Socket
Socket
Sign inDemoInstall

@aws-cdk/aws-iam

Package Overview
Dependencies
10
Maintainers
4
Versions
288
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

    @aws-cdk/aws-iam

CDK routines for easily assigning correct and minimal IAM permissions

Version published
Weekly downloads
223K
increased by20.22%
Maintainers
4
Install size
2.28 MB
Created
Weekly downloads
 

Changelog

Source

0.9.0 -- 2018-09-10

The headliners of this release are .NET support, and a wealth of commits by external contributors who are stepping up to fix the CDK for their use cases! Thanks all for the effort put into this release!

Features

  • Add strongly-named .NET targets, and a cdk init template for C# projects ([@mpiroc] in #617, #643).
  • @aws-cdk/aws-autoscaling: Allow attaching additional security groups to Launch Configuration ([@moofish32] in #636).
  • @aws-cdk/aws-autoscaling: Support update and creation policies on AutoScalingGroups ([@rix0rrr] in #595).
  • @aws-cdk/aws-codebuild: Add support for running script from an asset ([@rix0rrr] in #677).
  • @aws-cdk/aws-codebuild: New method addBuildToPipeline on Project ([@skinny85] in 783dcb3).
  • @aws-cdk/aws-codecommit: New method addToPipeline on Repository ([@skinny85] in #616).
  • @aws-cdk/aws-codedeploy: Add initial support for CodeDeploy ([@skinny85] in #593, #641).
  • @aws-cdk/aws-dynamodb: Add support for DynamoDB autoscaling ([@SeekerWing] in #637).
  • @aws-cdk/aws-dynamodb: Add support for DynamoDB streams ([@rhboyd] in #633).
  • @aws-cdk/aws-dynamodb: Add support for server-side encryption ([@jungseoklee] in #684).
  • @aws-cdk/aws-ec2 (BREAKING): SecurityGroup can now be used as a Connectable #582).
  • @aws-cdk/aws-ec2: Add VPC tagging ([@moofish] in #538).
  • @aws-cdk/aws-ec2: Add support for InstanceSize.Nano ([@rix0rrr] in #581)
  • @aws-cdk/aws-lambda: Add support for dead letter queues ([@SeekerWing] in #663).
  • @aws-cdk/aws-lambda: Add support for placing a Lambda in a VPC ([@rix0rrr] in #598).
  • @aws-cdk/aws-logs: Add extractMetric() helper function ([@rix0rrr] in #676).
  • @aws-cdk/aws-rds: Add support for Aurora PostreSQL/MySQL engines ([@cookejames] in #586)
  • @aws-cdk/aws-s3: Additional grant methods for Buckets ([@eladb] in #591)
  • @aws-cdk/aws-s3: New method addToPipeline on Bucket ([@skinny85] in c8b7a49).
  • aws-cdk: Add support for HTTP proxies ([@rix0rrr] in #666).
  • aws-cdk: Toolkit now shows failure reason if stack update fails ([@rix0rrr] in #609).
  • cdk-build-tools: Add support for running experiment JSII versions ([@RomainMuller] in #649).

Changes

  • BREAKING: Generate classes and types for the CloudFormation resource .ref attributes ([@rix0rrr] in #627).
  • BREAKING: Make types accepted in Policy-related classes narrower (from any to Arn, for example) to reduce typing mistakes ([@rix0rrr] in #629).
  • @aws-cdk/aws-codepipeline (BREAKING): Align the CodePipeline APIs ([@skinny85] in #492, #568)
  • @aws-cdk/aws-ec2 (BREAKING): Move Fleet/AutoScalingGroup to its own package ([@rix0rrr] in #608).
  • aws-cdk: Simplify plugin protocol ([@RomainMuller] in #646).

Bug Fixes

  • @aws-cdk/aws-cloudfront: Fix CloudFront behavior for ViewerProtocolPolicy ([@mindstorms6] in #615).
  • @aws-cdk/aws-ec2: VPC Placement now supports picking Isolated subnets ([@rix0rrr] in #610).
  • @aws-cdk/aws-logs: Add export()/import() capabilities ([@rix0rrr] in #630).
  • @aws-cdk/aws-rds: Fix a bug where a cluster with 1 instance could not be created ([@cookejames] in #578)
  • @aws-cdk/aws-s3: Bucket notifications can now add dependencies, fixing creation order ([@eladb] in #584).
  • @aws-cdk/aws-s3: Remove useless bucket name validation ([@rix0rrr] in #628).
  • @aws-cdk/aws-sqs: Make QueueRef.encryptionMasterKey readonly ([@RomainMuller] in #650).
  • assets: S3 read permissions are granted on a prefix to fix lost permissions during asset update ([@rix0rrr] in #510).
  • aws-cdk: Remove bootstrapping error if multiple stacks are in the same environment ([@RomainMuller] in #625).
  • aws-cdk: Report and continue if git throws errors during cdk init ([@rix0rrr] in #587).

