search

kayac / ecspresso

ecspresso is a deployment tool for Amazon ECS
MIT License
825 stars 90 forks source link

verify subcommand should use ssm:GetParameters to simulate actual ECS' behavior #677

Closed aereal closed 7 months ago

aereal commented 7 months ago

Expected behavior

ecspresso verify with the IAM role that allowed only ssm:GetParameters action should successfully get the parameter(s) from AWS Systems Manager Parameters Store.

Actual behavior

It fails due to lack of the permission to call ssm:GetParameter (the singular one, not the plural one).

refs. https://github.com/kayac/ecspresso/blob/ec85decd484cab4da0c34b8478f3fad1e7fc0748/verify.go#L119

Proposed solution

It calls ssm:GetParameters instead of ssm:GetParameter.

That change also introduce the chance to reduce the API calls.

fujiwara commented 7 months ago

@aereal Thank you! v2.3.3 released! https://github.com/kayac/ecspresso/releases/tag/v2.3.3

I added #681 for backward compatibility. When GetParameters API fails with "access denied", fallback to GetParameter API with warning logs. This fallback will be removed v2.4.