gradle-aws-plugin icon indicating copy to clipboard operation
gradle-aws-plugin copied to clipboard

Published 20 hours ago verified publisher icon classmethod

Support list of capabilities on cloudformation

Open elmi82 opened this issue 5 years ago • 1 comments

Currently the the capability that is used when using the cloudformation stack tasks can be defined with

cloudformation {
  /* stack configuration */
  capabilityIam true
  useCapabilityIam Capability.CAPABILITY_NAMED_IAM
}

This assumes that there is only one capability active, if you run a stack operation. In case you use nested stacks and both your "parent" stack and the nested stack create roles or policies stack operations need to run with CAPABILITY_NAMED_IAM AND CAPABILITY_AUTO_EXPAND.

The plugin currently cannot be configured to handle these kind of stack scenario. The SDK in fact allows the capabilities to be a list, but the plugin always constructs a list with only the one specified capability in useCapabilityIam Example.

Ideally a configuration would allow the definition of multiple capabilities, e.g.

cloudformation {
  /* stack configuration */
  capabilityIam true
  capabilities [Capability.CAPABILITY_NAMED_IAM, Capability.CAPABILITY_AUTO_EXPAND]
}

elmi82 avatar Dec 11 '19 09:12 elmi82

Even without nested stacks, I've also run into a scenario where I need to create both a Named IAM role as well as a SAM style Lambda function. This scenario also requires both CAPABILITY_NAMED_IAM and CAPABILITY_AUTO_EXPAND.

davidpellerin avatar Dec 11 '19 14:12 davidpellerin