Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[aws-elasticsearch] ElasticSearch Domain Name Change Unsupported #8920

Closed
taylor-zr opened this issue Jul 7, 2020 · 2 comments
Closed

[aws-elasticsearch] ElasticSearch Domain Name Change Unsupported #8920

taylor-zr opened this issue Jul 7, 2020 · 2 comments
Assignees
@iliapolo
Labels
@aws-cdk/aws-elasticsearch Related to Amazon Elasticsearch Service guidance Question that needs advice or information. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@taylor-zr
Copy link

Changing DomainName for ES domains created with aws-elasticsearch is not supported. For example, I changed:

var elasticsearchDomain = new elasticsearch.CfnDomain(this, 'ElasticsearchDomain', {
            domainName: ccpName + suffix,
            ...
}

To

var elasticsearchDomain = new elasticsearch.CfnDomain(this, 'ElasticsearchDomain', {
            domainName: ccpName + suffix.substring(0, 8),
            ...
}

And I received:

2020-07-07 13:58:55 UTC+1000 | ElasticsearchDomain | UPDATE_FAILED | User: arn:aws:iam::228438115886:user/Workaround is not authorized to perform: es:DescribeElasticsearchDomain on resource: arn:aws:es:us-east-1:228438115886:domain/taylorzr${Token[ (Service: AWSElasticsearch; Status Code: 403; Error Code: AccessDeniedException; Request ID: a7c5be5e-3a78-4c60-b382-ceda9e5a5348)
-- | -- | -- | --
2020-07-07 13:58:54 UTC+1000 | ElasticsearchDomain | UPDATE_IN_PROGRESS | Requested update requires the creation of a new physical resource; hence creating one.

Environment

  • CLI Version : 1.46.0
  • Framework Version: 1.49.1
  • Node.js Version: 12.14.1
  • OS : Mac 10.14.6
  • Language (Version): Typescript
@taylor-zr taylor-zr added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jul 7, 2020
@github-actions github-actions bot added the @aws-cdk/aws-elasticsearch Related to Amazon Elasticsearch Service label Jul 7, 2020
@iliapolo
Copy link
Contributor

Hi @taylor-zr

The CfnDomain class is auto-generated from the CloudFormation specification. It does not contain any special permissions logic. As such, this isn't strictly a bug in CDK, but rather a matter of having the necessary permissions for the user running the deployment.

Are you running it with an assumed role? Perhaps the Workaround user you use is not an admin and has limited permissions?

You just need to add the es:DescribeElasticsearchDomain statement to the role of your user.

Having said that, I will mark that we should add this to the documentation. Thanks!

Hope this helps.

@iliapolo iliapolo added guidance Question that needs advice or information. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jul 10, 2020
@iliapolo iliapolo mentioned this issue Jul 10, 2020
Merged
@taylor-zr
Copy link
Author

taylor-zr commented Jul 12, 2020
edited
Loading

Root cause was substring on a string encoded token rather than an actual string -- resolving

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iliapolo iliapolo

Labels
@aws-cdk/aws-elasticsearch Related to Amazon Elasticsearch Service guidance Question that needs advice or information. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iliapolo @taylor-zr