feat(aws-iam): add aws iam instance profile: fixes #1223 #1224
Conversation
| /** | ||
| * The role's Name | ||
| */ | ||
| roleName: string; |
There was a problem hiding this comment.
I am not sure that making both ARN and name required is the best developer experience. In many cases one can be deduced from the other. See example in ECR, where both are actually optional and one is deduced from the other in certain cases.
Not 100% sure that's the ideal situation, but I wouldn't want to require both if they can be deduced.
There was a problem hiding this comment.
Sounds good. I will take a look.
| this.roleArn = ArnUtils.fromComponents({ | ||
| service: 'iam', | ||
| resource: 'role' | ||
| }); |
| if (unresolved(this.roleArn)) { | ||
| throw new Error('roleArn is a late-bound value, and therefore roleName is required'); | ||
| } | ||
| this.roleName = this.roleArn.split('/').slice(1).join('/'); |
There was a problem hiding this comment.
@eladb
this.roleName is required (which I am pretty sure is correct), but its optional on ArnComponents, so I am getting the typescript error 'type string | undefined is not assignable...'. Thats why I used the split/slice/join. So, I am not sure what I should do here if the name is not supplied. undefined seems wrong, '' seems wrong, and making up a name seems wrong. I am probably missing something small, here.
There was a problem hiding this comment.
nevermind, I think I figured it out.
|
|
||
| /** | ||
| * Test Cases: | ||
| * parameters: role |
There was a problem hiding this comment.
I don't think this is necessary, and will likely become stale very quickly
There was a problem hiding this comment.
this was my 'punch list', I will remove.
| @@ -559,6 +559,7 @@ export class Table extends Construct { | |||
| private makeScalingRole(): iam.IRole { | |||
| // Use a Service Linked Role. | |||
| return iam.Role.import(this, 'ScalingRole', { | |||
| roleName: "DynamoDbAutoScalingRole", | |||
| @@ -227,6 +227,7 @@ export abstract class BaseService extends cdk.Construct | |||
| private makeAutoScalingRole(): iam.IRole { | |||
| // Use a Service Linked Role. | |||
| return iam.Role.import(this, 'ScalingRole', { | |||
| roleName: 'ECSServiceAutoScalingRole', | |||
| * @link http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html#Identifiers_FriendlyNames | ||
| * @default / By default, AWS CloudFormation specifies '/' for the path. | ||
| */ | ||
| path: string; |
| import { InstanceProfileRef } from './instance-profile-ref'; | ||
| import { PolicyStatement, ServicePrincipal } from './policy-document'; | ||
| import { IRole, Role } from './role'; | ||
| export interface InstanceProfileProps { |
| /** | ||
| * Path for the Instance Profile | ||
| * @link http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html#Identifiers_FriendlyNames | ||
| * @default / If a path is not provided, CloudFormation defaults the path to '/'. |
There was a problem hiding this comment.
is it cfn that provides the default?
| }, | ||
| 'import/export': { | ||
|
|
||
| 'import with name'(test: Test) { |
There was a problem hiding this comment.
This is actually "import with an exported role"
|
|
||
| test.done(); | ||
| }, | ||
|
|
There was a problem hiding this comment.
missing some cases here:
- import with ARN token (failure)
- import with name string (success)
- import with name token (success)
- import with ARN + name
- import without ARN+name (failure)
|
This PR needs some additional work and a merge from |
rix0rrr
added
the
response-requested
|
@cmaurer closing for now. feel free to reopen when/if you wish to continue this work. |
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.