feat(aws-s3): add the option to not poll to the CodePipeline Action #1260
Conversation
|
Note: please don't merge this yet, there's apparently some CloudTrail integration that's required to make bucket events work (details: https://docs.aws.amazon.com/codepipeline/latest/userguide/create-cloudtrail-S3-source.html ). I'm still working on this. |
skinny85
force-pushed
the
feature/s3-action-events
branch
from
d9f060e
to
ec47e4a
Compare
skinny85
changed the title
|
The CloudTrail investigation proved to be quite the rabbit hole. I had to change the solution quite substantially (I've updated the PR description with details). Feedback is welcome! |
| }, | ||
| ...props, | ||
| }); | ||
|
|
||
| if (props.pollForSourceChanges === false && props.cloudTrail === undefined) { | ||
| throw new Error('When not polling for source changes, ' + |
There was a problem hiding this comment.
I'm actually having second thoughts about this validation :/. While the intention was good I think, I'm not sure if it's not too strict. For example, I might be using an imported Bucket that already belongs to some Trail, and in that case I can safely say pollForSourceChanges: false and cloudTrail: undefined.
Thoughts on this?
There was a problem hiding this comment.
I like the validation, but there definitely is some interest in skipping for an imported bucket... Maybe you could attach a warning metadata entry to the resource instead of completely failing, and at a later stage, if/when we're able to detect "imported" entities, then you could switch it around and start failing again?
|
@RomainMuller I'm actually having second thoughts about this entire change :/. I don't like the whole I'm thinking of leaving the I would love to hear your thoughts on the matter...? |
|
Is it easy enough to just define a trail via |
|
The problem is that there's a hard limit of 5 Trails per region for each account, so I don't think we want to create one for every Bucket added to the Pipeline :(. Also, what if the Bucket already belongs to an existing Trail (the |
|
yeah, seems heavy handed. |
|
@RomainMuller let me know what you think of my revised proposal (get rid of |
sam-goodwin
added
the
pr/needs-community-review
|
@skinny85 I'm cool with that. It'd be sweet if we could throw in a warning when the bucket isn't CloudTrail'd, but it sounds like prohibitively cumbersome... So yeah. What happens if the bucket is not CloudTrail'd - does it fail deploying? Or does it deploy, but not work? |
RomainMuller
removed
the
pr/needs-community-review
It deploys, but doesn't work (the CloudWatch Event is never emitted, so your Pipeline will never start a build). |
|
That kinda sucks. I think we should track this in an issue somewhere, so we eventually have a way to notify the user... But I don't think I want it to be a blocker for this PR. |
skinny85
force-pushed
the
feature/s3-action-events
branch
from
ec47e4a
to
65e4f68
Compare
skinny85
changed the title
|
Updated with the agreed changes. @RomainMuller please re-review, thanks. |
skinny85
force-pushed
the
feature/s3-action-events
branch
from
65e4f68
to
f47c86c
Compare
|
Missed an incorrect method name in the CloudTrail ReadMe. |
|
|
||
| For example - this logs all ReadWriteEvents for the `magic-bucket` bucket: | ||
| For using CloudTrail event selector to log specific S3 events, | ||
| you can use the `CloudTrailProps` configuration object. |
There was a problem hiding this comment.
I'm a little confused because I don't see CloudTrailProps anywhere in the code example...
| ], | ||
| detail: { | ||
| eventSource: [ | ||
| 's3.amazonaws.com', |
There was a problem hiding this comment.
Is it the same value in partitions other than aws?
Pull Request Checklist
Please check all boxes (including N/A items)
Testing
tests
manually executed (paste output to the PR description)
(currently maintained in a private repo).
Documentation
Title and description
fix(module): <title>bug fix (patch)feat(module): <title>feature/capability (minor)chore(module): <title>won't appear in changelogbuild(module): <title>won't appear in changelogBREAKING CHANGE: <describe exactly what changed and how to achieve similar behavior + link to documentation/gist/issue if more details are required>Fixes #xxxorCloses #xxxBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.