Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AwsCustomResource cannot access resources in other regions #4292

Closed
konstantinj opened this issue Sep 30, 2019 · 2 comments · Fixed by #4298
Closed

AwsCustomResource cannot access resources in other regions #4292

konstantinj opened this issue Sep 30, 2019 · 2 comments · Fixed by #4298
Assignees
@eladb
Labels
@aws-cdk/core Related to core CDK functionality feature-request A feature should be added or improved. in-progress This issue is being actively worked on.

Comments

@konstantinj
Copy link

I've tried using AwsCustomResource to publish to a sns topic in a different region. It fails with the error "Invalid parameter: TopicArn". When I try the same with awscli I get the same error.

It looks like that could be solved by letting the lambda function use the region where the sns topic is located. Unfortunately I see no way of either changing the lambda function on the fly or setting AWS_DEFAULT_REGION as environment variable to it.

It would be great if lambda could "guess" which region to use by analysing the parameters. But being able to provide the proper region would be enough for me.

Reproduction Steps

Create an sns topic in region A and give permission to be accessed by others

export class BaseStack extends cdk.Stack {
    testTopic: sns.ITopic

    constructor(app: cdk.App, id: string, props?: cdk.StackProps) {
        super(app, id, props)

        this.testTopic = new sns.Topic(this, "TestTopic", {
            topicName: "test",
            displayName: "test"
        });

        let policy = new iam.PolicyStatement()
        policy.addAnyPrincipal()
        policy.addAllResources()
        policy.addActions("sns:Publish")

        this.testTopic.addToResourcePolicy(policy)
    }
}

Create the custom resource in region B

export class TestStack extends cdk.Stack {

    constructor(app: cdk.App, id: string, props?: cdk.StackProps) {
        super(app, id, props)

        const snsPublish = new custom.AwsCustomResource(this, "SnsPublish", {
            onUpdate: {
                service: "SNS",
                action: "publish",
                parameters: {
                    Message: "Hello From another region",
                    TopicArn: "arn:aws:sns:eu-west-1:XXXXXXXXXXXX:test",
                },
                physicalResourceId: "test",
            },
        });
    }
}

Environment

  • CDK CLI Version: 1.9.0 (build 30f158a)
  • Module Version: 1.9.0
  • OS: all
  • Language: TypeScript
@SomayaB SomayaB added needs-triage This issue or PR still needs to be triaged. bug This issue is a bug. @aws-cdk/aws-sns Related to Amazon Simple Notification Service package/awscl Cross-cutting issues related to the AWS Construct Library @aws-cdk/aws-iam Related to AWS Identity and Access Management and removed package/awscl Cross-cutting issues related to the AWS Construct Library labels Sep 30, 2019
jogold added a commit to jogold/aws-cdk that referenced this issue Sep 30, 2019
@jogold
fix(custom-resources): support region for AwsCustomResource
310ef29 
Allow to specify region for AWS API calls.

Remove gitignored file `lib/sdk-api-metadata.json`.

Closes aws#4292
jogold added a commit to jogold/aws-cdk that referenced this issue Sep 30, 2019
@jogold
fix(custom-resources): support region for AwsCustomResource
05a841b 
Allow to specify region for AWS API calls in `AwsCustomResource`

Remove gitignored file `lib/sdk-api-metadata.json`.

Closes aws#4292
@jogold jogold mentioned this issue Sep 30, 2019
Merged
@SomayaB SomayaB added the in-progress This issue is being actively worked on. label Sep 30, 2019
@nija-at nija-at added feature-request A feature should be added or improved. @aws-cdk/core Related to core CDK functionality and removed bug This issue is a bug. @aws-cdk/aws-iam Related to AWS Identity and Access Management @aws-cdk/aws-sns Related to Amazon Simple Notification Service labels Oct 1, 2019
@nija-at nija-at assigned eladb and unassigned nija-at Oct 1, 2019
@SomayaB
Copy link
Contributor

SomayaB commented Oct 1, 2019

Hi @konstantinj, thank you for your request. It looks like @jogold is already working on it! Thank you! 👍

@SomayaB SomayaB removed the needs-triage This issue or PR still needs to be triaged. label Oct 1, 2019
@eladb
Copy link
Contributor

eladb commented Oct 2, 2019

Also commented on the PR: I am not sure this is a good idea. What is the use case exactly? It's generally considered an anti-pattern to perform cross region operations. If users wish to invoke APIs in a region, they can just create a CFN stack in that region.

@mergify mergify bot closed this as completed in #4298 Oct 3, 2019
mergify bot pushed a commit that referenced this issue Oct 3, 2019
@jogold @mergify
fix(custom-resources): support region for AwsCustomResource (#4298)
934d36f 
* fix(custom-resources): support region for AwsCustomResource

Allow to specify region for AWS API calls in `AwsCustomResource`

Remove gitignored file `lib/sdk-api-metadata.json`.

Closes #4292

* add warning note in region doc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eladb eladb

Labels
@aws-cdk/core Related to core CDK functionality feature-request A feature should be added or improved. in-progress This issue is being actively worked on.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(custom-resources): support region for AwsCustomResource jogold/aws-cdk
4 participants
@eladb @konstantinj @nija-at @SomayaB