-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(aws-s3): add the option to not poll to the CodePipeline Action #1260
Conversation
Note: please don't merge this yet, there's apparently some CloudTrail integration that's required to make bucket events work (details: https://docs.aws.amazon.com/codepipeline/latest/userguide/create-cloudtrail-S3-source.html ). I'm still working on this. |
d9f060e
to
ec47e4a
Compare
The CloudTrail investigation proved to be quite the rabbit hole. I had to change the solution quite substantially (I've updated the PR description with details). Feedback is welcome! |
}, | ||
...props, | ||
}); | ||
|
||
if (props.pollForSourceChanges === false && props.cloudTrail === undefined) { | ||
throw new Error('When not polling for source changes, ' + |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm actually having second thoughts about this validation :/. While the intention was good I think, I'm not sure if it's not too strict. For example, I might be using an import
ed Bucket that already belongs to some Trail, and in that case I can safely say pollForSourceChanges: false
and cloudTrail: undefined
.
Thoughts on this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the validation, but there definitely is some interest in skipping for an imported bucket... Maybe you could attach a warning metadata entry to the resource instead of completely failing, and at a later stage, if/when we're able to detect "imported" entities, then you could switch it around and start failing again?
@RomainMuller I'm actually having second thoughts about this entire change :/. I don't like the whole I'm thinking of leaving the I would love to hear your thoughts on the matter...? |
Is it easy enough to just define a trail via |
The problem is that there's a hard limit of 5 Trails per region for each account, so I don't think we want to create one for every Bucket added to the Pipeline :(. Also, what if the Bucket already belongs to an existing Trail (the |
yeah, seems heavy handed. |
@RomainMuller let me know what you think of my revised proposal (get rid of |
@skinny85 I'm cool with that. It'd be sweet if we could throw in a warning when the bucket isn't CloudTrail'd, but it sounds like prohibitively cumbersome... So yeah. What happens if the bucket is not CloudTrail'd - does it fail deploying? Or does it deploy, but not work? |
It deploys, but doesn't work (the CloudWatch Event is never emitted, so your Pipeline will never start a build). |
That kinda sucks. I think we should track this in an issue somewhere, so we eventually have a way to notify the user... But I don't think I want it to be a blocker for this PR. |
ec47e4a
to
65e4f68
Compare
Updated with the agreed changes. @RomainMuller please re-review, thanks. |
65e4f68
to
f47c86c
Compare
Missed an incorrect method name in the CloudTrail ReadMe. |
|
||
For example - this logs all ReadWriteEvents for the `magic-bucket` bucket: | ||
For using CloudTrail event selector to log specific S3 events, | ||
you can use the `CloudTrailProps` configuration object. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm a little confused because I don't see CloudTrailProps
anywhere in the code example...
], | ||
detail: { | ||
eventSource: [ | ||
's3.amazonaws.com', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it the same value in partitions other than aws
?
Pull Request Checklist
Please check all boxes (including N/A items)
Testing
tests
manually executed (paste output to the PR description)
(currently maintained in a private repo).
Documentation
Title and description
fix(module): <title>
bug fix (patch)feat(module): <title>
feature/capability (minor)chore(module): <title>
won't appear in changelogbuild(module): <title>
won't appear in changelogBREAKING CHANGE: <describe exactly what changed and how to achieve similar behavior + link to documentation/gist/issue if more details are required>
Fixes #xxx
orCloses #xxx
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.