feat: Allow setting custom trust policy in iam-assumable-role #176
Conversation
|
Please check again |
|
Testing it with all my setups and role combinations all work fine with no changes detected in plan so I hope we are good :) |
|
Pushed a fix for the failing check, should be all green now. Once you approve, I'll squash fixup commits |
|
This PR has been automatically marked as stale because it has been open 30 days |
simonweil
force-pushed
the
feature/allow-setting-custom-trust-policy-for-an-assumable-role
branch
from
864b81d to
171a69d
Compare
simonweil
force-pushed
the
feature/allow-setting-custom-trust-policy-for-an-assumable-role
branch
from
171a69d to
5394f8f
Compare
simonweil
changed the title
|
Hi @antonbabenko Is there anything left that needs to be done to merge? |
antonbabenko
changed the title
## [4.10.0](v4.9.0...v4.10.0) (2022-01-19) ### Features * Allow setting custom trust policy in iam-assumable-role ([#176](#176)) ([095cb29](095cb29))
|
This PR is included in version 4.10.0 🎉 |
|
Thank you @antonbabenko! |
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Description
This change adds an option to set a custom trust policy.
Motivation and Context
I need to create an assumable role that can be assumed from all member accounts of the organization except for sandbox accounts.
This can be achieved via conditions and a deny policy for the sandbox.
As there is no possibility to cover all options of the JSON policy, the best would be for such rare situations to allow a custom trust policy.
Breaking Changes
How Has This Been Tested?
examples/*projects