Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: private api gateways with vpce need policy #53

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

fix: private api gateways with vpce need policy #53

wants to merge 4 commits into from

Conversation

dudymas
Copy link
Contributor

@dudymas dudymas commented Oct 18, 2024

what

  • create a resource policy for VPCE's

why

  • if a VPC Endpoint is associated with a private rest api, it still needs
    permission to use that endpoint

references

@dudymas dudymas requested review from a team as code owners October 18, 2024 12:32
@mergify mergify bot added the triage Needs triage label Oct 18, 2024
@mergify Mergify
Copy link

mergify bot commented Oct 18, 2024

Important

Cloud Posse Engineering Team Review Required

This pull request modifies files that require Cloud Posse's review. Please be patient, and a core maintainer will review your changes.

To expedite this process, reach out to us on Slack in the #pr-reviews channel.

@mergify mergify bot added the needs-cloudposse Needs Cloud Posse assistance label Oct 18, 2024
@dudymas
Copy link
Contributor Author

dudymas commented Oct 18, 2024

/terratest

@dudymas dudymas force-pushed the fix/vpce/add-resource-policy branch from 9a47044 to 62c1840 Compare October 18, 2024 13:24
osterman
osterman reviewed Oct 18, 2024
View reviewed changes
main.tf Outdated Show resolved Hide resolved
osterman
osterman reviewed Oct 18, 2024
View reviewed changes
main.tf Outdated
Comment on lines 26 to 53
policy = var.rest_api_policy
policy = data.aws_iam_policy_document.default[0].json
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should preserve the current functionality, no?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the source policy is input here:

terraform-aws-api-gateway/main.tf

Line 25 in af83cc3

source_policy_documents = var.rest_api_policy == null ? [] : [var.rest_api_policy]

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#source_policy_documents

osterman
osterman reviewed Oct 18, 2024
View reviewed changes
main.tf
rest_api_id = aws_api_gateway_rest_api.this[0].id

policy = var.rest_api_policy
policy = data.aws_iam_policy_document.this[0].json
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we want to do https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document#example-using-a-source-document

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

...so the user can pass additional policies preserving the current functionality

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@osterman osterman osterman left review comments

@hans-d hans-d Awaiting requested review from hans-d hans-d is a code owner automatically assigned from cloudposse/contributors

@joe-niland joe-niland Awaiting requested review from joe-niland joe-niland is a code owner automatically assigned from cloudposse/contributors

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
needs-cloudposse Needs Cloud Posse assistance triage Needs triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dudymas @osterman