Skip to content

Commit

Permalink
Fixing template source to correct Condition role arn (#1069)
Browse files Browse the repository at this point in the history 
* Fixing template source to correct Condition role arn

* Rolling back to original two template approach for seperating mgmt and additional accounts
  • Loading branch information
@rycerrat
rycerrat authored Oct 10, 2022
1 parent ed5e78f commit 1369e6f
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 56 deletions.
2 changes: 1 addition & 1 deletion src/core/cdk/src/assets/execution-role.template.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@
{
"Ref": "AWS::AccountId"
},
":aws:role/",
":role/",
{
"Ref": "RoleName"
}
Expand Down
49 changes: 1 addition & 48 deletions src/core/cdk/src/assets/management-execution-role.template.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,54 +55,7 @@
"Principal": {
"Service": "fms.amazonaws.com"
}
},
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"AWS": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::",
{
"Ref": "AWS::AccountId"
},
":root"
]
]
}
},
"Condition": {
"StringEquals": {
"AWS:PrincipalArn": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::",
{
"Ref": "AWS::AccountId"
},
":aws:role/",
{
"Ref": "RoleName"
}
]
]
}
]
}
}
}
}
],
"Version": "2012-10-17"
},
Expand Down
14 changes: 7 additions & 7 deletions src/core/runtime/src/create-stack/create.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,19 +61,19 @@ export const handler = async (input: CreateStackInput) => {
console.debug(stackTemplate);

// Load the template body from the given location
const templateBody = await getTemplateBody(stackTemplate);
let templateBody = await getTemplateBody(stackTemplate);

/** Checks Parameters Table in DDB to see if we are in management account.
* If so, our PBMM Pipeline role has different permissions and we use
* a different template.
*/

// if(parametersTableName){
// const accounts = await loadAccounts(parametersTableName!, dynamodb);
// if((accounts.find(acc => acc.id === accountId)?.key!) === 'management'){
// templateBody = await getTemplateBody(managementAccountTemplate!);
// }
// }
if (parametersTableName) {
const accounts = await loadAccounts(parametersTableName!, dynamodb);
if (accounts.find(acc => acc.id === accountId)?.key! === 'management') {
templateBody = await getTemplateBody(managementAccountTemplate!);
}
}

let cfn: CloudFormation;
if (accountId && assumeRoleName) {
Expand Down

0 comments on commit 1369e6f

Please sign in to comment.