aws-cdk-rfcs icon indicating copy to clipboard operation
aws-cdk-rfcs copied to clipboard

Published 20 hours ago verified publisher icon aws

CDK Pipelines: Use pipeline ServiceRole as default ActionRole

Open hwum opened this issue 8 months ago • 1 comments

Description

Multiple customers requested us to reduce the number of roles automatically created by cdk library. Since service role is applied to pipeline stage actions if no action role provided(codepipeline backend logic), we propose to add a flag in pipeline config to allow customer use pipeline service role as action role. Besides, when using CodeBuildFactory, we propose to allow customized role for CodeBuildOption in L3 construct. Related issue:https://github.com/aws/aws-cdk/issues/27605 https://github.com/aws/aws-cdk/issues/30360

interface PipelineProps {
    ....
    public readonly enablePipelineRoleForActions?: boolean; // false as default;
}


export interface CodeBuildOptions {
  ....
  readonly role?: iam.Role;
}

Roles

Role User
Proposed by @hwum
Author(s) @hwum
API Bar Raiser @
Stakeholders @hwum(codepipeline-dev)

See RFC Process for details

Workflow

  • [x] Tracking issue created (label: status/proposed)
  • [ ] API bar raiser assigned (ping us at #aws-cdk-rfcs if needed)
  • [ ] Kick off meeting
  • [ ] RFC pull request submitted (label: status/review)
  • [ ] Community reach out (via Slack and/or Twitter)
  • [ ] API signed-off (label status/api-approved applied to pull request)
  • [ ] Final comments period (label: status/final-comments-period)
  • [ ] Approved and merged (label: status/approved)
  • [ ] Execution plan submitted (label: status/planning)
  • [ ] Plan approved and merged (label: status/implementing)
  • [ ] Implementation complete (label: status/done)

Author is responsible to progress the RFC according to this checklist, and apply the relevant labels to this issue so that the RFC table in README gets updated.

hwum avatar Mar 06 '25 21:03 hwum

Hi @hwum, i think this is a feature request that isn't too large (proposing a new property in an existing construct). you will get much better traction if you suggest it as a feature request here instead. hopefully with a bit more information for what you're looking for, as I'm not too sure even if this is one proposed feature or two (if it's two, two separate issues would be better).

thanks for reaching out!

kaizencc avatar Mar 07 '25 16:03 kaizencc