-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
iam: role arn parsed incorrectly #26175
Comments
This is what the code is doing, which doesn't look like it accounts for roles with the type of name that you have aws-cdk/packages/aws-cdk-lib/aws-iam/lib/role.ts Lines 255 to 263 in dcf5352
Thanks for reporting |
This is actually documented, and we don't think there's a way to fix it so we'll be closing this out. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_iam.Role.html#static-fromwbrrolewbrarnscope-id-rolearn-options |
|
Describe the bug
I am using the following code to grant index read/write from an imported role to an imported domain.
The role that I am using follows the structure:
arn:aws:iam::<account>:role/<project-name>/<role-name>
When I use the following piece of CDK code, it fails saying it cannot find the role called
<project-name>
.It seems like it's incorrectly parsing out the role for this policy.
Example of the Typescript CDK code:
Example of the synthesized CloudFormation:
Expected Behavior
It should grant access correctly for the role to access this domain and be granting access to the full role ARN.
Current Behavior
However, due to some behind-the-scenes logic it splits the ARN incorrectly.
Reproduction Steps
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.83.1 (build 006b542)
Framework Version
No response
Node.js Version
v18.0.0
OS
MacOS 13.4 Ventura
Language
Typescript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: