quota-monitor-for-aws icon indicating copy to clipboard operation
quota-monitor-for-aws copied to clipboard

Published 20 hours ago verified publisher icon aws-solutions

Need support for PermissionBoundary property on AWS::IAM::CreateRole actions

Open jrykowski-huron opened this issue 3 years ago • 1 comments

We've struggled to get the default template to work due to missing PermissionBoundary property. Had to add manually.

It would be good to support a parameter to specify.

Also still facing issue regarding the fact limitCheckStack uses reference to AWS::CloudFormation::Stack in an S3 location and we need to edit that as well to add the PermissionBoundary property.

If anyone has a work around to share, that'd be great! But for future, it'd be good if the template supported use of PermissionBoundary settings.

Without the PB set, we get CloudFormation stack error similar to this:

API: iam:CreateRole User: arn:aws:sts::{accountid}:assumed-role/{role}/jrykowski is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::{accountid}:role/limitmonitor-limitCheckSt-LimitMonitorRole-1M8F2ZHBM59NZ with an explicit deny

jrykowski-huron avatar Mar 18 '22 00:03 jrykowski-huron

@jrykowski-huron thanks for submitting the request. If you can open a pull request, it would be very helpful for us to understand the resolution that you are looking for.

gsingh04 avatar Mar 28 '22 19:03 gsingh04

Closing due to inactivity

gsingh04 avatar Oct 17 '22 15:10 gsingh04