Restrict CDK deploy to certain roles #20921
abjoshi2785
started this conversation in
General
Replies: 1 comment
-
|
Hey @abjoshi2785, You can restrict the roles which can assume the deploy role by modifying the bootstrapping template itself Though if you have credentials for the same account, but do not have the proper permissions to assume the role, the CDK will still attempt to deploy with just the CLI credentials. This is the warning message you are seeing here. Deployment should still fail if CLI credentials do not give access to deployment |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Is there a way to restrict the CDK deploy to allow only certain roles to perform this action. I have tried changing the trust on the deploy role from root to a specific role but the deploy still proceeds with following message "current credentials could not be used to assume 'arn:aws:iam::111111111111:role/cdk-hnb659fds-deploy-role-111111111111-us-east-2', but are for the right account. Proceeding anyway."
Beta Was this translation helpful? Give feedback.
All reactions