Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(appconfig): add grantReadConfig method to Environment Construct #30180

Merged
merged 8 commits into from
May 29, 2024
Merged

feat(appconfig): add grantReadConfig method to Environment Construct #30180

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
5a0fdd0
feat: add grantReadConfig method
mazyu36 May 13, 2024
2584627
Merge branch 'main' into appcpnfig-grant-read-28585
mazyu36 May 13, 2024
12e900a
fix: update README
mazyu36 May 13, 2024
990adb8
fix: remove TODO
mazyu36 May 14, 2024
490b730
fix: document
mazyu36 May 15, 2024
4e9322a
Update packages/aws-cdk-lib/aws-appconfig/lib/environment.ts
mazyu36 May 28, 2024
1e2ae69
fix: permission changed
mazyu36 May 28, 2024
0d2dbfc
Merge branch 'main' into appcpnfig-grant-read-28585
mergify[bot] May 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions packages/aws-cdk-lib/aws-appconfig/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,11 +78,11 @@ new appconfig.Environment(this, 'MyEnvironment', {
Environment monitors also support L1 `CfnEnvironment.MonitorsProperty` constructs through the `fromCfnMonitorsProperty` method.
However, this is not the recommended approach for CloudWatch alarms because a role will not be auto-generated if not provided.

See [About the AWS AppConfig data plane service](https://docs.aws.amazon.com/appconfig/latest/userguide/about-data-plane.html) more information.
See [About the AWS AppConfig data plane service](https://docs.aws.amazon.com/appconfig/latest/userguide/about-data-plane.html) for more information.

### Permissions

You can grant read configuration permission on an Environment to any Principal as follows:
You can grant permissions to read a configuration to an Environment with the grantReadConfig method as follows:
```ts
import * as iam from 'aws-cdk-lib/aws-iam';

Expand Down
12 changes: 7 additions & 5 deletions packages/aws-cdk-lib/aws-appconfig/lib/environment.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -561,15 +561,17 @@ export interface IEnvironment extends IResource {
addExtension(extension: IExtension): void;

/**
* Grant the given identity the specified actions
* @param grantee the identity to be granted the actions
* @param actions the data-access actions
* Adds an IAM policy statement associated with this environment to an IAM principal's policy.
*
* @param grantee the principal (no-op if undefined)
* @param actions the set of actions to allow (i.e., 'appconfig:GetLatestConfiguration', 'appconfig:StartConfigurationSession', etc.)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the comma after i.e. can be removed, right? 🤔

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@daschaa
I'm adding a comma (,) to align with the descriptions for DynamoDB.

aws-cdk/packages/aws-cdk-lib/aws-dynamodb/lib/table-v2-base.ts

Line 69 in 4b6dc8c

* @param actions the set of actions to allow (i.e., 'dynamodb:PutItem', 'dynamodb:GetItem', etc.)

*/
grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant;

/**
* Grants read configuration permissions for this environment
* to an IAM principal (Role/Group/User).
* Permits an IAM principal a configuration read operations on this environment.
mazyu36 marked this conversation as resolved.
Show resolved Hide resolved
*
* Actions: GetLatestConfiguration, StartConfigurationSession.
*
* @param grantee Principal to grant read rights to
*/
Expand Down