From 38d34659d7e0a93bd5aecb7a9cc7b8f63d666a45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=A7=91=F0=9F=8F=BB=E2=80=8D=F0=9F=92=BB=20Romain=20M?= =?UTF-8?q?arcadier?= Date: Tue, 3 May 2022 16:04:12 +0200 Subject: [PATCH 1/4] fix(appsync): incorrect region used for imported Cognito user pool Replaces all uses of `resource.stack.region` with `resource.env.region` so that imported resources can provide a different region than the current stack, wich can result in invalid configuration. Applying the same treatment to occurrences of `resources.stack.account` as this is also surfaced as `resources.env.account`. --- packages/@aws-cdk/aws-apigatewayv2/lib/http/route.ts | 2 +- packages/@aws-cdk/aws-appsync/lib/data-source.ts | 8 ++++---- packages/@aws-cdk/aws-appsync/lib/graphqlapi.ts | 2 +- packages/@aws-cdk/aws-batch/lib/compute-environment.ts | 2 +- packages/@aws-cdk/aws-cloud9/lib/environment.ts | 2 +- .../aws-cloudfront/lib/experimental/edge-function.ts | 2 +- packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts | 4 ++-- packages/@aws-cdk/aws-ecs/lib/base/base-service.ts | 8 ++++---- .../lib/shared/base-load-balancer.ts | 2 +- packages/@aws-cdk/aws-elasticsearch/lib/domain.ts | 2 +- packages/@aws-cdk/aws-fsx/lib/lustre-file-system.ts | 2 +- packages/@aws-cdk/aws-lambda/lib/function-base.ts | 4 ++-- packages/@aws-cdk/aws-opensearchservice/lib/domain.ts | 2 +- packages/@aws-cdk/aws-s3objectlambda/lib/access-point.ts | 8 ++++---- packages/@aws-cdk/aws-sns-subscriptions/lib/lambda.ts | 6 +++--- packages/@aws-cdk/aws-sns-subscriptions/lib/sqs.ts | 6 +++--- packages/@aws-cdk/core/lib/resource.ts | 6 +++--- packages/@aws-cdk/core/lib/stack-synthesizers/_shared.ts | 4 ++-- packages/@aws-cdk/core/lib/stack-synthesizers/legacy.ts | 4 ++-- 19 files changed, 38 insertions(+), 38 deletions(-) diff --git a/packages/@aws-cdk/aws-apigatewayv2/lib/http/route.ts b/packages/@aws-cdk/aws-apigatewayv2/lib/http/route.ts index a7f2e13b99cd4..46305911d4143 100644 --- a/packages/@aws-cdk/aws-apigatewayv2/lib/http/route.ts +++ b/packages/@aws-cdk/aws-apigatewayv2/lib/http/route.ts @@ -236,7 +236,7 @@ export class HttpRoute extends Resource implements IHttpRoute { // path variable and all that follows with a wildcard. const iamPath = path.replace(/\{.*?\}.*/, '*'); - return `arn:aws:execute-api:${this.stack.region}:${this.stack.account}:${this.httpApi.apiId}/${stage}/${iamHttpMethod}${iamPath}`; + return `arn:aws:execute-api:${this.env.region}:${this.env.account}:${this.httpApi.apiId}/${stage}/${iamHttpMethod}${iamPath}`; } public grantInvoke(grantee: iam.IGrantable, options: GrantInvokeOptions = {}): iam.Grant { diff --git a/packages/@aws-cdk/aws-appsync/lib/data-source.ts b/packages/@aws-cdk/aws-appsync/lib/data-source.ts index 7781f0c57d0af..fccaece50790f 100644 --- a/packages/@aws-cdk/aws-appsync/lib/data-source.ts +++ b/packages/@aws-cdk/aws-appsync/lib/data-source.ts @@ -219,7 +219,7 @@ export class DynamoDbDataSource extends BackedDataSource { type: 'AMAZON_DYNAMODB', dynamoDbConfig: { tableName: props.table.tableName, - awsRegion: props.table.stack.region, + awsRegion: props.table.env.region, useCallerCredentials: props.useCallerCredentials, }, }); @@ -337,7 +337,7 @@ export class RdsDataSource extends BackedDataSource { type: 'RELATIONAL_DATABASE', relationalDatabaseConfig: { rdsHttpEndpointConfig: { - awsRegion: props.serverlessCluster.stack.region, + awsRegion: props.serverlessCluster.env.region, dbClusterIdentifier: Lazy.string({ produce: () => { return Stack.of(this).formatArn({ @@ -399,7 +399,7 @@ export class ElasticsearchDataSource extends BackedDataSource { super(scope, id, props, { type: 'AMAZON_ELASTICSEARCH', elasticsearchConfig: { - awsRegion: props.domain.stack.region, + awsRegion: props.domain.env.region, endpoint: `https://${props.domain.domainEndpoint}`, }, }); @@ -426,7 +426,7 @@ export class OpenSearchDataSource extends BackedDataSource { super(scope, id, props, { type: 'AMAZON_OPENSEARCH_SERVICE', openSearchServiceConfig: { - awsRegion: