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-custom-security-group.yml @@ -702,6 +702,7 @@ Resources: Effect: Allow Action: - "states:StartExecution" + - "states:DescribeStateMachine" Resource: - !Sub "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${AppName}-${EnvironmentName}-*" - Sid: CloudFormation diff --git a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-default-access-log-config.yml b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-default-access-log-config.yml index 0881f8432cb..ea9083a87b6 100644 --- a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-default-access-log-config.yml +++ b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-default-access-log-config.yml @@ -232,6 +232,7 @@ Resources: Effect: Allow Action: - "states:StartExecution" + - "states:DescribeStateMachine" Resource: - !Sub "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${AppName}-${EnvironmentName}-*" - Sid: CloudFormation diff --git a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-imported-certs-observability.yml b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-imported-certs-observability.yml index ccab7aa2d57..519a0b60d54 100644 --- a/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-imported-certs-observability.yml +++ b/internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-imported-certs-observability.yml @@ -783,6 +783,7 @@ Resources: Effect: Allow Action: - "states:StartExecution" + - "states:DescribeStateMachine" Resource: - !Sub "arn:${AWS::Partition}:states:${AWS::Region}:${AWS::AccountId}:stateMachine:${AppName}-${EnvironmentName}-*" - Sid: CloudFormation