Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

aws_iam.Policy: Confusing parameter description in the Policy construct #29398

Closed
abdulkadirdere opened this issue Mar 7, 2024 · 2 comments · Fixed by #29416
Closed

aws_iam.Policy: Confusing parameter description in the Policy construct #29398

abdulkadirdere opened this issue Mar 7, 2024 · 2 comments · Fixed by #29416
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. documentation This is a problem with documentation. feature-request A feature should be added or improved. p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@abdulkadirdere
Copy link

Describe the issue

The force parameter from the Policy construct still requires the policy to be attached to a role, user, or group. However, documentation can be interpreted as a force parameter that will force CDK to create the policy without attaching the policy.
I believe docs should also indicate that the Policy construct is in-line policy and should refer to to ManagedPolicy for customer-managed policies.

Links

Policy
@abdulkadirdere abdulkadirdere added documentation This is a problem with documentation. needs-triage This issue or PR still needs to be triaged. labels Mar 7, 2024
@github-actions github-actions bot added the @aws-cdk/aws-iam Related to AWS Identity and Access Management label Mar 7, 2024
@abdulkadirdere abdulkadirdere changed the title (module name): (short issue description) aws_iam.Policy: Confusing parameter description in the Policy construct Mar 7, 2024
@pahud
Copy link
Contributor

pahud commented Mar 7, 2024

Hi

We would love to move this forward if you could submit a PR for us.

I guess this is the document we can improve.

aws-cdk/packages/aws-cdk-lib/aws-iam/lib/policy.ts

Lines 72 to 86 in f0383d6

/**
* Force creation of an `AWS::IAM::Policy`
*
* Unless set to `true`, this `Policy` construct will not materialize to an
* `AWS::IAM::Policy` CloudFormation resource in case it would have no effect
* (for example, if it remains unattached to an IAM identity or if it has no
* statements). This is generally desired behavior, since it prevents
* creating invalid--and hence undeployable--CloudFormation templates.
*
* In cases where you know the policy must be created and it is actually
* an error if no statements have been added to it, you can set this to `true`.
*
* @default false
*/
readonly force?: boolean;

@pahud pahud added p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels Mar 7, 2024
@msambol msambol mentioned this issue Mar 9, 2024
Merged
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 9, 2024

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Mar 9, 2024
@tim-finnigan tim-finnigan added the feature-request A feature should be added or improved. label Mar 14, 2024
@github-actions github-actions bot added closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Mar 14, 2024
mergify bot pushed a commit that referenced this issue Mar 15, 2024
@msambol
chore(iam): clarify policy docs (#29416)
bbc624c 
Closes #29398. 

@abdulkadirdere – Let me know if this clarifies things.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions github-actions bot mentioned this issue Apr 1, 2024
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-iam Related to AWS Identity and Access Management closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. documentation This is a problem with documentation. feature-request A feature should be added or improved. p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(iam): clarify policy docs msambol/aws-cdk
3 participants
@pahud @abdulkadirdere @tim-finnigan