props.domain.stack.region, + awsRegion: props.domain.env.region, endpoint: `https://${props.domain.domainEndpoint}`, }, }); diff --git a/packages/@aws-cdk/aws-appsync/lib/graphqlapi.ts b/packages/@aws-cdk/aws-appsync/lib/graphqlapi.ts index 5d7cce7131cbb..3ef0b348ad768 100644 --- a/packages/@aws-cdk/aws-appsync/lib/graphqlapi.ts +++ b/packages/@aws-cdk/aws-appsync/lib/graphqlapi.ts @@ -633,7 +633,7 @@ export class GraphqlApi extends GraphqlApiBase { if (!config) return undefined; return { userPoolId: config.userPool.userPoolId, - awsRegion: config.userPool.stack.region, + awsRegion: config.userPool.env.region, appIdClientRegex: config.appIdClientRegex, defaultAction: config.defaultAction || UserPoolDefaultAction.ALLOW, }; diff --git a/packages/@aws-cdk/aws-batch/lib/compute-environment.ts b/packages/@aws-cdk/aws-batch/lib/compute-environment.ts index 80f2b2c4e1e6d..d73643a1d6320 100644 --- a/packages/@aws-cdk/aws-batch/lib/compute-environment.ts +++ b/packages/@aws-cdk/aws-batch/lib/compute-environment.ts @@ -581,7 +581,7 @@ export class ComputeEnvironment extends Resource implements IComputeEnvironment return props.computeResources.spotFleetRole; } else if (props.computeResources.type === ComputeResourceType.SPOT) { return iam.Role.fromRoleArn(this, 'Resource-SpotFleet-Role', - `arn:${this.stack.partition}:iam::${this.stack.account}:role/aws-service-role/spotfleet.amazonaws.com/AWSServiceRoleForEC2SpotFleet`); + `arn:${this.stack.partition}:iam::${this.env.account}:role/aws-service-role/spotfleet.amazonaws.com/AWSServiceRoleForEC2SpotFleet`); } } diff --git a/packages/@aws-cdk/aws-cloud9/lib/environment.ts b/packages/@aws-cdk/aws-cloud9/lib/environment.ts index a28b2627c3b34..5dced968ac40e 100644 --- a/packages/@aws-cdk/aws-cloud9/lib/environment.ts +++ b/packages/@aws-cdk/aws-cloud9/lib/environment.ts @@ -143,7 +143,7 @@ export class Ec2Environment extends cdk.Resource implements IEc2Environment { this.environmentId = c9env.ref; this.ec2EnvironmentArn = c9env.getAtt('Arn').toString(); this.ec2EnvironmentName = c9env.getAtt('Name').toString(); - this.ideUrl = `https://${this.stack.region}.console.aws.amazon.com/cloud9/ide/${this.environmentId}`; + this.ideUrl = `https://${this.env.region}.console.aws.amazon.com/cloud9/ide/${this.environmentId}`; } } diff --git a/packages/@aws-cdk/aws-cloudfront/lib/experimental/edge-function.ts b/packages/@aws-cdk/aws-cloudfront/lib/experimental/edge-function.ts index 4aec3508fc904..f7f2b445a3306 100644 --- a/packages/@aws-cdk/aws-cloudfront/lib/experimental/edge-function.ts +++ b/packages/@aws-cdk/aws-cloudfront/lib/experimental/edge-function.ts @@ -55,7 +55,7 @@ export class EdgeFunction extends Resource implements lambda.IVersion { super(scope, id); // Create a simple Function if we're already in us-east-1; otherwise create a cross-region stack. - const regionIsUsEast1 = !Token.isUnresolved(this.stack.region) && this.stack.region === 'us-east-1'; + const regionIsUsEast1 = !Token.isUnresolved(this.env.region) && this.env.region === 'us-east-1'; const { edgeFunction, edgeArn } = regionIsUsEast1 ? this.createInRegionFunction(props) : this.createCrossRegionFunction(id, props); diff --git a/packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts b/packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts index e8b37bb10d15f..9cd9a81a31f30 100644 --- a/packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts +++ b/packages/@aws-cdk/aws-ec2/lib/vpc-endpoint.ts @@ -612,8 +612,8 @@ export class InterfaceVpcEndpoint extends VpcEndpoint implements IInterfaceVpcEn private validateCanLookupSupportedAzs(subnets: ISubnet[], serviceName: string) { // Having any of these be true will cause the AZ lookup to fail at synthesis time - const agnosticAcct = Token.isUnresolved(this.stack.account); - const agnosticRegion = Token.isUnresolved(this.stack.region); + const agnosticAcct = Token.isUnresolved(this.env.account); + const agnosticRegion = Token.isUnresolved(this.env.region); const agnosticService = Token.isUnresolved(serviceName); // Having subnets with Token