From ebaa1b5fc2caefdbf02e9f0ac60269dceedf15f0 Mon Sep 17 00:00:00 2001 From: Jonathan Goldwasser Date: Tue, 6 Aug 2019 08:31:21 +0300 Subject: [PATCH] fix(ssm): add GetParameters action to grantRead() (#3546) --- .../@aws-cdk/aws-ecs/test/test.container-definition.ts | 1 + packages/@aws-cdk/aws-ssm/lib/parameter.ts | 7 ++++++- .../aws-ssm/test/integ.parameter.lit.expected.json | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/packages/@aws-cdk/aws-ecs/test/test.container-definition.ts b/packages/@aws-cdk/aws-ecs/test/test.container-definition.ts index 31ef86d0c1031..897bd33a8e0e2 100644 --- a/packages/@aws-cdk/aws-ecs/test/test.container-definition.ts +++ b/packages/@aws-cdk/aws-ecs/test/test.container-definition.ts @@ -359,6 +359,7 @@ export = { { Action: [ 'ssm:DescribeParameters', + 'ssm:GetParameters', 'ssm:GetParameter', 'ssm:GetParameterHistory' ], diff --git a/packages/@aws-cdk/aws-ssm/lib/parameter.ts b/packages/@aws-cdk/aws-ssm/lib/parameter.ts index 08edec6e1d95a..d91390a70418a 100644 --- a/packages/@aws-cdk/aws-ssm/lib/parameter.ts +++ b/packages/@aws-cdk/aws-ssm/lib/parameter.ts @@ -126,7 +126,12 @@ abstract class ParameterBase extends Resource implements IParameter { public grantRead(grantee: iam.IGrantable): iam.Grant { return iam.Grant.addToPrincipal({ grantee, - actions: ['ssm:DescribeParameters', 'ssm:GetParameter', 'ssm:GetParameterHistory'], + actions: [ + 'ssm:DescribeParameters', + 'ssm:GetParameters', + 'ssm:GetParameter', + 'ssm:GetParameterHistory' + ], resourceArns: [this.parameterArn], }); } diff --git a/packages/@aws-cdk/aws-ssm/test/integ.parameter.lit.expected.json b/packages/@aws-cdk/aws-ssm/test/integ.parameter.lit.expected.json index 2985dd230d609..ee9c0735a975b 100644 --- a/packages/@aws-cdk/aws-ssm/test/integ.parameter.lit.expected.json +++ b/packages/@aws-cdk/aws-ssm/test/integ.parameter.lit.expected.json @@ -40,6 +40,7 @@ { "Action": [ "ssm:DescribeParameters", + "ssm:GetParameters", "ssm:GetParameter", "ssm:GetParameterHistory" ],