New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(iam): Role policies cannot grow beyond 10k #20400
Merged
Merged
Commits on May 18, 2022
-
fix(iam): Role policies cannot grow beyond 10k
We add all Role policy statements to the Inline policy, which has a maximums size of 10k. Especially when creating CDK Pipelines that deploy to a lot of environments, the list of Role ARNs the Pipeline should be allowed to assume exceeds this size. Roles also have the ability to have Managed Policies attached (10 by default, 20 with a quota increase), each of them can be 6k in size. By spilling over from inline policies into Managed Policies we can get a total of 70k of statements attached to reach Role. This PR introduces `IComparablePrincipal` to be able to value-compare two principals: since we want to merge first before we split (to get the most bang for our buck), we now need to do statement merging during the prepare phase, while we are still working on the object graph (instead of the rendered CloudFormation template). * That means statement merging had to be modified to work on PolicyStatement objects, which requires being able to compare Principal objects. Closes #19276, closes #19939, closes #19835.
Configuration menu - View commit details
-
Copy full SHA for b6dcca2 - Browse repository at this point
Copy the full SHA b6dcca2View commit details -
Configuration menu - View commit details
-
Copy full SHA for 7520981 - Browse repository at this point
Copy the full SHA 7520981View commit details -
Configuration menu - View commit details
-
Copy full SHA for 072f38d - Browse repository at this point
Copy the full SHA 072f38dView commit details
Commits on May 19, 2022
-
Configuration menu - View commit details
-
Copy full SHA for 70ebd0f - Browse repository at this point
Copy the full SHA 70ebd0fView commit details -
Configuration menu - View commit details
-
Copy full SHA for 6d5ab59 - Browse repository at this point
Copy the full SHA 6d5ab59View commit details -
Configuration menu - View commit details
-
Copy full SHA for f7c9952 - Browse repository at this point
Copy the full SHA f7c9952View commit details -
Configuration menu - View commit details
-
Copy full SHA for b07c311 - Browse repository at this point
Copy the full SHA b07c311View commit details
Commits on May 20, 2022
-
Configuration menu - View commit details
-
Copy full SHA for 1d6f4a3 - Browse repository at this point
Copy the full SHA 1d6f4a3View commit details
Commits on May 23, 2022
-
Configuration menu - View commit details
-
Copy full SHA for 0b5d853 - Browse repository at this point
Copy the full SHA 0b5d853View commit details
Commits on May 25, 2022
-
Configuration menu - View commit details
-
Copy full SHA for 2ec115b - Browse repository at this point
Copy the full SHA 2ec115bView commit details
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.