New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(aws-s3): supply custom role when adding bucket notifications #13241
Comments
Looks like it's not currently possible. |
I have a similar issue. I am using SQS as my event source for Lambda trigger. As per my enterprise policy as well, we are not allowed to create new IAM roles on the fly. Can we pass in an existing role here? I even tried to hack into python code to disable queue.grantConsumeMessages, but due to JSII architecture, I cannot hack into the `
` |
This isn't currently possible unfortunately. Marking as a feature request to somehow provide the notification handler role externally. Or maybe the ability to instantiate the |
This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
Anything on this? Ability to control the role used by the noitificationshandler is quite important in locked down enterprise environments. |
Hi, this still seems to be an issue, is there any work around for this? |
@rix0rrr @iliapolo this is not currently possible with CDK and yet the AWS Marketplace requires a custom policy for the S3 notifications.
This makes no sense 😠 |
Hello Team. I am working on a customer engagement , which is attempting to leverage cdk to help deploy a series of Lambda functions . One of behaviors that we noticed, when we added an S3 event source to a lamda cdk definition, it auto generates BucketNotificationsHandler IAM role and policy . Our customer has a unique corporate policy that prevents the role used to deploy the application stack from changing/creating any IAM resources. Any insight in how we can suppress the auto creation of the following role when the cdk is synthesized. Below is the code snippet we are using to initialize our lambda function . Your assistance is greatly appreciate , and let me know if you need additional details .
This exact same situation happens with EKS cluster . In which a cluster creator role and IAM role is created . Due to our unique corporate policy we need to suppress the auto creation of roles in CDK .
Reproduction Steps
Create a Lamda function in cdk with the following event specified .
What did you expect to happen?
If a role is defined and provided as input to a module, another role would not be created by cdk .
Stop the auto creation of IAM role and policies .
What actually happened?
The roles are still created even though a role is provided in the input .
Environment
Other
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: