-
Notifications
You must be signed in to change notification settings - Fork 0
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see the word "Mellon" many times, particularly in the "manifest-passthrough-pipeline.yml" and "manifest-passthrough.yml" files. Since we intend to change the name from "Mellon" to "MARBLE" over the next few sprints, is it feasible to change any of these references now?
@SteveMattison I took your advice and updated mellon to marble where I could. Some of the other changes will have to wait until when/if change existing repo names from mellon to marble(ex mellon-blueprints, mellon-app-infrastructure, etc) |
Statement: | ||
# Allow the role to create SSM resources specified by manifest-pipeline.yml | ||
- Action: | ||
- 'ssm:Delete*' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're trying to use less wildcards on actions, so change this to the explicit list.
- !Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter${AppConfigPathTest}/*" | ||
Effect: Allow | ||
- Action: | ||
- 'lambda:*' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're trying to use less wildcards on actions, so change this to the explicit list.
PassthroughUrl: | ||
Type: String | ||
Description: Primo passthrough url | ||
PrimoApiKey: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Either add NoEcho: True
or change this to expect an SSM parameter within AppConfigPath
PrimoApiKey: | ||
Type: String | ||
Description: Primo API key | ||
PrimoSandboxApiKey: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Either add NoEcho: True
or change this to expect an SSM parameter within AppConfigPath
CodeUri: passthrough/ | ||
Environment: | ||
Variables: | ||
PRIMO_API_KEY: !Ref PrimoApiKey |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are clear text in the env. It would be better to have your lambda read these things from AppConfigPath
Variables: | ||
PRIMO_API_KEY: !Ref PrimoApiKey | ||
PASSTHROUGH_URL: !Ref PassthroughUrl | ||
PRIMO_SANDBOX_API_KEY: !Ref PrimoSandboxApiKey |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These are clear text in the env. It would be better to have your lambda read these things from AppConfigPath
No description provided.