Fix references to AWS managed policies in SAM templates #6148
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes the initial problem encountered in #6143 which turned out to be a bit of a rabbit hole.
The SAM translator now properly loads a map of all managed policies (Name => ARN) since cloudformation expects full policy ARNs while SAM allows specifying only the policy name. I've introduced a SAM template & a corresponding test to validate this.
@whummer Note this also reverts the changes introduced in cedc908 since they were breaking parity with AWS (e.g. in
iam_client.list_policies
calls that would always returnaws-us-gov
ARNs besides regular ones which broke loading policies via the samtranslator). There were no tests introduced in the linked commit so I'm not sure if this is breaking something. Technically the partition rewriter should take care of this for users inaws-us-gov
anyway.