docs(ec2): update aws-ec2 README to include workaround for using a service principal in VPCEService allowedPrincipals#29512
Merged
mergify[bot] merged 3 commits intoaws:mainfrom Mar 21, 2024
Merged
Conversation
…ncipal in VPCEService `allowedPrincipals` `VpcEndpointService` has the member `allowedPrincipals` which is of type `ArnPrincipal[]`. However, `ServicePrincipal` is also valid and works in the AWS console. This documentation update includes a workaround for including service principals in the `allowedPrincipals`.
aws-cdk-automation
previously requested changes
Mar 15, 2024
Collaborator
aws-cdk-automation
left a comment
There was a problem hiding this comment.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.
aws-ec2 README to include workaround for using a service pri…aws-ec2 README to include workaround for using a service principal in VPCEService allowedPrincipals (#29478)
aws-ec2 README to include workaround for using a service principal in VPCEService allowedPrincipals (#29478)aws-ec2 README to include workaround for using a service principal in VPCEService allowedPrincipals
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
lpizzinidev
suggested changes
Mar 16, 2024
Contributor
lpizzinidev
left a comment
There was a problem hiding this comment.
Thanks 👍
Can you please add test coverage for this scenario for both unit and integration tests?
Comment on lines
+1055
to
+1056
| To include a service principal in the `allowedPrincipals`, there is a workaround where you can use a service principal string as input to the `ArnPrincipal` type. The resulting VPC endpoint will have an allowlisted principal of type `Service`, instead of `Arn` for that item in the list. | ||
| ```ts |
Contributor
There was a problem hiding this comment.
Suggested change
| To include a service principal in the `allowedPrincipals`, there is a workaround where you can use a service principal string as input to the `ArnPrincipal` type. The resulting VPC endpoint will have an allowlisted principal of type `Service`, instead of `Arn` for that item in the list. | |
| ```ts | |
| You can also include a service principal in the `allowedPrincipals` property by specifying it as a parameter to the `ArnPrincipal` constructor. | |
| The resulting VPC endpoint will have an allowlisted principal of type `Service`, instead of `Arn` for that item in the list. | |
| ```ts |
Contributor
Author
There was a problem hiding this comment.
I'll make this change in the revision that includes the tests.
Contributor
Author
|
Will do |
GavinZZ
reviewed
Mar 18, 2024
Member
GavinZZ
left a comment
There was a problem hiding this comment.
Same feedback on the test coverage. Otherwise happy to approve it.
Contributor
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Contributor
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Contributor
|
@Mergifyio update |
Contributor
❌ Mergify doesn't have permission to updateDetailsFor security reasons, Mergify can't update this pull request. Try updating locally. |
Collaborator
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
paulhcsun
approved these changes
Mar 21, 2024
Contributor
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
jun1-t
pushed a commit
to jun1-t/aws-cdk
that referenced
this pull request
Mar 23, 2024
…service principal in VPCEService `allowedPrincipals` (aws#29512) `VpcEndpointService` has the member `allowedPrincipals` which is of type `ArnPrincipal[]`. However, `ServicePrincipal` is also valid and works in the AWS console. This documentation update includes a workaround for including service principals in the `allowedPrincipals`. ### Issue aws#29478 Closes aws#29478 ### Reason for this change `VpcEndpointService` has the member `allowedPrincipals` which is of type `ArnPrincipal[]`. However, if you use the AWS console, allowlisting a service principal is supported as well. Users are not able to use the type `ServicePrincipal` in `allowedPrincipals` in CDK. This is a feature gap. I brought this up in aws#29478, and was told that the type couldn't be changed, but the workaround I was using could be added to the documentation. ### Description of changes Documentation update for the `aws-ec2` module which includes a workaround for including service principals in the `allowedPrincipals`. ### Description of how you validated changes N/A - minor documentation changes only ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
ahammond
pushed a commit
to ahammond/aws-cdk
that referenced
this pull request
Mar 26, 2024
…service principal in VPCEService `allowedPrincipals` (aws#29512) `VpcEndpointService` has the member `allowedPrincipals` which is of type `ArnPrincipal[]`. However, `ServicePrincipal` is also valid and works in the AWS console. This documentation update includes a workaround for including service principals in the `allowedPrincipals`. ### Issue aws#29478 Closes aws#29478 ### Reason for this change `VpcEndpointService` has the member `allowedPrincipals` which is of type `ArnPrincipal[]`. However, if you use the AWS console, allowlisting a service principal is supported as well. Users are not able to use the type `ServicePrincipal` in `allowedPrincipals` in CDK. This is a feature gap. I brought this up in aws#29478, and was told that the type couldn't be changed, but the workaround I was using could be added to the documentation. ### Description of changes Documentation update for the `aws-ec2` module which includes a workaround for including service principals in the `allowedPrincipals`. ### Description of how you validated changes N/A - minor documentation changes only ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
VpcEndpointServicehas the memberallowedPrincipalswhich is of typeArnPrincipal[]. However,ServicePrincipalis also valid and works in the AWS console. This documentation update includes a workaround for including service principals in theallowedPrincipals.Issue #29478
Closes #29478
Reason for this change
VpcEndpointServicehas the memberallowedPrincipalswhich is of typeArnPrincipal[]. However, if you use the AWS console, allowlisting a service principal is supported as well. Users are not able to use the typeServicePrincipalinallowedPrincipalsin CDK. This is a feature gap.I brought this up in #29478, and was told that the type couldn't be changed, but the workaround I was using could be added to the documentation.
Description of changes
Documentation update for the
aws-ec2module which includes a workaround for including service principals in theallowedPrincipals.Description of how you validated changes
N/A - minor documentation changes only
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license