Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(stepfunctions-tasks): adding on demand option + allocation s… #12512

Closed
wants to merge 63 commits into from
Closed

feat(stepfunctions-tasks): adding on demand option + allocation s… #12512

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
63 commits
Select commit Hold shift + click to select a range
e5a8b5e
feat(aws-stepfunctions-tasks): adding on demand option + allocation s…
Jan 14, 2021
df49eb6
chore(release): 1.85.0
Jan 14, 2021
fe5ee19
Update CHANGELOG.md
NetaNir Jan 14, 2021
ed2ef5c
Update CHANGELOG.md
NetaNir Jan 14, 2021
3d51bc8
Update CHANGELOG.md
NetaNir Jan 14, 2021
c824c2f
Update CHANGELOG.md
NetaNir Jan 14, 2021
51c53df
chore(deps-dev): bump typescript-json-schema from 0.46.0 to 0.47.0 (#…
dependabot-preview[bot] Jan 14, 2021
d79f1a1
chore: eliminate the use of `xxx.Construct` to reduce v2 merge confli…
Jan 15, 2021
b9eb38a
chore(deps): bump aws-sdk from 2.827.0 to 2.828.0 (#12533)
dependabot-preview[bot] Jan 15, 2021
d05c98e
chore(aws-cdk-lib): minimum supported node version is now v14 (#11964)
Jan 15, 2021
b8e39b2
chore(scripts): compat check will compare against last published vers…
Jan 15, 2021
33fc397
chore(eks): updated the eks launch template support topic in the docs…
dirknilius Jan 15, 2021
89cf902
chore(pkglint): validate that package `maturity` is correct (#12519)
skinny85 Jan 15, 2021
0a9d636
docs(codebuild): clarify BuildEnvironmentVariable `value` property (#…
blimmer Jan 15, 2021
4d79453
chore: switch to using yarn in package.json scripts (#12530)
Jan 17, 2021
e752d2a
chore(lambda-layer-kubectl): fix readme to refer to the correct modul…
iliapolo Jan 17, 2021
dc8248a
feat(elasticsearch): UltraWarm nodes (#12265)
jumi-dev Jan 17, 2021
f044f2e
chore(deps-dev): bump esbuild from 0.8.32 to 0.8.33 (#12560)
dependabot-preview[bot] Jan 18, 2021
a11a228
chore(deps): bump @typescript-eslint/eslint-plugin from 4.12.0 to 4.1…
dependabot-preview[bot] Jan 18, 2021
83d3dbd
docs: note that `cdk.context.json` must be committed (#12565)
rix0rrr Jan 18, 2021
39aa43b
chore(deps-dev): bump @types/node from 10.17.48 to 10.17.51 (#12571)
dependabot-preview[bot] Jan 18, 2021
ed6777b
chore(ec2): add c6gn instance type metadata (#12525)
Jacob-Doetsch Jan 18, 2021
7461d16
fix(iam): Groups are erroneously accepted as the Principal of a polic…
swar8080 Jan 18, 2021
3c84890
chore(deps-dev): bump @types/lodash from 4.14.167 to 4.14.168 (#12578)
dependabot-preview[bot] Jan 18, 2021
3e236df
chore(deps): bump @typescript-eslint/eslint-plugin from 4.13.0 to 4.1…
dependabot-preview[bot] Jan 18, 2021
1d064d0
chore(applicationautoscaling): Add MSK storage scaling predefined met…
Jan 19, 2021
fcfd46f
fix(ec2): Vpc.fromVpcAttributes cannot be used with EKS (#12569)
rix0rrr Jan 19, 2021
7f67d2c
chore(core): stack.test.ts is now using jest (#12596)
Jan 19, 2021
c0abdaa
chore: compat check does not correctly resolve baseline version in re…
Jan 20, 2021
cb50af5
chore: install integ tests dependencies using npm7 (#12626)
rix0rrr Jan 20, 2021
85b2e57
chore: encode npm disttag in version resolution (#12627)
Jan 20, 2021
019a51c
feat(cognito): allow to set read and write attributes in Cognito User…
tom139 Jan 20, 2021
4378dde
docs(codepipeline-actions): fix typo in Readme (#12625)
sergeant-wizard Jan 20, 2021
c2c55da
docs(s3-deployment): fix missing brackets in the code example of prun…
minchao Jan 20, 2021
9dc95ca
feat(s3): Bucket keys (#12376)
bweigel Jan 20, 2021
920d8f8
fix(aws-ecs): Invalid user data defined for windows autoscaling group…
phillipCouto Jan 20, 2021
9fc2c2b
fix(apigateway): cannot remove first api key from usage plan (#12505)
Jan 21, 2021
4dc0e24
fix(synthetics): default execution role breaks in non aws partitions …
Khufu-I Jan 21, 2021
b9848d5
feat(ec2): Support for new EBS types (#12074)
leandrodamascena Jan 21, 2021
dbaef03
feat(cfnspec): cloudformation spec v24.0.0 (#12615)
aws-cdk-automation Jan 21, 2021
37e0fbe
chore(deps): bump proxy-agent from 4.0.0 to 4.0.1 (#12591)
dependabot-preview[bot] Jan 21, 2021
64d8ed1
chore: remove strong-named key references and signing for .NET (#12632)
njlynch Jan 21, 2021
057a1c7
chore(release): 1.86.0
Jan 21, 2021
949bd7e
feat(eks): Graduate to stable (#12640)
iliapolo Jan 21, 2021
37bc501
chore(deps): bump fs-extra from 9.0.1 to 9.1.0 (#12641)
dependabot-preview[bot] Jan 21, 2021
86c1257
fix(core): modern deployments fail if bootstrap stack is renamed (#12…
rix0rrr Jan 21, 2021
4668797
docs(ecs): typo in docstring (#12621)
ppbdrinker Jan 21, 2021
9d8807e
chore(integtests): make installing NPM7 safe against concurrent calls…
rix0rrr Jan 21, 2021
f4e2db1
chore: deprecate app-delivery and EKS-legacy modules (#12545)
skinny85 Jan 21, 2021
a61cf20
chore(deps): bump aws-sdk from 2.828.0 to 2.830.0 (#12650)
dependabot-preview[bot] Jan 21, 2021
11e44b2
fix(s3-deployment): User metadata keys have redundant triple `x-amz` …
bmwalters Jan 21, 2021
abec497
feat(aws-codepipeline-actions): Add Full Clone support for CodeCommit…
DaWyz Jan 21, 2021
ad91ccc
chore(deps-dev): bump esbuild from 0.8.33 to 0.8.34 (#12653)
dependabot-preview[bot] Jan 22, 2021
940abd1
docs(stepfunctions-tasks): Replace deprecated class name (#12658)
JacobAMason Jan 22, 2021
0375f4c
feat(stepfunctions-tasks): EcsRunTask now uses taskDefinition family …
ayush987goyal Jan 22, 2021
e74f61b
chore: tests fail on a machine with a `~/.cdk.json` file (#12579)
rix0rrr Jan 22, 2021
d873d51
fix(apigatewayv2): multiple http integrations are created for each ro…
ayush987goyal Jan 22, 2021
9084d8a
chore: remove unused dependencies on the @aws-cdk/assets module (#12652)
skinny85 Jan 22, 2021
6e2c031
chore: introduce special logic for unit tests that rely on feature fl…
Jan 22, 2021
58d395c
feat(aws-stepfunctions-tasks): adding on demand option + allocation s…
Jan 14, 2021
b4d8a0e
Merge branch 'master' into master
mohanrajendran Jan 24, 2021
21a7d30
Merge branch 'master' into master
mohanrajendran Jan 26, 2021
51de8a2
Merge branch 'master' into master
mohanrajendran Feb 14, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
chore: introduce special logic for unit tests that rely on feature fl… 
…ags (#12645)

CDKv1 introduced feature flags that allowed users to opt-in to new
backwards-incompatible behaviour. There are two types of flags -
one set that need to be entirely removed in CDKv2 and their
'enabled' behaviour made the default, and another set where the
the new behaviour should be made the default, and allow users to
explicitly opt-out.

This change addresses the testing strategy for the former set (and
not the latter). There exist unit tests that test the behaviour both
when the feature flags are enabled and feature flags and disabled.
However, in v2, the feature flags will be removed and its usage
blocked. The default behaviour will be as if the feature flag is
enabled.

Introduce branching logic that treats these unit tests depending on
whether it's executed in the context of CDKv1 or CDKv2.

The logic is as follows:
- In the context of v1, all tests will execute as normal.
- In the context of v2, tests that rely on feature flag to be unset will
   not be executed.
- In the context of v2, tests that rely on feature flag to be set will
  not configure the feature flag on the App's context and continue to
  execute the test.

This logic has been captured at a single location in two methods -
`testFeatureFlag()` and `testFeatureFlagDisabled()`.

To validate this logic, the unit tests that rely on the feature flags
`aws-kms:defaultKeyPolicies`,
`aws-secretsmanager:parseOwnedSecretName` and
`core:enableStackNameDuplicates` have been updated to use
these methods.

Forward looking: The final PR in v2 is expected to look like
this - #12644

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
Niranjan Jayakar authored and Mohan Rajendran committed Jan 24, 2021
commit 6e2c031f66be79c2da906bb0a8d4a3f7827ac447
146 changes: 94 additions & 52 deletions packages/@aws-cdk/aws-kms/test/key.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import { arrayWith, ResourcePart } from '@aws-cdk/assert';
import '@aws-cdk/assert/jest';
import * as iam from '@aws-cdk/aws-iam';
import * as cdk from '@aws-cdk/core';
import { testFutureBehavior, testLegacyBehavior } from 'cdk-build-tools/lib/feature-flag';
import * as kms from '../lib';

const ADMIN_ACTIONS: string[] = [
Expand Down Expand Up @@ -39,19 +40,10 @@ const LEGACY_ADMIN_ACTIONS: string[] = [
'kms:UntagResource',
];

let app: cdk.App;
let stack: cdk.Stack;
beforeEach(() => {
app = new cdk.App({
context: {
// By default, enable the correct key policy behavior. Specific tests will test the disabled behavior.
'@aws-cdk/aws-kms:defaultKeyPolicies': true,
},
});
stack = new cdk.Stack(app);
});
const flags = { '@aws-cdk/aws-kms:defaultKeyPolicies': true };

test('default key', () => {
testFutureBehavior('default key', flags, cdk.App, (app) => {
const stack = new cdk.Stack(app);
new kms.Key(stack, 'MyKey');

expect(stack).toHaveResource('AWS::KMS::Key', {
Expand All @@ -75,14 +67,16 @@ test('default key', () => {
}, ResourcePart.CompleteDefinition);
});

test('default with no retention', () => {
testFutureBehavior('default with no retention', flags, cdk.App, (app) => {
const stack = new cdk.Stack(app);
new kms.Key(stack, 'MyKey', { removalPolicy: cdk.RemovalPolicy.DESTROY });

expect(stack).toHaveResource('AWS::KMS::Key', { DeletionPolicy: 'Delete', UpdateReplacePolicy: 'Delete' }, ResourcePart.CompleteDefinition);
});

describe('key policies', () => {
test('can specify a default key policy', () => {
testFutureBehavior('can specify a default key policy', flags, cdk.App, (app) => {
const stack = new cdk.Stack(app);
const policy = new iam.PolicyDocument();
const statement = new iam.PolicyStatement({ resources: ['*'], actions: ['kms:Put*'] });
statement.addArnPrincipal('arn:aws:iam::111122223333:root');
Expand All @@ -107,7 +101,8 @@ describe('key policies', () => {
});
});

test('can append to the default key policy', () => {
testFutureBehavior('can append to the default key policy', flags, cdk.App, (app) => {
const stack = new cdk.Stack(app);
const statement = new iam.PolicyStatement({ resources: ['*'], actions: ['kms:Put*'] });
statement.addArnPrincipal('arn:aws:iam::111122223333:root');

Expand Down Expand Up @@ -139,16 +134,53 @@ describe('key policies', () => {
});
});

test.each([
['decrypt', (key: kms.Key, user: iam.IGrantable) => key.grantDecrypt(user), 'kms:Decrypt'],
['encrypt', (key: kms.Key, user: iam.IGrantable) => key.grantEncrypt(user), ['kms:Encrypt', 'kms:ReEncrypt*', 'kms:GenerateDataKey*']],
])('grant %s', (_, grantFn, actions) => {
testFutureBehavior('decrypt', flags, cdk.App, (app) => {
// GIVEN
const stack = new cdk.Stack(app);
const key = new kms.Key(stack, 'Key');
const user = new iam.User(stack, 'User');

// WHEN
key.grantDecrypt(user);

// THEN
// Key policy should be unmodified by the grant.
expect(stack).toHaveResource('AWS::KMS::Key', {
KeyPolicy: {
Statement: [
{
Action: 'kms:*',
Effect: 'Allow',
Principal: { AWS: { 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':iam::', { Ref: 'AWS::AccountId' }, ':root']] } },
Resource: '*',
},
],
Version: '2012-10-17',
},
});

expect(stack).toHaveResource('AWS::IAM::Policy', {
PolicyDocument: {
Statement: [
{
Action: 'kms:Decrypt',
Effect: 'Allow',
Resource: { 'Fn::GetAtt': ['Key961B73FD', 'Arn'] },
},
],
Version: '2012-10-17',
},
});
});

testFutureBehavior('encrypt', flags, cdk.App, (app) => {
// GIVEN
const stack = new cdk.Stack(app);
const key = new kms.Key(stack, 'Key');
const user = new iam.User(stack, 'User');

// WHEN
grantFn(key, user);
key.grantEncrypt(user);

// THEN
// Key policy should be unmodified by the grant.
Expand All @@ -170,7 +202,7 @@ describe('key policies', () => {
PolicyDocument: {
Statement: [
{
Action: actions,
Action: ['kms:Encrypt', 'kms:ReEncrypt*', 'kms:GenerateDataKey*'],
Effect: 'Allow',
Resource: { 'Fn::GetAtt': ['Key961B73FD', 'Arn'] },
},
Expand All @@ -180,7 +212,7 @@ describe('key policies', () => {
});
});

test('grant for a principal in a dependent stack works correctly', () => {
testFutureBehavior('grant for a principal in a dependent stack works correctly', flags, cdk.App, (app) => {
const principalStack = new cdk.Stack(app, 'PrincipalStack');
const principal = new iam.Role(principalStack, 'Role', {
assumedBy: new iam.AnyPrincipal(),
Expand Down Expand Up @@ -213,7 +245,8 @@ describe('key policies', () => {
});
});

test('additional key admins can be specified (with imported/immutable principal)', () => {
testFutureBehavior('additional key admins can be specified (with imported/immutable principal)', flags, cdk.App, (app) => {
const stack = new cdk.Stack(app);
const adminRole = iam.Role.fromRoleArn(stack, 'Admin', 'arn:aws:iam::123456789012:role/TrustedAdmin');
new kms.Key(stack, 'MyKey', { admins: [adminRole] });

Expand Down Expand Up @@ -242,7 +275,8 @@ describe('key policies', () => {
});
});

test('additional key admins can be specified (with owned/mutable principal)', () => {
testFutureBehavior('additional key admins can be specified (with owned/mutable principal)', flags, cdk.App, (app) => {
const stack = new cdk.Stack(app);
const adminRole = new iam.Role(stack, 'AdminRole', {
assumedBy: new iam.AccountRootPrincipal(),
});
Expand Down Expand Up @@ -279,7 +313,8 @@ describe('key policies', () => {
});
});

test('key with some options', () => {
testFutureBehavior('key with some options', flags, cdk.App, (app) => {
const stack = new cdk.Stack(app);
const key = new kms.Key(stack, 'MyKey', {
enableKeyRotation: true,
enabled: false,
Expand Down Expand Up @@ -311,17 +346,20 @@ test('key with some options', () => {
});
});

test('setting pendingWindow value to not in allowed range will throw', () => {
testFutureBehavior('setting pendingWindow value to not in allowed range will throw', flags, cdk.App, (app) => {
const stack = new cdk.Stack(app);
expect(() => new kms.Key(stack, 'MyKey', { enableKeyRotation: true, pendingWindow: cdk.Duration.days(6) }))
.toThrow('\'pendingWindow\' value must between 7 and 30 days. Received: 6');
});

test('setting trustAccountIdentities to false will throw (when the defaultKeyPolicies feature flag is enabled)', () => {
testFutureBehavior('setting trustAccountIdentities to false will throw (when the defaultKeyPolicies feature flag is enabled)', flags, cdk.App, (app) => {
const stack = new cdk.Stack(app);
expect(() => new kms.Key(stack, 'MyKey', { trustAccountIdentities: false }))
.toThrow('`trustAccountIdentities` cannot be false if the @aws-cdk/aws-kms:defaultKeyPolicies feature flag is set');
});

test('addAlias creates an alias', () => {
testFutureBehavior('addAlias creates an alias', flags, cdk.App, (app) => {
const stack = new cdk.Stack(app);
const key = new kms.Key(stack, 'MyKey', {
enableKeyRotation: true,
enabled: false,
Expand All @@ -342,7 +380,8 @@ test('addAlias creates an alias', () => {
});
});

test('can run multiple addAlias', () => {
testFutureBehavior('can run multiple addAlias', flags, cdk.App, (app) => {
const stack = new cdk.Stack(app);
const key = new kms.Key(stack, 'MyKey', {
enableKeyRotation: true,
enabled: false,
Expand Down Expand Up @@ -374,7 +413,8 @@ test('can run multiple addAlias', () => {
});
});

test('keyId resolves to a Ref', () => {
testFutureBehavior('keyId resolves to a Ref', flags, cdk.App, (app) => {
const stack = new cdk.Stack(app);
const key = new kms.Key(stack, 'MyKey');

new cdk.CfnOutput(stack, 'Out', {
Expand All @@ -387,7 +427,8 @@ test('keyId resolves to a Ref', () => {
});
});

test('fails if key policy has no actions', () => {
testFutureBehavior('fails if key policy has no actions', flags, cdk.App, (app) => {
const stack = new cdk.Stack(app);
const key = new kms.Key(stack, 'MyKey');

key.addToResourcePolicy(new iam.PolicyStatement({
Expand All @@ -398,7 +439,8 @@ test('fails if key policy has no actions', () => {
expect(() => app.synth()).toThrow(/A PolicyStatement must specify at least one \'action\' or \'notAction\'/);
});

test('fails if key policy has no IAM principals', () => {
testFutureBehavior('fails if key policy has no IAM principals', flags, cdk.App, (app) => {
const stack = new cdk.Stack(app);
const key = new kms.Key(stack, 'MyKey');

key.addToResourcePolicy(new iam.PolicyStatement({
Expand All @@ -410,14 +452,15 @@ test('fails if key policy has no IAM principals', () => {
});

describe('imported keys', () => {
test('throw an error when providing something that is not a valid key ARN', () => {
testFutureBehavior('throw an error when providing something that is not a valid key ARN', flags, cdk.App, (app) => {
const stack = new cdk.Stack(app);
expect(() => {
kms.Key.fromKeyArn(stack, 'Imported', 'arn:aws:kms:us-east-1:123456789012:key');
}).toThrow(/KMS key ARN must be in the format 'arn:aws:kms:<region>:<account>:key\/<keyId>', got: 'arn:aws:kms:us-east-1:123456789012:key'/);

});

test('can have aliases added to them', () => {
testFutureBehavior('can have aliases added to them', flags, cdk.App, (app) => {
const stack2 = new cdk.Stack(app, 'Stack2');
const myKeyImported = kms.Key.fromKeyArn(stack2, 'MyKeyImported',
'arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012');
Expand All @@ -443,15 +486,17 @@ describe('imported keys', () => {

describe('addToResourcePolicy allowNoOp and there is no policy', () => {
// eslint-disable-next-line jest/expect-expect
test('succeed if set to true (default)', () => {
testFutureBehavior('succeed if set to true (default)', flags, cdk.App, (app) => {
const stack = new cdk.Stack(app);
const key = kms.Key.fromKeyArn(stack, 'Imported',
'arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012');

key.addToResourcePolicy(new iam.PolicyStatement({ resources: ['*'], actions: ['*'] }));

});

test('fails if set to false', () => {
testFutureBehavior('fails if set to false', flags, cdk.App, (app) => {
const stack = new cdk.Stack(app);
const key = kms.Key.fromKeyArn(stack, 'Imported',
'arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012');

Expand All @@ -463,16 +508,8 @@ describe('addToResourcePolicy allowNoOp and there is no policy', () => {
});

describe('when the defaultKeyPolicies feature flag is disabled', () => {
beforeEach(() => {
app = new cdk.App({
context: {
'@aws-cdk/aws-kms:defaultKeyPolicies': false,
},
});
stack = new cdk.Stack(app);
});

test('default key policy', () => {
testLegacyBehavior('default key policy', cdk.App, (app) => {
const stack = new cdk.Stack(app);
new kms.Key(stack, 'MyKey');

expect(stack).toHaveResource('AWS::KMS::Key', {
Expand All @@ -496,7 +533,8 @@ describe('when the defaultKeyPolicies feature flag is disabled', () => {
}, ResourcePart.CompleteDefinition);
});

test('policy if specified appends to the default key policy', () => {
testLegacyBehavior('policy if specified appends to the default key policy', cdk.App, (app) => {
const stack = new cdk.Stack(app);
const key = new kms.Key(stack, 'MyKey');
const p = new iam.PolicyStatement({ resources: ['*'], actions: ['kms:Encrypt'] });
p.addArnPrincipal('arn:aws:iam::111122223333:root');
Expand Down Expand Up @@ -536,7 +574,8 @@ describe('when the defaultKeyPolicies feature flag is disabled', () => {
});
});

test('trustAccountIdentities changes key policy to allow IAM control', () => {
testLegacyBehavior('trustAccountIdentities changes key policy to allow IAM control', cdk.App, (app) => {
const stack = new cdk.Stack(app);
new kms.Key(stack, 'MyKey', { trustAccountIdentities: true });
expect(stack).toHaveResourceLike('AWS::KMS::Key', {
KeyPolicy: {
Expand All @@ -554,7 +593,8 @@ describe('when the defaultKeyPolicies feature flag is disabled', () => {
});
});

test('additional key admins can be specified (with imported/immutable principal)', () => {
testLegacyBehavior('additional key admins can be specified (with imported/immutable principal)', cdk.App, (app) => {
const stack = new cdk.Stack(app);
const adminRole = iam.Role.fromRoleArn(stack, 'Admin', 'arn:aws:iam::123456789012:role/TrustedAdmin');
new kms.Key(stack, 'MyKey', { admins: [adminRole] });

Expand Down Expand Up @@ -583,7 +623,8 @@ describe('when the defaultKeyPolicies feature flag is disabled', () => {
});
});

test('additional key admins can be specified (with owned/mutable principal)', () => {
testLegacyBehavior('additional key admins can be specified (with owned/mutable principal)', cdk.App, (app) => {
const stack = new cdk.Stack(app);
const adminRole = new iam.Role(stack, 'AdminRole', {
assumedBy: new iam.AccountRootPrincipal(),
});
Expand Down Expand Up @@ -627,8 +668,9 @@ describe('when the defaultKeyPolicies feature flag is disabled', () => {
});

describe('grants', () => {
test('grant decrypt on a key', () => {
testLegacyBehavior('grant decrypt on a key', cdk.App, (app) => {
// GIVEN
const stack = new cdk.Stack(app);
const key = new kms.Key(stack, 'Key');
const user = new iam.User(stack, 'User');

Expand Down Expand Up @@ -672,7 +714,7 @@ describe('when the defaultKeyPolicies feature flag is disabled', () => {
});
});

test('grant for a principal in a dependent stack works correctly', () => {
testLegacyBehavior('grant for a principal in a dependent stack works correctly', cdk.App, (app) => {
const principalStack = new cdk.Stack(app, 'PrincipalStack');
const principal = new iam.Role(principalStack, 'Role', {
assumedBy: new iam.AnyPrincipal(),
Expand Down
Loading