cloudformation-coverage-roadmap icon indicating copy to clipboard operation
cloudformation-coverage-roadmap copied to clipboard

Published 20 hours ago verified publisher icon aws-cloudformation

AWS::S3::BucketNotification

Open benkehoe opened this issue 6 years ago • 44 comments
trafficstars

  1. Title -> AWS::S3::BucketNotification
  2. Scope of request -> Allow bucket notifications to be managed separate from the bucket resource itself, resolving a longstanding circular reference problem
  3. Expected behavior -> I should be able to create auto-named buckets with notifications that invoke Lambda/SNS/SQS
  5. Links to existing API doc -> see below
  6. Category tag -> Compute, Storage
  7. Additional context:

The problem:

  1. Image thumbnailing is serverless 101. It involves setting up bucket notifications to invoke a Lambda function on file upload to a bucket (then generate the thumbnails and write them back to the bucket).
  2. A best practice for CloudFormation is to let CloudFormation name your resources wherever possible, and only deal with logical ids, not physical resource ids.
  3. These two things cannot currently be accomplished simultaneously. There needs to be a Lambda permission or SNS/SQS topic/queue policy, which needs to reference the bucket name, but the permission is checked for at notification configuration creation, before the bucket name could be provided to the permission resource.

Fundamentally, this is because there is not a separation between the the creation of a bucket (and its name) and the settings on that bucket. There are at least three separate places on AWS that say 🤷 to customers and tell them to manually create a bucket name in two separate places, which is brittle both in terms of multiple deployments of the template and in terms of updating that bucket name in the future.

This could instead be solved with a separate BucketNotification resource. The bucket resource would be created first, the name !Ref'd to the relevant places, and then the BucketNotification resource would install the notification configuration onto the bucket.

benkehoe avatar Aug 01 '19 19:08 benkehoe

Would this help solve this SAM issue? https://github.com/awslabs/serverless-application-model/issues/138

rosskarchner avatar Aug 01 '19 20:08 rosskarchner

Yes, it's exactly that same problem.

benkehoe avatar Aug 01 '19 20:08 benkehoe

AWS folks, any chance this will move onto the board soon?

rosskarchner avatar Dec 16 '19 14:12 rosskarchner

We're keeping an eye on the +1s on this, but we're trying to prioritize coverage items first.

luiseduardocolon avatar Dec 16 '19 20:12 luiseduardocolon

This took us by surprise today. Seems to make Policy Templates unusable.. Please Fix! We don't like letting workaround hacks live in our production environments.

tebruno99 avatar Mar 20 '20 17:03 tebruno99

+1 on this. This has hit us more than once and feel this should be prioritized. It is not possible to achieve what i consider "THE" base use-case for bucket notifications: "read file that was just added to bucket", without resolving to cumbersome workarounds.

dennisandersen avatar Apr 14 '20 11:04 dennisandersen

A couple of useful links:

Existing Custom Resource which implements this functionality: https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-s3-notification-lambda/

CDK issue which is blocked by this issue: aws/aws-cdk#4323

TonyFNZ avatar May 07 '20 00:05 TonyFNZ

+1

purnesh avatar Jul 11 '20 02:07 purnesh

+1

major-fire avatar Jul 16 '20 09:07 major-fire

+1

jorgeandresvasquez avatar Jul 18 '20 18:07 jorgeandresvasquez

+1

yeDor avatar Jul 24 '20 13:07 yeDor

+1

jorgeandresvasquez avatar Jul 25 '20 14:07 jorgeandresvasquez

+1

Still implementing workarounds like this, https://aws.amazon.com/blogs/mt/resolving-circular-dependency-in-provisioning-of-amazon-s3-buckets-with-aws-lambda-event-notifications/

Plus-one for all of Ben's original points.

jeffmarcinko avatar Jul 27 '20 17:07 jeffmarcinko

+1

IanShoe avatar Jul 27 '20 17:07 IanShoe

+1

adhandharia avatar Sep 11 '20 02:09 adhandharia

+1

sahil-gt avatar Sep 11 '20 10:09 sahil-gt

Yes! +1

kz974 avatar Oct 19 '20 21:10 kz974

+1

jamescarignan avatar Oct 22 '20 02:10 jamescarignan

@purnesh @yeDor @IanShoe @kz974 @jamescarignan

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request

benbridts avatar Oct 22 '20 08:10 benbridts

+1

pam81 avatar Dec 11 '20 16:12 pam81

+1

fwanghe avatar Apr 14 '21 02:04 fwanghe

👍

fwanghe avatar Apr 19 '21 02:04 fwanghe

:+1:

gdelia avatar May 14 '21 16:05 gdelia

https://github.com/aws/aws-cdk/pull/11773 PR tries to resolve this for AWS CDK.

michaelbrewer avatar May 27 '21 06:05 michaelbrewer

+1

itharavi avatar Jul 03 '21 04:07 itharavi

+1

mrosenlund avatar Jul 14 '21 17:07 mrosenlund

+1

KlemenKozelj avatar Aug 23 '21 07:08 KlemenKozelj

@pam81 @frank-io @gdelia @itharavi @mrosenlund @KlemenKozelj

If you react with the 👍 button to the original issue, (the first comment, click on the smiley face if you're the first reacting), your votes can be used to sort issues and determine priorities.

A comment will send a notification to everyone (participants and watchers), but cannot be easily counted as a vote for an issue. Thus It's generally better to vote than to comment with "+1". To keep up to date, you can also add yourself as a watcher.

benbridts avatar Aug 23 '21 11:08 benbridts

How was this issue resolved? I don't see any updates in the CloudFormation documentation relevant to it, and it still warns against the circular dependency: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig.html

anowac01 avatar Oct 04 '21 20:10 anowac01

+1

zwezheng avatar Nov 17 '21 09:11 zwezheng