aws-cdk: Make PublicAccessBlockConfiguration optional for cdk bootstrap

We would like to deploy the cdk bootstrap stack without the PublicAccessBlockConfiguration property.

Use Case

Setting this property is restricted in our organization account.

Proposed Solution

Possible solution:

cdk bootstrap --without-public-access-block-configuration

Other

  • đź‘‹ I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 11
  • Comments: 19 (7 by maintainers)

Commits related to this issue

Most upvoted comments

@eladb, my company did not give s3 put permission to our organization access key for security reasons. “–without-public-access-block-configuration” it would be nice solution.

+4
bruce-igaw on Dec 10, 2019

@hoegertn it is not that the bucket is public, these rules are managed on the account level and we only have limited access to what we can do within the account. Part of our permission boundary is that we can’t perform s3:PutPublicAccessBlock which means that the cdk bootstrap stack fails with the following error:

API: s3:PutPublicAccessBlock Access Denied
+4
abelmokadem on Nov 14, 2019
Read more comments on GitHub
← aws-cdk: Logs: Faulty Resource Policy generated
aws-cdk: New Docker-based Parcel Build does not work on CircleCI (and likely other CI platforms) →