From 79ef87eb4e5e65974aac955e0bb89cd3af454a87 Mon Sep 17 00:00:00 2001 From: Parker Scanlon <69879391+scanlonp@users.noreply.github.com> Date: Wed, 10 Jul 2024 15:58:58 -0700 Subject: [PATCH 1/3] add condition to file publish role --- packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml b/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml index 6d4ec2323efbd..571f239823a5c 100644 --- a/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml +++ b/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml @@ -377,6 +377,10 @@ Resources: Resource: - Fn::Sub: "${StagingBucket.Arn}" - Fn::Sub: "${StagingBucket.Arn}/*" + Condition: + StringEquals: + aws:ResourceAccount: + - Fn::Sub: ${AWS::AccountId} Effect: Allow - Action: - kms:Decrypt From a332a691c342580aab5087e325d33b36be38598d Mon Sep 17 00:00:00 2001 From: Parker Scanlon <69879391+scanlonp@users.noreply.github.com> Date: Thu, 11 Jul 2024 15:14:55 -0700 Subject: [PATCH 2/3] bump bootstrap version --- packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml b/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml index 571f239823a5c..dace6e7977a4a 100644 --- a/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml +++ b/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml @@ -623,7 +623,7 @@ Resources: Type: String Name: Fn::Sub: '/cdk-bootstrap/${Qualifier}/version' - Value: '20' + Value: '21' Outputs: BucketName: Description: The name of the S3 bucket owned by the CDK toolkit stack From 87371d8a64dbe754e1da17c93d9b25b2acdc407e Mon Sep 17 00:00:00 2001 From: Parker Scanlon <69879391+scanlonp@users.noreply.github.com> Date: Thu, 11 Jul 2024 17:15:25 -0700 Subject: [PATCH 3/3] trigger build