Skip to content

Commit a3515fd

Browse files
author
Bob Strahan
committed
Add PermissionsBoundary support to Step Functions and fix minor issues
1 parent 29f6c76 commit a3515fd

File tree

5 files changed

+5
-2
lines changed

5 files changed

+5
-2
lines changed

CHANGELOG.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ SPDX-License-Identifier: MIT-0
88
### Added
99
- **Optional Permissions Boundary Support for Enterprise Deployments**
1010
- Added `PermissionsBoundaryArn` parameter to all CloudFormation templates for organizations with Service Control Policies (SCPs) requiring permissions boundaries
11-
- Comprehensive support for both explicit IAM roles and implicit roles created by AWS SAM functions with `Policies:`
11+
- Comprehensive support for both explicit IAM roles and implicit roles created by AWS SAM functions and statemachines`
1212
- Conditional implementation ensures backward compatibility - when no permissions boundary is provided, roles deploy normally
1313

1414
## [0.3.8]

patterns/pattern-1/template.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -475,6 +475,7 @@ Resources:
475475
DocumentProcessingStateMachine:
476476
Type: AWS::Serverless::StateMachine
477477
Properties:
478+
PermissionsBoundary: !If [HasPermissionsBoundary, !Ref PermissionsBoundaryArn, !Ref AWS::NoValue]
478479
Name: !Sub "${AWS::StackName}-DocumentProcessingWorkflow"
479480
DefinitionUri: statemachine/workflow.asl.json
480481
DefinitionSubstitutions:

patterns/pattern-2/template.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1315,6 +1315,7 @@ Resources:
13151315
DocumentProcessingStateMachine:
13161316
Type: AWS::Serverless::StateMachine
13171317
Properties:
1318+
PermissionsBoundary: !If [HasPermissionsBoundary, !Ref PermissionsBoundaryArn, !Ref AWS::NoValue]
13181319
Name: !Sub "${AWS::StackName}-DocumentProcessingWorkflow"
13191320
DefinitionUri: statemachine/workflow.asl.json
13201321
DefinitionSubstitutions:

patterns/pattern-3/template.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1217,6 +1217,7 @@ Resources:
12171217
DocumentProcessingStateMachine:
12181218
Type: AWS::Serverless::StateMachine
12191219
Properties:
1220+
PermissionsBoundary: !If [HasPermissionsBoundary, !Ref PermissionsBoundaryArn, !Ref AWS::NoValue]
12201221
Name: !Sub "${AWS::StackName}-DocumentProcessingWorkflow"
12211222
DefinitionUri: statemachine/workflow.asl.json
12221223
DefinitionSubstitutions:

publish.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -161,7 +161,7 @@ function calculate_hash() {
161161
# Calculate directory checksum
162162
function get_dir_checksum() {
163163
local dir=$1
164-
local dir_checksum=$(find "$dir" -type d \( -name "python" -o -name "node_modules" -o -name "build" -o -name ".aws-sam" -o -name "dist" -o -name "__pycache__" -o -name "*.egg-info" \) -prune -o -type f \( ! -name ".checksum" -a ! -name "*.pyc" \) -exec $STAT_CMD {} \; | sha256sum | awk '{ print $1 }')
164+
local dir_checksum=$(find "$dir" -type d \( -name "python" -o -name "node_modules" -o -name "build" -o -name ".aws-sam" -o -name "dist" -o -name "__pycache__" -o ".pytest_cache" -o -name "*.egg-info" \) -prune -o -type f \( ! -name ".checksum" -a ! -name "*.pyc" \) -exec $STAT_CMD {} \; | sha256sum | awk '{ print $1 }')
165165
local combined_string="$BUCKET $PREFIX_AND_VERSION $REGION $dir_checksum"
166166
echo -n "$combined_string" | sha256sum | awk '{ print $1 }'
167167
}

0 commit comments

Comments
 (0)