Open thpham opened 3 months ago
pahud
commented
3 months ago Yes I agree. Can you share a little code snippets about this and what's the desired API experience with some sample?
I am making it a p2 and we welcome any pull requests from the community to move this forward.
thpham
commented
3 months ago Hello, thank you very much for your consideration.
I'm not fully familiar with aws-cdk yet, so I hope the community or maintainers to contribute to their perspective.
But I foresee 2 approach for this:
giveAccessToRole(role: iam.IRole) function, and we allow to instantiate a Role with an ARN pattern that allow wildcard pattern, also in regard to its validation.giveAccessToIamPrincipalARN(arn: string): void.I tend to prefer the option 2, because it is closer to the actual use case and current UI capability. But I might also understand that the case might be also useful in other generalisable situation that cover the option 1 (I dont have any example in mind at the moment).
Dear community, please share your opinion to help maintainers get a direction for the implementation. Thank you.
Describe the feature
Allow to share AWS Service Catalog portfolio access with principal names that contains wildcards. The feature seems to be possible given the following documentation link: https://docs.aws.amazon.com/servicecatalog/latest/adminguide/catalogs_portfolios_sharing_how-to-share.html#principal-name-share
Use Case
In the context of an AWS Organisation with SSO and multi-account permission set, the provisioned roles in the sub-accounts have an ARN pattern which contains each time a random number suffix (ex.: arn:aws:iam::${accountId}:role/${roleName}_{randomNumber}).
The ability to use giveAccessToRole with a string ARN pattern would allow us to share access to the portfolio across the entire organisation account with the people having the permission set.
Proposed Solution
No response
Other Information
No response
Acknowledgements
CDK version used
2.136.0
Environment details (OS name and version, etc.)
macos 14