feat(servicecatalog): add ability to set launch Role and deploy with StackSets#15678
Conversation
…stacksets Add ability to set launch role (launch role constraint), and configure StackSet deployment (stackset constraint).
|
|
|
Title does not follow the guidelines of Conventional Commits. Please adjust title before merge. |
|
As always the naming sometimes feels a little weird because we are not using the underlying apis that have sort of misnomer names with 'constraint'. |
packages/@aws-cdk/aws-servicecatalog/lib/private/association-manager.ts
Outdated
Show resolved
Hide resolved
|
There is some git churn just from efforts to keep the constrains alphabetized and in order across various files. |
skinny85
left a comment
There was a problem hiding this comment.
Looks good! A few API changes are needed before we merge this in.
skinny85
left a comment
There was a problem hiding this comment.
Looks good. Some minor comments.
| }); | ||
|
|
||
| // The execution role deployed in target accounts | ||
| const executionRole = iam.Role.fromRoleArn(this, 'ImportedExecutionRole', 'arn:aws:iam::account:role/StackSetExecutionRole'); |
There was a problem hiding this comment.
What does it mean that you're using account here, but the accounts property is ['012345678901', '012345678902', '012345678903']?
There was a problem hiding this comment.
this is why I realized using executionRoleName might make more sense, we need the name for the role thats already in the accounts. In another app/stack where those are defined we might have a constructor that creates this role in all accounts but there isn't a way to cleanly/clearly 'import' that here. I just used account since it's a wildcard, but would have maybe made more sense to just use one of the account numbers in the accounts arg.
There was a problem hiding this comment.
Yep. Let's switch to a string for the execution Role.
There was a problem hiding this comment.
I went with naming it executionRoleName, which immediately gives more info, but also just having 2 args with *Role being different types does not seem ideal.
packages/@aws-cdk/aws-servicecatalog/lib/private/association-manager.ts
Outdated
Show resolved
Hide resolved
packages/@aws-cdk/aws-servicecatalog/lib/private/association-manager.ts
Outdated
Show resolved
Hide resolved
packages/@aws-cdk/aws-servicecatalog/lib/private/association-manager.ts
Outdated
Show resolved
Hide resolved
packages/@aws-cdk/aws-servicecatalog/rosetta/portfolio-product.ts-fixture
Outdated
Show resolved
Hide resolved
|
|
||
| Read more at [Service Catalog Constraints](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/constraints.html). | ||
|
|
||
| ### Tag update constraint |
There was a problem hiding this comment.
While you're in this area, can you fix the heading for ### Tag Options (it should be an H2, not an H3)?
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
…StackSets (aws#15678) Adds 2 constraints, launch role and stackset. Users can specify a specific role users must assume when launching product. StackSets deployments allows you to deploy products using Cloudformation StackSets. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…StackSets (aws#15678) Adds 2 constraints, launch role and stackset. Users can specify a specific role users must assume when launching product. StackSets deployments allows you to deploy products using Cloudformation StackSets. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Adds 2 constraints, launch role and stackset.
Users can specify a specific role users must assume when launching product.
StackSets deployments allows you to deploy products using Cloudformation StackSets.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license