prefer-grants-property β
β
Using recommended in an ESLint configuration enables this rule.
Historically, L2 constructs that represent resources with access controls have used grant* methods (e.g., topic.grantPublish(role)). AWS CDK has introduced a new pattern using Grants classes, and a more convenient grants property has been added.
While grant* methods are still available, they are now discouraged as stated in PR#35782:
The grantPublish etc methods on the L2 are now no longer recommended (though they will not be deprecated immediately to not disrupt existing code too much).
This rule enforces using the grants property instead of grant* methods for AWS CDK L2 constructs that support the new Grants class pattern.
π§ How to use β
ts
// eslint.config.mjs
export default defineConfig([
{
// ... some configs
rules: {
"awscdk/prefer-grants-property": "error",
},
},
]);β Correct Example β
ts
import { Role, ServicePrincipal } from "aws-cdk-lib/aws-iam";
import { Topic } from "aws-cdk-lib/aws-sns";
const role = new Role(stack, "MyRole", {
assumedBy: new ServicePrincipal("lambda.amazonaws.com"),
});
const topic = new Topic(stack, "MyTopic");
// β
Use grants property
topic.grants.subscribe(role);
topic.grants.publish(role);β Incorrect Example β
ts
import { Role, ServicePrincipal } from "aws-cdk-lib/aws-iam";
import { Topic } from "aws-cdk-lib/aws-sns";
const role = new Role(stack, "MyRole", {
assumedBy: new ServicePrincipal("lambda.amazonaws.com"),
});
const topic = new Topic(stack, "MyTopic");
// β Avoid using grant* methods when grants property is available
topic.grantSubscribe(role);
topic.grantPublish(role);