Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cannot create IManagedPolicy from a customer managed policy

See original GitHub issue

I’m submitting a …
- 🚀 feature request
What is the current behavior?

Role.addManagedPolicy(policy: IManagedPolicy) is the method to add managed policies to a role. However the only method to create IManagedPolicy is ManagedPolicy.fromAwsManagedPolicyName(), which only supports the AWS managed policies. There is no way to add a customer-managed policy to a role, either by its arn or by a ref to a CfnManagedPolicy.

This is a regression from 0.34.0 behaviour. In 0.34.0 you could do the following:

myRole: Role;
myPolicy: CfnManagedPolicy;
myRole.attachManagedPolicy(myPolicy.managedPolicyArn);

What is the expected behavior (or behavior of feature suggested)?

One or more of the following methods should be added to ManagedPolicy to support more managed policy types:

ManagedPolicy.fromManagedPolicyRef(ref: IResolvable)
ManagedPolicy.fromManagedPolicyArn(arn: string)

What is the motivation / use case for changing the behavior or adding this feature?

To support customer Managed policies.

Please tell us about your environment:
- CDK CLI Version: 0.35.0
- OS: Windows 10
- Language: TypeScript

Issue Analytics

State:
Created 4 years ago
Reactions:4
Comments:5 (3 by maintainers)

Top GitHub Comments

1reaction

NetaNircommented, Jun 22, 2019

You can try using addManagedPolicy:

    const role = new iam.Role(this, 'Role', {
      assumedBy: new iam.ServicePrincipal('some.domain')
    })
    role.addManagedPolicy({
      managedPolicyArn: 'managedPolicyArn'
    })

0reactions

IainColecommented, Aug 2, 2019

I took a stab at implementing the creation / reference of customer managed policies here https://github.com/IainCole/aws-cdk/blob/ic_support_customer_managed_policy/packages/%40aws-cdk/aws-iam/lib/managed-policy.ts

It seems to work from my testing, @NGL321 if this makes sense logically I can submit a PR with tests etc.

Top Results From Across the Web

class ManagedPolicy (construct) · AWS CDK

For example, "Grants access to production DynamoDB tables." The policy description is immutable. After a value is assigned, it cannot be changed.

CDK - Add policies to role with For each - Stack Overflow

I managed to make it work with the code bellow: policyName.forEach(policyName => { const importedPolicy = ManagedPolicy.fromManagedPolicyName( ...

Managed Policy Examples in AWS CDK - Complete Guide

In this article we are going to go over examples of AWS managed and Customer managed policies. Creating a Managed Policy in AWS...

IAM Customer Managed Policy with Administrative ...

If the search process does not return any customer managed policies, there is no IAM admin policy created within the current AWS account...

Limit scope of AWS Managed IAM Policies?

The advantage of using the AWS managed policy is that any updates/changes to the CodeDeploy ... You could create few other things to...

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

No results found

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

Cannot create IManagedPolicy from a customer managed policy

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

turn off colors?

cdk synth generates only json files when used with -o