Skip to content

(cli): Integrate with IAM Access Analyzer policy validation #13649

New issue
New issue
Open
Open
(cli): Integrate with IAM Access Analyzer policy validation#13649
Labels
@aws-cdk/aws-accessanalyzerRelated to AWS Access Analyzer@aws-cdk/aws-iamRelated to AWS Identity and Access Managementclosed-for-stalenessThis issue was automatically closed because it hadn't received any attention in a while.effort/largeLarge work item – several weeks of effortfeature-requestA feature should be added or improved.p2package/toolsRelated to AWS CDK Tools or CLI
@jogold

Description

@jogold
jogold
opened on Mar 17, 2021

Integrate IAM Access Analyzer policy validation with the CLI, either with a special command or during deploy.

It could also be used as a new "linting" tool in the repo to ensure that IAM policies created by AWS CDK constructs comply with best practices.

See https://aws.amazon.com/blogs/aws/iam-access-analyzer-update-policy-validation/
See https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-policy-validation.html

Use Case

  • Warn users if their CDK code generates "bad" IAM policies
  • Ensure AWS CDK constructs deliver IAM policies that are compliant with best practices

Proposed Solution

To be discussed 😄

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-accessanalyzerRelated to AWS Access Analyzer@aws-cdk/aws-iamRelated to AWS Identity and Access Managementclosed-for-stalenessThis issue was automatically closed because it hadn't received any attention in a while.effort/largeLarge work item – several weeks of effortfeature-requestA feature should be added or improved.p2package/toolsRelated to AWS CDK Tools or CLI

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions