Skip to content

CLI: option to use deploy role role+CFN execution role for hotswap #32302

New issue
New issue
Open
Open
CLI: option to use deploy role role+CFN execution role for hotswap#32302
Labels
cliIssues related to the CDK CLIeffort/smallSmall work item – less than a day of effortfeature-requestA feature should be added or improved.p2package/toolsRelated to AWS CDK Tools or CLI
@rix0rrr

Description

@rix0rrr
rix0rrr
opened on Nov 27, 2024

Describe the feature

Right now, hotswap will always use CLI credentials.

It would seem to make more sense to use the deploy role instead. Nominally, it should already have all the permissions necessary to make any CFN deployment, and hotswap is just doing the same as CFN deployments would do, but faster.

Use Case

Consistent permissions behavior between regular deployment and hotswap.

Complications

This effectively requires a developer workstation to be able to assume the CFN execution role: requires changing its trust policy, and effectively gives them unaudited Admin access.

Is that worth it? If you want that, you might as well give them Admin access directly.

It might not be worth it.

Metadata

Metadata

Assignees

No one assigned

    Labels

    cliIssues related to the CDK CLIeffort/smallSmall work item – less than a day of effortfeature-requestA feature should be added or improved.p2package/toolsRelated to AWS CDK Tools or CLI

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions