Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_iam.Policy: Confusing parameter description in the Policy construct #29398

Closed
abdulkadirdere opened this issue Mar 7, 2024 · 2 comments · Fixed by #29416
Closed

aws_iam.Policy: Confusing parameter description in the Policy construct #29398

abdulkadirdere opened this issue Mar 7, 2024 · 2 comments · Fixed by #29416
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. documentation This is a problem with documentation. feature-request A feature should be added or improved. p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@abdulkadirdere
Copy link

Describe the issue

The force parameter from the Policy construct still requires the policy to be attached to a role, user, or group. However, documentation can be interpreted as a force parameter that will force CDK to create the policy without attaching the policy.
I believe docs should also indicate that the Policy construct is in-line policy and should refer to to ManagedPolicy for customer-managed policies.

Links

Policy
@abdulkadirdere abdulkadirdere added documentation This is a problem with documentation. needs-triage This issue or PR still needs to be triaged. labels Mar 7, 2024
@github-actions github-actions bot added the @aws-cdk/aws-iam Related to AWS Identity and Access Management label Mar 7, 2024
@abdulkadirdere abdulkadirdere changed the title (module name): (short issue description) aws_iam.Policy: Confusing parameter description in the Policy construct Mar 7, 2024
@pahud
Copy link
Contributor

pahud commented Mar 7, 2024

Hi

We would love to move this forward if you could submit a PR for us.

I guess this is the document we can improve.

aws-cdk/packages/aws-cdk-lib/aws-iam/lib/policy.ts

Lines 72 to 86 in f0383d6

/**
* Force creation of an `AWS::IAM::Policy`
*
* Unless set to `true`, this `Policy` construct will not materialize to an
* `AWS::IAM::Policy` CloudFormation resource in case it would have no effect
* (for example, if it remains unattached to an IAM identity or if it has no
* statements). This is generally desired behavior, since it prevents
* creating invalid--and hence undeployable--CloudFormation templates.
*
* In cases where you know the policy must be created and it is actually
* an error if no statements have been added to it, you can set this to `true`.
*
* @default false
*/
readonly force?: boolean;

@pahud pahud added p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels Mar 7, 2024
@msambol msambol mentioned this issue Mar 9, 2024
Merged
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 9, 2024

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Mar 9, 2024
@tim-finnigan tim-finnigan added the feature-request A feature should be added or improved. label Mar 14, 2024
@github-actions github-actions bot added closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Mar 14, 2024
mergify bot pushed a commit that referenced this issue Mar 15, 2024
@msambol
chore(iam): clarify policy docs (#29416)
bbc624c 
Closes #29398. 

@abdulkadirdere – Let me know if this clarifies things.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions github-actions bot mentioned this issue Apr 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. documentation This is a problem with documentation. feature-request A feature should be added or improved. p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(iam): clarify policy docs msambol/aws-cdk
3 participants
@pahud @abdulkadirdere @tim-finnigan