aws-cdk icon indicating copy to clipboard operation
aws-cdk copied to clipboard

Published 20 hours ago verified publisher icon aws

feat(aws-s3): allow customising role used for autoDeleteObjects

Open haslam22 opened this issue 3 years ago • 2 comments

It's currently not possible to use autoDeleteObjects in a restricted environment where role creation is not allowed because it always creates a new role for the underlying lambda-backed custom resource provider.

This change introduces a new property autoDeleteObjectsRole allowing a user-provided role to be used instead of creating a new one. The custom resource provider will still act as a singleton but for a specific role instead i.e. at most one custom resource provider is created for every unique instance of autoDeleteObjectsRole.

This hopefully brings things in line with other custom-resource backed constructs/features, e.g. BucketDeployment or S3 bucket notifications where the role used for the underlying custom resource provider can be manually specified.

Fixes #16496

All Submissions:

Adding new Unconventional Dependencies:

  • [ ] This PR adds new unconventional dependencies following the process described here

New Features

  • [x] Have you added the new feature to an integration test?
    • [x] Did you use yarn integ to deploy the infrastructure and generate the snapshot (i.e. yarn integ without --dry-run)?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

haslam22 avatar Aug 29 '22 20:08 haslam22

gitpod-io[bot] avatar Aug 29 '22 20:08 gitpod-io[bot]

Thanks for the comment @TheRealAmazonKendra - that's a really good point. I tested this and actually it turns out updating custom resources with a new service token isn't supported by CloudFormation, so the stack deploy fails against an existing stack. Oops.

So that means I'll have to create a new custom resource instead (which would drop the old one when updating a stack) pointing to the new lambda provider. This approach is also a bit problematic as the old custom resource will attempt to empty the bucket when deleted as a side effect, not ideal.

I'll have to dig into this a bit more, it looks like an issue similar to https://github.com/aws/aws-cdk/issues/7128 so maybe there's some wisdom I can borrow from the fix applied there. I'll convert it to a draft PR in the mean time until I have a more concrete solution.

haslam22 avatar Oct 24 '22 15:10 haslam22

This PR has been in the MERGE CONFLICTS state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week.

aws-cdk-automation avatar Oct 26 '22 15:10 aws-cdk-automation

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: a4249b36e0775bda3d2b4d0ba6fed708b6d0434b
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

aws-cdk-automation avatar Oct 29 '22 19:10 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 02 '22 00:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 02 '22 16:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 03 '22 00:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 03 '22 08:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 04 '22 00:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 05 '22 00:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 06 '22 00:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 07 '22 00:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 08 '22 00:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 09 '22 00:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 10 '22 00:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 11 '22 00:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 12 '22 00:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 13 '22 00:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 14 '22 00:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 15 '22 00:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 16 '22 00:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 17 '22 00:11 aws-cdk-automation

This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state.

aws-cdk-automation avatar Nov 18 '22 00:11 aws-cdk-automation

This PR has been in the BUILD FAILING state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week.

aws-cdk-automation avatar Nov 20 '22 00:11 aws-cdk-automation

This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error.

aws-cdk-automation avatar Nov 27 '22 00:11 aws-cdk-automation