[aws-ints] Align IAM policy naming to match onboarding templates #260
+88
−46
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ksirrah13
reviewed
Nov 21, 2025
| LOGGER.error(f"Error deleting policy {policy_name}: {str(e)}") | ||
|
|
||
| # Clean up legacy hash-based policies if they exist (from old versions of this template) | ||
| legacy_prefixes = ["datadog-aws-integration-iam-permissions"] |
There was a problem hiding this comment.
is this expected to have more prefixes to deal with or can we eliminate the loop to reduce nesting?
| legacy_prefixes = ["datadog-aws-integration-iam-permissions"] | ||
| for prefix in legacy_prefixes: | ||
| for i in range(1, max_policies + 1): | ||
| policy_name = f"{prefix}-part{i}" |
There was a problem hiding this comment.
isn't this missing the hash so it won't match the previous naming convention?
| for i, chunk in enumerate(permission_chunks): | ||
| # Create policy | ||
| policy_name = f"{base_policy_name}-part{i+1}" | ||
| policy_name = f"{role_name}-ManagedPolicy-{i+1}" |
There was a problem hiding this comment.
maybe move this to a get policy method that you can share so we don't get out of sync again with the format for creation and deletion
| """Clean up existing policies with the base_policy_name prefix""" | ||
| for i in range(max_policies): | ||
| policy_name = f"{base_policy_name}-part{i+1}" | ||
| def cleanup_existing_policies(iam_client, role_name, account_id, max_policies=20): |
There was a problem hiding this comment.
is this just a copy paste from above or does this get generated or something?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note: Please remember to review the contribution guidelines
if you have not yet done so.
What does this PR do?
Changes the naming of the iam policies created by the
aws_attach_integration_permissionstemplate to match the naming in our quickstart and organizations templatesdatadog-aws-integration-iam-permissions-{hash}-part1,part2, etc.{RoleName}-ManagedPolicy-1,{RoleName}-ManagedPolicy-2, etc.Motivation
A customer noticed that we are creating policies with duplicate permissions since the naming is not aligned
Testing Guidelines
How did you test this pull request?
Additional Notes
Anything else we should know when reviewing?