Skip to content

refactor(cdk): collapse AgentSessionRole trust+grant into admitComputeRole (#213)#430

Open
krokoko wants to merge 1 commit into
mainfrom
feat/213-admit-compute-role
Open

refactor(cdk): collapse AgentSessionRole trust+grant into admitComputeRole (#213)#430
krokoko wants to merge 1 commit into
mainfrom
feat/213-admit-compute-role

Conversation

@krokoko

@krokoko krokoko commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Replace split addAssumingRole / grantAssumeToComputeRole with a single admitComputeRole that wires both IAM halves (SessionRole trust + compute-role identity grant).
  • Have the AgentSessionRole constructor call admitComputeRole for each assumingRoles entry so admission is always fully wired.
  • Unify trust statements to bundled sts:AssumeRole + sts:TagSession per principal; update agent.ts, ecs-agent-cluster.ts, and tests.

Closes #213.

Test plan

  • mise //cdk:test -- agent-session-role
  • mise //cdk:test -- ecs-agent-cluster
  • mise //cdk:synth

Made with Cursor

@cursoragent
refactor(cdk): collapse AgentSessionRole trust+grant into admitComput…
1149114 
…eRole (#213)

Replace split addAssumingRole/grantAssumeToComputeRole with a single method
so SessionRole admission always wires both IAM halves together.

Co-authored-by: Cursor <cursoragent@cursor.com>
@krokoko krokoko requested review from a team as code owners June 23, 2026 04:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

refactor(cdk): collapse AgentSessionRole trust+grant into one admitComputeRole method

1 participant

@krokoko