passthrough pipeline #64
Conversation
There was a problem hiding this comment.
I see the word "Mellon" many times, particularly in the "manifest-passthrough-pipeline.yml" and "manifest-passthrough.yml" files. Since we intend to change the name from "Mellon" to "MARBLE" over the next few sprints, is it feasible to change any of these references now?
|
@SteveMattison I took your advice and updated mellon to marble where I could. Some of the other changes will have to wait until when/if change existing repo names from mellon to marble(ex mellon-blueprints, mellon-app-infrastructure, etc) |
| Statement: | ||
| # Allow the role to create SSM resources specified by manifest-pipeline.yml | ||
| - Action: | ||
| - 'ssm:Delete*' |
There was a problem hiding this comment.
We're trying to use less wildcards on actions, so change this to the explicit list.
| - !Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter${AppConfigPathTest}/*" | ||
| Effect: Allow | ||
| - Action: | ||
| - 'lambda:*' |
There was a problem hiding this comment.
We're trying to use less wildcards on actions, so change this to the explicit list.
| PassthroughUrl: | ||
| Type: String | ||
| Description: Primo passthrough url | ||
| PrimoApiKey: |
There was a problem hiding this comment.
Either add NoEcho: True or change this to expect an SSM parameter within AppConfigPath
| PrimoApiKey: | ||
| Type: String | ||
| Description: Primo API key | ||
| PrimoSandboxApiKey: |
There was a problem hiding this comment.
Either add NoEcho: True or change this to expect an SSM parameter within AppConfigPath
| CodeUri: passthrough/ | ||
| Environment: | ||
| Variables: | ||
| PRIMO_API_KEY: !Ref PrimoApiKey |
There was a problem hiding this comment.
These are clear text in the env. It would be better to have your lambda read these things from AppConfigPath
| Variables: | ||
| PRIMO_API_KEY: !Ref PrimoApiKey | ||
| PASSTHROUGH_URL: !Ref PassthroughUrl | ||
| PRIMO_SANDBOX_API_KEY: !Ref PrimoSandboxApiKey |
There was a problem hiding this comment.
These are clear text in the env. It would be better to have your lambda read these things from AppConfigPath
No description provided.