Closed Khufu-I closed 3 years ago
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
Synthetics Canary default execution role hard codes
'arn:aws:logs:::*'
in the IAM policy which does not work in non AWS partitions (i.e aws-cn or aws-us-gov)Reproduction Steps
Synthesize the following code (
cdk synth
) for cn-north-1What did you expect to happen?
The default execution role IAM policy should contain a partition aware log access policy
What actually happened?
The default execution role contains an IAM policy which has aws hardcoded and isn't partition aware
Environment
Other
This is :bug: Bug Report