DataAllCustomPolicy is removed from the cdk-hnb659fds-cfn-exec-role after installing the latest version of cdkExecPolicy #1203
Comments
|
I faced this too while creating a new environment in the OS deployed code |
|
Hi @TejasRGitHub and @anushka-singh. Because of feature #1064, I updated the policy For new environments, the bootstraping changes a bit. As it appears in the UI command the name of the policy is no longer For existing environments, they can continue using the CDKToolkit as they were using it. If there is a need to update the custom policy (e.g. we add new permissions), then they should update the policy in CloudFormation and then run the cdk bootstrap command again with the new |
### Feature or Bugfix Documentation ### Detail Explaining some changes for multiple environments in same account ### Relates #1203 ### Security Please answer the questions below briefly where applicable, or write `N/A`. Based on [OWASP 10](https://owasp.org/Top10/en/). - Does this PR introduce or modify any input fields or queries - this includes fetching data from storage outside the application (e.g. a database, an S3 bucket)? - Is the input sanitized? - What precautions are you taking before deserializing the data you consume? - Is injection prevented by parametrizing queries? - Have you ensured no `eval` or similar functions are used? - Does this PR introduce any functionality or component that requires authorization? - How have you ensured it respects the existing AuthN/AuthZ mechanisms? - Are you logging failed auth attempts? - Are you using or adding any cryptographic features? - Do you use a standard proven implementations? - Are the used keys controlled by the customer? Where are they stored? - Are you introducing any new policies/roles/users? - Have you used the least-privilege principle? How? By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
|
Hi @dlpzx , Thanks for clearing this up. I was able to upgrade to the new policy. |
Describe the bug
After installing / updating the existing cdkExecPolicy.yaml on CF . The new DataAllCustomPolicy is created by appending the region.
This though removes the attached policy on the cdk-hnb659fds-cfn-exec-role.
How to Reproduce
Update the stack used to create the DataAllCustomPolicy.
Check if the cdk-hnb659fds-cfn-exec-role now doesn't have the policy attached
Expected behavior
No response
Your project
No response
Screenshots
No response
OS
Mac
Python version
3.9
AWS data.all version
2.4
Additional context
No response
The text was updated successfully, but these errors were encountered: