PreheatJob: fix function lookups and iam function permission #645
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a π bug fix.
This is a πββοΈ feature or enhancement.
This is a π§ documentation change.
bundle exec rspec
to verify this)Summary
Fixes #440
Vaguely, kinda, sorta, somewhat remember this from years ago. It's was a bit tricky to implement as using
Ref
,GetAtt
, orSub
to refer to a Lambda Function logical id within an inline IAM policy document results in CloudFormation complaining about a Circular Dependency. To get around this, need to create 2 separate CloudFormation resources: IAM::Role and a separate IAM::Policy. Itβs interesting (annoying).Also, notes:
iam_policies
in their code.How to Test
Deploy an app with a name with a long enough name. IE:
Deploy it:
Confirm that really long function names that get cut off and managed by CloudFormation still produce an IAM policy that works.
Screenshots:
Version Changes
Major - due to need of blue/green deployments