CLI: option to use deploy role role+CFN execution role for hotswap #32302
Labels
cli
Issues related to the CDK CLI
effort/small
Small work item – less than a day of effort
feature-request
A feature should be added or improved.
p2
package/tools
Related to AWS CDK Tools or CLI
Comments
rix0rrr
added
feature-request
rix0rrr
changed the title
rix0rrr
changed the title
rix0rrr
changed the title
|
Feature request opened by CDK team. |
ashishdhingra
added
p2
effort/small
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature
Right now, hotswap will always use CLI credentials.
It would seem to make more sense to use the deploy role instead. Nominally, it should already have all the permissions necessary to make any CFN deployment, and hotswap is just doing the same as CFN deployments would do, but faster.
Use Case
Consistent permissions behavior between regular deployment and hotswap.
Complications
This effectively requires a developer workstation to be able to assume the CFN execution role: requires changing its trust policy, and effectively gives them unaudited Admin access.
Is that worth it? If you want that, you might as well give them Admin access directly.
It might not be worth it.
The text was updated successfully, but these errors were encountered: