Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(custom-resources): not work fromSdkCalls using sdk v3 format #27268

Closed
wants to merge 5 commits into from
Closed

fix(custom-resources): not work fromSdkCalls using sdk v3 format #27268

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
7218678
fix(custom-resources): not work fromSdkCalls using sdk v3
WinterYukky Sep 25, 2023
012ec6b
chore: fix test name
WinterYukky Sep 25, 2023
a95e7fa
chore: use path.resolve
WinterYukky Sep 25, 2023
36949b7
test(custom-resources): update integ test for aws sdk v3
WinterYukky Sep 25, 2023
22a2bbc
Merge branch 'aws:main' into fix/custom-resources/not-work-fromSdkCal…
WinterYukky Sep 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 17 additions & 2 deletions packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -487,8 +487,10 @@ export class AwsCustomResource extends Construct implements iam.IGrantable {
// Derive statements from AWS SDK calls
for (const call of [props.onCreate, props.onUpdate, props.onDelete]) {
if (call && call.assumedRoleArn == null) {
const action = call.service.startsWith('@aws-sdk/client-') ? awsSdkV3ToIamAction(call.service, call.action)
: awsSdkV2ToIamAction(call.service, call.action);
const statement = new iam.PolicyStatement({
actions: [awsSdkToIamAction(call.service, call.action)],
actions: [action],
resources: props.policy.resources,
});
statements.push(statement);
Expand Down Expand Up @@ -603,10 +605,23 @@ function includesPhysicalResourceIdRef(obj: any | undefined) {
*
* TODO: is this mapping correct for all services?
*/
function awsSdkToIamAction(service: string, action: string): string {
function awsSdkV2ToIamAction(service: string, action: string): string {
const srv = service.toLowerCase();
const awsSdkMetadata = getAwsSdkMetadata();
const iamService = (awsSdkMetadata[srv] && awsSdkMetadata[srv].prefix) || srv;
const iamAction = action.charAt(0).toUpperCase() + action.slice(1);
return `${iamService}:${iamAction}`;
}

/**
* Transform SDK V3 packageName/command to IAM action using metadata from @aws-sdk/client module.
* Example: @aws-sdk/client-cloudwatch-logs with PutRetentionPolicyCommand => logs:PutRetentionPolicy
*
* TODO: is this mapping correct for all services?
*/
function awsSdkV3ToIamAction(packageName: string, command: string): string {
const awsSdkMetadata = getAwsSdkMetadata();
const iamService = (awsSdkMetadata[packageName] && awsSdkMetadata[packageName].prefix) || packageName.split('@aws-sdk/client-')[1];
const iamAction = command.split('Command')[0];
return `${iamService}:${iamAction}`;
}
Loading
Loading