We have separate AWS IAM roles for Spacelift integration attachments, so we can allow preview runs to run on unapproved code changes, without worrying about someone being able to make a change to the underlying AWS resources from their GitHub branch.
This is working well, except autoattach:<label> no longer works to attach these integrations, because it defaults to allowing writes. So we have to explicitly create every integration attachment for every stack.
Is it possible to allow autoattach_read:<label> (and autoattach_write:<label> for symmetry) labels on AWS integrations to specify what the integration should be used for on the stacks that match?
Please authenticate to join the conversation.
π In Review
π‘ Feature Requests
Integrations
About 2 hours ago
Get notified by email when there are changes.
π In Review
π‘ Feature Requests
Integrations
About 2 hours ago
Get notified by email when there are changes.