-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(events): cross-region event rules #14731
feat(events): cross-region event rules #14731
Conversation
if (Token.isUnresolved(targetAccount)) { | ||
throw new Error('You need to provide a concrete account for the target stack when using cross-account events'); | ||
throw new Error('You need to provide a concrete account for the source stack when using cross-account or cross-region events'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well the conditional really says:
if (Token.isUnresolved(targetAccount)) {
// make sure we only add it once per account | ||
const exists = this.accountEventBusTargets[targetAccount]; | ||
if (!exists) { | ||
// make sure we only add it once per account per region |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't we check for a pair of account,region
then, instead of different sets for account and regions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That would be a neater data structure but thinking ahead to requiring that the target region is one of us-east-1, us-west-2, eu-west-1
So do we want to couple the region and account into one data structure?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi, I really need this field, any plan to merge?
I see this is idle since many days, If needed I'm available to work on this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gianlucb I would really appreciate some help on this if you're able to? This was my first pull request and struggling a bit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gianlucb I would really appreciate some help on this if you're able to? This was my first pull request and struggling a bit.
I have addressed the comments from rix0rrr. Can you give me write permissions to your fork? I will push my changes, so we can merge this PR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you try to explain what the PR is trying to achieve in the PR body? |
Looks like is failing in a S3 unit test, not related with our changes |
I have implemented the changes to support cross-region targets. It was more complex than initially thought.
I think the correct behavior should be to fail otherwise creates an invalid rule, and also is not clear why this doesn't work. It actually can't work because is not possible to create the necessary components for an imported resource (we don't have the target stack - and eventually the credentials for a "remote" resource). I tried to address this in this PR, throwing an exception in case the resource is imported, but :-( even if unit testing is working this is unfortunately not consistent:
therefore not sure if this "imported" sanity check worth to be included. And not sure which is the correct behavior either. What do you think? |
The correct behavior should be to always query the "real" target environment, which we get by accessing The next hurdle is that not all resources (yet) correctly set aws-cdk/packages/@aws-cdk/core/lib/resource.ts Lines 94 to 104 in 92cadef
I think you might be right that it'll be impossible to detect whether the Sound good? |
Perfect! |
// because we don't have the target stack | ||
const isImportedResource = !sameEnvDimension(targetStack.account, targetAccount) || !sameEnvDimension(targetStack.region, targetRegion); //(targetAccount !== targetStack.account) || (targetRegion !== targetStack.region); | ||
if (isImportedResource) { | ||
throw new Error('Cannot create a cross-account or cross-region rule with an imported resource'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess I'm confused by this check.
The motivation given is "we don't have the target stack", but why do we actually need the target stack?
- For cross-account access, we could create a support stack, which in fact is done below, so why do we need the target stack? (We could do this opportunistically, create a support stack if we have an imported resource or add to the target stack if we have an owned resource -- and add a flag to disable it maybe?)
- For cross-region access, it seems nothing special needs to be done? Or am I missing something?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Discussed with @gianlucb that we should assume that thing.env.account
and thing.env.region
are correct -- if they are not correct then that's a bug in the implementation of Thing.fromThingArn()
and should be addressed there, not here.
Modulo that, ready to accept this.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
This pull request aims to extend the current support for cross-account event targets to also support limited cross-region event targets. Currently, the initial list of supported destination regions is: US East (N. Virginia – us-east-1), US West (Oregon – us-west-2), and Europe (Ireland – eu-west-1). The event can originate in any AWS region. The original feature request is described here: aws#14635 and the blog post describing this feature launch is here: https://aws.amazon.com/blogs/compute/introducing-cross-region-event-routing-with-amazon-eventbridge/ ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This pull request aims to extend the current support for cross-account event targets to also support limited cross-region event targets. Currently, the initial list of supported destination regions is: US East (N. Virginia – us-east-1), US West (Oregon – us-west-2), and Europe (Ireland – eu-west-1). The event can originate in any AWS region. The original feature request is described here: aws#14635 and the blog post describing this feature launch is here: https://aws.amazon.com/blogs/compute/introducing-cross-region-event-routing-with-amazon-eventbridge/ ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
This pull request aims to extend the current support for cross-account event targets to also support limited cross-region event targets. Currently, the initial list of supported destination regions is: US East (N. Virginia – us-east-1), US West (Oregon – us-west-2), and Europe (Ireland – eu-west-1). The event can originate in any AWS region.
The original feature request is described here: #14635 and the blog post describing this feature launch is here: https://aws.amazon.com/blogs/compute/introducing-cross-region-event-routing-with-amazon-eventbridge/
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license