[PR #48] [MERGED] chore: Add IamPolicyAutopilot policy ID to access denied flows #204

New issue

Closed

opened 2026-03-15 11:53:07 +03:00 by kerem · 0 comments

kerem commented

2026-03-15 11:53:07 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/awslabs/iam-policy-autopilot/pull/48
Author: @LukeKennedy
Created: 12/2/2025
Status: ✅ Merged
Merged: 12/10/2025
Merged by: @LukeKennedy

Base: main ← Head: main

📝 Commits (1)

67aa3a0 chore: Add IamPolicyAutopilot policy ID to access denied flows

📊 Changes

9 files changed (+28 additions, -7 deletions)

View changed files

📝 iam-policy-autopilot-access-denied/src/aws/iam_client.rs (+5 -1)
📝 iam-policy-autopilot-access-denied/src/aws/mod.rs (+1 -1)
📝 iam-policy-autopilot-access-denied/src/aws/policy_naming.rs (+3 -3)
📝 iam-policy-autopilot-access-denied/src/commands/apply.rs (+6 -1)
📝 iam-policy-autopilot-access-denied/src/lib.rs (+1 -1)
📝 iam-policy-autopilot-access-denied/src/synthesis/policy_builder.rs (+2 -0)
📝 iam-policy-autopilot-access-denied/src/types.rs (+5 -0)
📝 iam-policy-autopilot-mcp-server/src/tools/fix_access_denied.rs (+2 -0)
📝 iam-policy-autopilot-mcp-server/src/tools/generate_policy_for_access_denied.rs (+3 -0)

📄 Description

Description of changes:
The access denied flows only place the IamPolicyAutopilot tag in the statement ID, not the policy ID. This change adds it to the policy ID.

This is Option<String> because there is no assurance the incoming policy when merging has the field present, so it must be able to be optionally included for proper parsing. I've manually tested it with a few policies and screwed up others to make sure it handles the merging gracefully.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/awslabs/iam-policy-autopilot/pull/48 **Author:** [@LukeKennedy](https://github.com/LukeKennedy) **Created:** 12/2/2025 **Status:** ✅ Merged **Merged:** 12/10/2025 **Merged by:** [@LukeKennedy](https://github.com/LukeKennedy) **Base:** `main` ← **Head:** `main` --- ### 📝 Commits (1) - [`67aa3a0`](https://github.com/awslabs/iam-policy-autopilot/commit/67aa3a09c4a6ed018709ab206584f44e84edce8c) chore: Add IamPolicyAutopilot policy ID to access denied flows ### 📊 Changes **9 files changed** (+28 additions, -7 deletions) <details> <summary>View changed files</summary> 📝 `iam-policy-autopilot-access-denied/src/aws/iam_client.rs` (+5 -1) 📝 `iam-policy-autopilot-access-denied/src/aws/mod.rs` (+1 -1) 📝 `iam-policy-autopilot-access-denied/src/aws/policy_naming.rs` (+3 -3) 📝 `iam-policy-autopilot-access-denied/src/commands/apply.rs` (+6 -1) 📝 `iam-policy-autopilot-access-denied/src/lib.rs` (+1 -1) 📝 `iam-policy-autopilot-access-denied/src/synthesis/policy_builder.rs` (+2 -0) 📝 `iam-policy-autopilot-access-denied/src/types.rs` (+5 -0) 📝 `iam-policy-autopilot-mcp-server/src/tools/fix_access_denied.rs` (+2 -0) 📝 `iam-policy-autopilot-mcp-server/src/tools/generate_policy_for_access_denied.rs` (+3 -0) </details> ### 📄 Description *Description of changes:* The access denied flows only place the IamPolicyAutopilot tag in the statement ID, not the policy ID. This change adds it to the policy ID. This is `Option<String>` because there is no assurance the incoming policy when merging has the field present, so it must be able to be optionally included for proper parsing. I've manually tested it with a few policies and screwed up others to make sure it handles the merging gracefully. By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>