-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IAM: ArnPrincipal withSessionTags depends on order. #28426
Labels
@aws-cdk/aws-iam
Related to AWS Identity and Access Management
bug
This issue is a bug.
effort/small
Small work item – less than a day of effort
p2
Comments
kaiz-io
added
bug
This issue is a bug.
needs-triage
This issue or PR still needs to be triaged.
labels
Dec 19, 2023
github-actions
bot
added
the
@aws-cdk/aws-iam
Related to AWS Identity and Access Management
label
Dec 19, 2023
khushail
added
investigating
This issue is being investigated and/or work is in progress to resolve the issue.
p2
effort/small
Small work item – less than a day of effort
and removed
needs-triage
This issue or PR still needs to be triaged.
investigating
This issue is being investigated and/or work is in progress to resolve the issue.
labels
Dec 19, 2023
@kaizio , thanks for reporting this. |
sumupitchayan
added a commit
to lpizzinidev/aws-cdk
that referenced
this issue
Dec 28, 2023
kaizencc
added a commit
to lpizzinidev/aws-cdk
that referenced
this issue
Dec 30, 2023
mergify bot
pushed a commit
that referenced
this issue
Dec 30, 2023
Calling `withConditions` after `withSessionTags` will override the existing `sts:TagSession` action for the statement. This implementation fixes the issue. Closes #28426. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
paulhcsun
pushed a commit
to paulhcsun/aws-cdk
that referenced
this issue
Jan 5, 2024
Calling `withConditions` after `withSessionTags` will override the existing `sts:TagSession` action for the statement. This implementation fixes the issue. Closes aws#28426. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
@aws-cdk/aws-iam
Related to AWS Identity and Access Management
bug
This issue is a bug.
effort/small
Small work item – less than a day of effort
p2
Describe the bug
Order matters if you are using withConditions and withSessionTags on an ArnPrincipal.
WithConditions will always work but it appears withSessionTags has to go last.
Expected Behavior
That it would not matter the order in which you call the methods that both modifications would occur.
Current Behavior
If you use withSessionTags then use withConditions there is no sts:SessionTag.
If you use withConditions then use withConditions there is sts:SessionTag.
Reproduction Steps
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.115.0
Framework Version
No response
Node.js Version
18.17.1
OS
Ubuntu 22.04 - Linux
Language
TypeScript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: