Skip to content

(aws-iam): (importedRoleStackSafeDefaultPolicyName Feature flag generates Policy names that are over 128 characters) #24441

Closed as not planned
Closed as not planned
(aws-iam): (importedRoleStackSafeDefaultPolicyName Feature flag generates Policy names that are over 128 characters)#24441
Labels
@aws-cdk/aws-iamRelated to AWS Identity and Access ManagementbugThis issue is a bug.effort/mediumMedium work item – several days of effortp2
@zeyad001

Description

@zeyad001
zeyad001
opened on Mar 3, 2023

Describe the bug

I am using the CrossZoneDelegation construct to delegate between 2 hosted Zones that are in different accounts. When I use the importedRoleStackSafeDefaultPolicyName feature flag the policy names that are generated that contain the path are targer than 128 characters which causes the stack to fail to deploy.

Expected Behavior

The policy names need to be trimmed to fit within 128 characters when using this feature flag.

Current Behavior

Adding the full construct path to the policy can lead to the polices becoming too to large.

Reproduction Steps

  • Create a new stack with a long name
  • Create a Hosted Zone in that account
  • Create another stack with a long name
  • Create a DNS delegation roles
  • Create a Hosted Zone in another account
  • Use CrossAccount Delegation between the hosted zones
  • Enable the importedRoleStackSafeDefaultPolicyName feature flag
  • Attempt to deploy
  • Stack fails because of policy name being too long and containing the entire construct path.

Possible Solution

  • Trim the policy name
  • Find another uuid to generate default policy names instead of appending the construct path

Additional Information/Context

No response

CDK CLI Version

2.66.0

Framework Version

No response

Node.js Version

16

OS

Amazon Linux 2

Language

Typescript

Language Version

4.9.5

Other information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-iamRelated to AWS Identity and Access ManagementbugThis issue is a bug.effort/mediumMedium work item – several days of effortp2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions