apprunner-roadmap
apprunner-roadmap copied to clipboard
aws
Allow Array of Services in IAM Role for Tasks and Build
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do * not help prioritize the request If you are interested in working on this issue or have submitted a pull request, please leave a comment
Tell us about your request
The current AppRunner interface in the AWS console appears to query the IAM endpoint and return a list of all IAM roles, and them somehow review those roles with statements that allow the service principals of tasks or build (.apprunner.amazonaws.com) to be used. If these two principals are listed as a list, the UI will not populate them.
Describe alternatives you've considered Separating the Principals works as expected.
Additional context
This trust does not allow the IAM role to be populated in the UI.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
["tasks.apprunner.amazonaws.com","build.apprunner.amazonaws.com"]
},
"Action": "sts:AssumeRole"
}
]
}
Whereas the same effective policy as two blocks works as expected.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "tasks.apprunner.amazonaws.com"
},
"Action": "sts:AssumeRole"
},
{
"Sid": "build",
"Effect": "Allow",
"Principal": {
"Service": "build.apprunner.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Attachments
n/a
