search

classmethod / gradle-aws-plugin

Gradle plugin to manage Amazon Web Services
276 stars 132 forks source link

Support list of capabilities on cloudformation #186

Open elmi82 opened 4 years ago

elmi82 commented 4 years ago

Currently the the capability that is used when using the cloudformation stack tasks can be defined with

cloudformation {
  /* stack configuration */
  capabilityIam true
  useCapabilityIam Capability.CAPABILITY_NAMED_IAM
}

This assumes that there is only one capability active, if you run a stack operation. In case you use nested stacks and both your "parent" stack and the nested stack create roles or policies stack operations need to run with CAPABILITY_NAMED_IAM AND CAPABILITY_AUTO_EXPAND.

The plugin currently cannot be configured to handle these kind of stack scenario. The SDK in fact allows the capabilities to be a list, but the plugin always constructs a list with only the one specified capability in useCapabilityIam Example.

Ideally a configuration would allow the definition of multiple capabilities, e.g.

cloudformation {
  /* stack configuration */
  capabilityIam true
  capabilities [Capability.CAPABILITY_NAMED_IAM, Capability.CAPABILITY_AUTO_EXPAND]
}
davidpellerin commented 4 years ago

Even without nested stacks, I've also run into a scenario where I need to create both a Named IAM role as well as a SAM style Lambda function. This scenario also requires both CAPABILITY_NAMED_IAM and CAPABILITY_AUTO_EXPAND.