CloudFormation Changes

  • @aws-cdk/cfnspec: Updated [CloudFormation resource specification] to v2.6.0 ([@RomainMuller] in #594)

    • New AWS Construct Library

      • @aws-cdk/aws-sagemaker supports AWS::SageMaker resources

    • New Resource Types

      • AWS::AmazonMQ::Broker
      • AWS::AmazonMQ::Configuration
      • AWS::CodePipeline::Webhook
      • AWS::Config::AggregationAuthorization
      • AWS::Config::ConfigurationAggregator
      • AWS::EC2::VPCEndpointConnectionNotification
      • AWS::EC2::VPCEndpointServicePermissions
      • AWS::IAM::ServiceLinkedRole
      • AWS::SSM::ResourceDataSync
      • AWS::SageMaker::Endpoint
      • AWS::SageMaker::EndpointConfig
      • AWS::SageMaker::Model
      • AWS::SageMaker::NotebookInstance
      • AWS::SageMaker::NotebookInstanceLifecycleConfig

    • Attribute Changes

      • AWS::CodePipeline::Pipeline Version (added)

    • Property Changes

      • AWS::AppSync::DataSource HttpConfig (added)

      • AWS::DAX::Cluster SSESpecification (added)

      • AWS::DynamoDB::Table Stream (added)

      • AWS::DynamoDB::Table AutoScalingSupport (added)

      • AWS::EC2::VPCEndpoint IsPrivateDnsEnabled (added)

      • AWS::EC2::VPCEndpoint SecurityGroupIds (added)

      • AWS::EC2::VPCEndpoint SubnetIds (added)

      • AWS::EC2::VPCEndpoint VPCEndpointType (added)

      • AWS::EC2::VPCEndpoint RouteTableIds.DuplicatesAllowed (deleted)

      • AWS::EC2::VPCPeeringConnection PeerRegion (added)

      • AWS::EFS::FileSystem ProvisionedThroughputInMibps (added)

      • AWS::EFS::FileSystem ThroughputMode (added)

      • AWS::EMR::Cluster KerberosAttributes (added)

      • AWS::Glue::Classifier JsonClassifier (added)

      • AWS::Glue::Classifier XMLClassifier (added)

      • AWS::Glue::Crawler Configuration (added)

      • AWS::Lambda::Lambda DLQConfigurationSupport (added)

      • AWS::Neptune::DBInstance DBSubnetGroupName.UpdateType (changed)

        • Old: Mutable
        • New: Immutable

      • AWS::SNS::Subscription DeliveryPolicy (added)

      • AWS::SNS::Subscription FilterPolicy (added)

      • AWS::SNS::Subscription RawMessageDelivery (added)

      • AWS::SNS::Subscription Region (added)

      • AWS::SQS::Queue Tags (added)

      • AWS::ServiceDiscovery::Service HealthCheckCustomConfig (added)

    • Property Type Changes

      • AWS::AppSync::DataSource.HttpConfig (added)

      • AWS::DAX::Cluster.SSESpecification (added)

      • AWS::EMR::Cluster.KerberosAttributes (added)

      • AWS::Glue::Classifier.JsonClassifier (added)

      • AWS::Glue::Classifier.XMLClassifier (added)

      • AWS::ServiceDiscovery::Service.HealthCheckCustomConfig (added)

      • AWS::CloudFront::Distribution.CacheBehavior FieldLevelEncryptionId (added)

      • AWS::CloudFront::Distribution.DefaultCacheBehavior FieldLevelEncryptionId (added)

      • AWS::CodeBuild::Project.Artifacts EncryptionDisabled (added)

      • AWS::CodeBuild::Project.Artifacts OverrideArtifactName (added)

      • AWS::CodeBuild::Project.Environment Certificate (added)

      • AWS::CodeBuild::Project.Source ReportBuildStatus (added)

      • AWS::ServiceDiscovery::Service.DnsConfig RoutingPolicy (added)

      • AWS::WAF::WebACL.ActivatedRule Action.Required (changed)

        • Old: true
        • New: false

  • @aws-cdk/cfnspec: Updated Serverless Application Model (SAM) Resource Specification ([@RomainMuller] in #594)

    • Property Changes

      • AWS::Serverless::Api MethodSettings (added)

    • Property Type Changes

      • AWS::Serverless::Function.SQSEvent (added)

      • AWS::Serverless::Function.EventSource Properties.Types (changed)

        • Added SQSEvent

Readme

Source

AWS IAM Construct Library

Define a role and add permissions to it. This will automatically create and attach an IAM policy to the role:

const role = new Role(this, 'MyRole', {
  assumedBy: new ServicePrincipal('sns.amazonaws.com')
});
role.addPermission(new Permission('*', 'lambda:InvokeFunction'));

Define a policy and attach it to groups, users and roles. Note that it is possible to attach the policy either by calling xxx.attachPolicy(policy) or policy.attachToXxx(xxx).

const user = new User(this, 'MyUser', { password: '1234' });
const group = new Group(this, 'MyGroup');

const policy = new Policy(this, 'MyPolicy');
policy.attachToUser(user);
group.attachPolicy(policy);

Managed policies can be attached using xxx.attachManagedPolicy(arn):

const group = new Group(this, 'MyGroup');
group.attachManagedPolicy('arn:aws:iam::aws:policy/AdministratorAccess');

Features

  • Policy name uniqueness is enforced. If two policies by the same name are attached to the same principal, the attachment will fail.
  • Policy names are not required - the CDK logical ID will be used and ensured to be unique.

Keywords

FAQs

Last updated on 11 Sep 2018

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

NIST Announces Major Contract to Clear NVD Backlog by September

Security News

NIST Announces Major Contract to Clear NVD Backlog by September

NIST updates on the NVD backlog after media reports that over 50% of KEVs were unenriched since mid-February. They've contracted additional support and partnered with CISA to clear the backlog by fiscal year-end.

By Sarah Gooding  -  Jun 04, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc