S3 LambdaDestination creates a cyclic reference #5760
Comments
rinfield
added
bug
SomayaB
added
cross-stack
|
Hi @rinfield, thanks for reporting this. We will update this issue when there is movement. |
|
I'm having the same issue. Is there a work around? |
|
I too am having this issue. I haven't been able to find any work around, other than creating bucket and function in the same stack. |
|
+1 |
|
+1 |
|
+1 |
|
anyone tested if this happens in nestedStack too? |
…cy when bucket and lambda are in different stacks (#10426) When the bucket and function are in two different stacks, the following stacks are created: ### Bucket Stack - `s3.Bucket` - `s3.BucketNotificationHandler` (creates a dependency on **lambda stack** since it configures the target of the trigger) ### Lambda Stack - `lambda.Function` - `lambda.Permission` (creates a dependency on the **bucket stack** since it configures the lambda to allow invocations from that specific bucket) The solution is to switch up the `lambda.Permission` scope and use the bucket instead of the function, so that it is added to the bucket stack, leaving the lambda stack independent. Fixes #5760 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
+1 |
|
same here |
|
Looks like this is still an issue! Cyclic dependency error as described in issue description. This relates to #11245. |
|
Hello any updates? why is it closed? |
|
One possible workaround is to use AwsCustomResource. You basically specify an AWS SDK call to be executed onCreate, onUpdate or onDelete - internally this creates a Lambda that will do the real work: Note: This replaces the existing notification configuration with the configuration you include in the parameter. Check: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotificationConfiguration.html lambda.addPermission(`AllowS3Invocation`, {
action: 'lambda:InvokeFunction',
principal: new ServicePrincipal('s3.amazonaws.com'),
sourceArn: bucket.bucketArn
})
const notificationResource = new AwsCustomResource(this, `NotificationCustomResource`, {
logRetention: RetentionDays.THREE_DAYS,
policy: AwsCustomResourcePolicy.fromStatements([
new PolicyStatement({
effect: Effect.ALLOW,
actions: ['s3:PutBucketNotification'],
resources: [bucket.bucketArn, `${ bucket.bucketArn }/*`],
})
]),
onCreate: {
service: 'S3',
action: 'putBucketNotificationConfiguration',
parameters: {
Bucket: bucket.bucketName,
NotificationConfiguration: {
LambdaFunctionConfigurations: [
{
Events:['s3:ObjectCreated:*'],
LambdaFunctionArn: lambda.functionArn,
}
]
}
},
physicalResourceId: PhysicalResourceId.of(`${ id + Date.now().toString() }`),
},
})
notificationResource.node.addDependency(lambda.permissionsNode.findChild('AllowS3Invocation') |
|
+1 - this is still an issue. |
|
+1 - still an issue |
|
+1 - this is still an issue. |
|
+1 |
1 similar comment
|
+1 |
Setting S3 Bucket notification to a Lambda function in the other stack creates a cyclic reference.
Reproduction Steps
Error Log
Environment
Other
The resources for the notification seem to have been attached to the stack for Lambda Function and it is causing cyclic reference. Instead, it should be attached to the stack for S3 Bucket.
Passing explicit scope at
fn.addPermission()would solve the problem, but I'm not sure it is an appropriate fix or not.This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: