Skip to content

roleFromArn with "mutable: false" adds role policies #5943

New issue
New issue
Closed
#6090
Closed
roleFromArn with "mutable: false" adds role policies#5943
#6090
Assignees
rix0rrr
Labels
@aws-cdk/aws-iamRelated to AWS Identity and Access ManagementbugThis issue is a bug.needs-triageThis issue or PR still needs to be triaged.p0
@claabs

Description

@claabs
claabs
opened on Jan 23, 2020

iam.Role.fromRoleArn() with { mutable: false } creates role policies in 1.21.1. This did not occur in <=1.20.0

Reproduction Steps

  1. Clone my reproduction repo: https://github.com/charlocharlie/mutable-role-repro
  2. npm i
  3. cdk synth
  4. Observe template
  5. Downgrade to 1.20.0
  6. npm i
  7. cdk synth
  8. Observe template without any role policies

Or just view the synth-1.20.0.json and synth-1.21.1.json in the repro.

Error Log

Causes many issues when deploying to a role-strict environment.

Environment

  • CLI Version : 1.21.1
  • Framework Version: 1.21.1
  • OS : macOS
  • Language : Typescript

This is 🐛 Bug Report

Metadata

Metadata

Assignees

Labels

@aws-cdk/aws-iamRelated to AWS Identity and Access ManagementbugThis issue is a bug.needs-triageThis issue or PR still needs to be triaged.p0

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions