-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(aws-cdk-lib): creating a stack and a bucket with the same construct ID works, but then fails when trying to add a role to the bucket #29625
Comments
Hi @Ronnie76er , thanks for reaching out. This scenario works fine for me ,given the same bucket name and stack name. I Here is the snapshot for the same - sample code snippet for reference -
There Cloudformation tracks resources through Logical ids described in this article. Although given the same name to stack and bucket, their logical id is different ,hence it should not cause any error. |
|
@khushail it's very weird. So, using your code to reference the role, I get the same result as you, it works. However, referencing a role in the way I do, the error is there. You may need to reference a role that already exists in the account to get it to reproduce. Here's the code now:
And here's the screenshot of it running, first referencing the role how I did, and then creating a role as you did (I aborted without deploying, but it seems like it would apply fine): Here's a screenshot of the resources in the CloudFormation, before trying to apply the role: Let me know if there's any other information I could provide. What I'm trying to do in my actual CloudFormation is allow an existing role in the account to readWrite to the bucket, and I'm wondering if I have to do some annoying moving of resources so that the logical ids don't conflict. NOTE: Doing the above, I used CDK version: 2.135.0 (build d46c474) |
Hey @Ronnie76er , I used an existing role and granted the bucket read write access to the role which succeeded. Sharing the snippet - const s3Bucket = new s3.Bucket(this, "some-bucket", {
bucketName: "my-bucket-name-0913"
})
const somerole = iam.Role.fromRoleArn(this,"some-role-091","arn:aws:iam::12345678910:role/some-role-name-090")
s3Bucket.grantReadWrite(somerole); This is the policy role had-
let me know if this does not work for you. |
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one. |
Describe the bug
I created a stack and a bucket with the same value for
id
,some-bucket
in the example. This created successfully. I then tried to add a role to the bucket. It failed with an error:Expected Behavior
I expect that the stack would error out on first create, being that the stack construct ID and the bucket construct ID are the same.
Current Behavior
The stack is allowed to be created at first, but you cannot update the role afterwards, and need to do some type of migration of the bucket to fix it.
The full stack trace of the error is:
Reproduction Steps
bin/sample-cdk-issue.ts
lib/sample-cdk-issue-stack.ts
This is the only use case I came across where it happens. I tried adding a tag to the bucket, but that did NOT recreate the issue.
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.133.0 (build dcc1e75)
Framework Version
No response
Node.js Version
v20.6.1
OS
Linux 6a3d87591146 6.6.16-linuxkit #1 SMP Fri Feb 16 11:54:02 UTC 2024 aarch64 GNU/Linux
Language
TypeScript
Language Version
5.3.3
Other information
No response
The text was updated successfully, but these errors were encountered: