This repository has been archived by the owner on Nov 23, 2023. It is now read-only.

Move bespoke roles granting S3 permission (to third party) out of the stack #2354

Open

Jimlinz opened this issue Nov 24, 2022 · 1 comment

Labels

Contributor

Jimlinz commented Nov 24, 2022

Geostore has some bespoke roles granting s3 permission to external accounts (i.e. koordinates lds, opentopo). For example:

infrastructure/constructs/opentopo.py
infrastructure/constructs/lds.py

As best practice, we should probably separate these out from the stack. This can become unmanageable if it grows.

A suggestion is to include this in cdk runtime context (i.e. cdk.json)

The project file cdk.context.json is where the AWS CDK caches context values retrieved from your AWS account. This practice avoids unexpected changes to your deployments when, for example, a new Availability Zone is introduced. The AWS CDK does not write context data to any of the other files listed.

Should investigate if putting this in cdk.json will work (i.e. provide us with what we need).

The text was updated successfully, but these errors were encountered:

Jimlinz added the enabler story label

Contributor Author

Jimlinz commented Nov 24, 2022

Putting these values in parameter store could also be an option
https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.