Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[@aws-cdk/pipelines] have ability to use the same IAM role for multiple deploying assets #9066

Closed
2 tasks
seawatts opened this issue Jul 14, 2020 · 4 comments · Fixed by #9243
Closed
2 tasks

[@aws-cdk/pipelines] have ability to use the same IAM role for multiple deploying assets #9066

seawatts opened this issue Jul 14, 2020 · 4 comments · Fixed by #9243
Assignees
@rix0rrr @ericzbeard @njlynch
Labels
@aws-cdk/pipelines CDK Pipelines library feature-request A feature should be added or improved. p1

Comments

@seawatts
Copy link

seawatts commented Jul 14, 2020
edited
Loading

Currently a new role gets created for every asset being uploaded gets it's own Role. This causes a problem when you have a lot of assets being deployed. The template that gets created becomes too large for CF to deploy it correctly.

Use Case

To deploy a larger amount of assets with the new aws-cdk/pipelines

Proposed Solution

Be able to pass in a role, or have the construct reuse the same one under the hood.

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request
@seawatts seawatts added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jul 14, 2020
@SomayaB SomayaB changed the title [aws-cdk/pipelines] have ability to use the same KMS key for multiple deploying assets [@aws-cdk/pipelines] have ability to use the same KMS key for multiple deploying assets Jul 15, 2020
@github-actions github-actions bot added the @aws-cdk/pipelines CDK Pipelines library label Jul 15, 2020
@ericzbeard ericzbeard added p1 and removed needs-triage This issue or PR still needs to be triaged. labels Jul 15, 2020
@nonken
Copy link
Contributor

nonken commented Jul 18, 2020

I am seeing this issue as well with about 35 Lambdas and respective API Gateway routes. Nothing much else.
I am getting a template size of about 800kB.

@ericzbeard ericzbeard removed their assignment Jul 20, 2020
@asterikx asterikx mentioned this issue Jul 20, 2020
Closed
2 tasks
@eladb
Copy link
Contributor

eladb commented Jul 22, 2020

@njlynch can you take a look at this?

@seawatts seawatts changed the title [@aws-cdk/pipelines] have ability to use the same KMS key for multiple deploying assets [@aws-cdk/pipelines] have ability to use the same IAM role for multiple deploying assets Jul 22, 2020
@seawatts
Copy link
Author

I dug a little deeper and it turns out it's not the KMS keys that are taking up too much space it's the Roles that get created for each asset.

@njlynch njlynch mentioned this issue Jul 23, 2020
Closed
@srethira
Copy link

Similar issue that I created today: #9237

njlynch added a commit that referenced this issue Jul 24, 2020
@njlynch
fix(pipelines): Reduce template size by combining IAM roles and policies
4a4b8a7 
This change combines the two roles (and policies) per pipeline asset into a
single role + policy for all assets in a pipeline. In a small pipeline with only
3 assets, this reduced the overall template size by a third.

With a pipeline stack with 30 assets, this change reduces the template size from
363111 bytes to 190223 bytes.

Tested on a cross-account pipeline to verify permissions were retained.

fixes #9066
mitigates #9225
mitigates #9237
@njlynch njlynch mentioned this issue Jul 24, 2020
Merged
@mergify mergify bot closed this as completed in #9243 Jul 28, 2020
mergify bot pushed a commit that referenced this issue Jul 28, 2020
@njlynch
fix(pipelines): Reduce template size by combining IAM roles and polic…
1ac6863 
…ies (#9243)

This change combines the two roles (and policies) per pipeline asset into a
single role + policy for all assets in a pipeline. In a small pipeline with only
3 assets, this reduced the overall template size by a third.

With a pipeline stack with 30 assets, this change reduces the template size from
363111 bytes to 190223 bytes.

Tested on a cross-account pipeline to verify permissions were retained.

fixes #9066
mitigates #9225
mitigates #9237


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@njlynch njlynch mentioned this issue Jul 28, 2020
Closed
curtiseppel pushed a commit to curtiseppel/aws-cdk that referenced this issue Aug 11, 2020
@njlynch
fix(pipelines): Reduce template size by combining IAM roles and polic…
160be95 
…ies (aws#9243)

This change combines the two roles (and policies) per pipeline asset into a
single role + policy for all assets in a pipeline. In a small pipeline with only
3 assets, this reduced the overall template size by a third.

With a pipeline stack with 30 assets, this change reduces the template size from
363111 bytes to 190223 bytes.

Tested on a cross-account pipeline to verify permissions were retained.

fixes aws#9066
mitigates aws#9225
mitigates aws#9237


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rix0rrr rix0rrr

@ericzbeard ericzbeard

@njlynch njlynch

Labels
@aws-cdk/pipelines CDK Pipelines library feature-request A feature should be added or improved. p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(pipelines): Reduce template size by combining IAM roles and policies aws/aws-cdk
7 participants
@nonken @rix0rrr @eladb @ericzbeard @njlynch @seawatts @srethira