AZs can cause the endpoint to be created with no subnets, failing at deployment time diff --git a/packages/@aws-cdk/aws-ecs/lib/base/base-service.ts b/packages/@aws-cdk/aws-ecs/lib/base/base-service.ts index 4e5de4c90eacf..df4a9fd4d372e 100644 --- a/packages/@aws-cdk/aws-ecs/lib/base/base-service.ts +++ b/packages/@aws-cdk/aws-ecs/lib/base/base-service.ts @@ -510,7 +510,7 @@ export abstract class BaseService extends Resource resources: ['*'], })); - const logGroupArn = logConfiguration?.cloudWatchLogGroup ? `arn:${this.stack.partition}:logs:${this.stack.region}:${this.stack.account}:log-group:${logConfiguration.cloudWatchLogGroup.logGroupName}:*` : '*'; + const logGroupArn = logConfiguration?.cloudWatchLogGroup ? `arn:${this.stack.partition}:logs:${this.env.region}:${this.env.account}:log-group:${logConfiguration.cloudWatchLogGroup.logGroupName}:*` : '*'; this.taskDefinition.addToTaskRolePolicy(new iam.PolicyStatement({ actions: [ 'logs:CreateLogStream', @@ -558,7 +558,7 @@ export abstract class BaseService extends Resource 'kms:*', ], resources: ['*'], - principals: [new iam.ArnPrincipal(`arn:${this.stack.partition}:iam::${this.stack.account}:root`)], + principals: [new iam.ArnPrincipal(`arn:${this.stack.partition}:iam::${this.env.account}:root`)], })); if (logging === ExecuteCommandLogging.DEFAULT || this.cluster.executeCommandConfiguration?.logConfiguration?.cloudWatchEncryptionEnabled) { @@ -571,9 +571,9 @@ export abstract class BaseService extends Resource 'kms:Describe*', ], resources: ['*'], - principals: [new iam.ServicePrincipal(`logs.${this.stack.region}.amazonaws.com`)], + principals: [new iam.ServicePrincipal(`logs.${this.env.region}.amazonaws.com`)], conditions: { - ArnLike: { 'kms:EncryptionContext:aws:logs:arn': `arn:${this.stack.partition}:logs:${this.stack.region}:${this.stack.account}:*` }, + ArnLike: { 'kms:EncryptionContext:aws:logs:arn': `arn:${this.stack.partition}:logs:${this.env.region}:${this.env.account}:*` }, }, })); } diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts index b7e13aafae83d..046bb917867bf 100644 --- a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts +++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts @@ -266,7 +266,7 @@ export abstract class BaseLoadBalancer extends Resource { actions: ['s3:PutObject'], principals: [logsDeliveryServicePrincipal], resources: [ - bucket.arnForObjects(`${prefix ? prefix + '/' : ''}AWSLogs/${this.stack.account}/*`), + bucket.arnForObjects(`${prefix ? prefix + '/' : ''}AWSLogs/${this.env.account}/*`), ], conditions: { StringEquals: { 's3:x-amz-acl': 'bucket-owner-full-control' }, diff --git a/packages/@aws-cdk/aws-elasticsearch/lib/domain.ts b/packages/@aws-cdk/aws-elasticsearch/lib/domain.ts index 5a9705cf190fa..61dcd87e862ef 100644 --- a/packages/@aws-cdk/aws-elasticsearch/lib/domain.ts +++ b/packages/@aws-cdk/aws-elasticsearch/lib/domain.ts @@ -1110,7 +1110,7 @@ abstract class DomainBase extends cdk.Resource implements IDomain { metricName, dimensionsMap: { DomainName: this.domainName, - ClientId: this.stack.account, + ClientId: this.env.account, }, ...props, }).attachTo(this); diff --git a/packages/@aws-cdk/aws-fsx/lib/lustre-file-system.ts b/packages/@aws-cdk/aws-fsx/lib/lustre-file-system.ts index 7b145252941cb..57e62a5be3143 100644 --- a/packages/@aws-cdk/aws-fsx/lib/lustre-file-system.ts +++ b/packages/@aws-cdk/aws-fsx/lib/lustre-file-system.ts @@ -206,7 +206,7 @@ export class LustreFileSystem extends FileSystemBase { this.fileSystem.applyRemovalPolicy(props.removalPolicy); this.fileSystemId = this.fileSystem.ref; - this.dnsName = `${this.fileSystemId}.fsx.${this.stack.region}.${Aws.URL_SUFFIX}`; + this.dnsName = `${this.fileSystemId}.fsx.${this.env.region}.${Aws.URL_SUFFIX}`; this.mountName = this.fileSystem.attrLustreMountName; } diff --git a/packages/@aws-cdk/aws-lambda/lib/function-base.ts b/packages/@aws-cdk/aws-lambda/lib/function-base.ts index f53bc54a18012..a96c528846824 100644 --- a/packages/@aws-cdk/aws-lambda/lib/function-base.ts +++ b/packages/@aws-cdk/aws-lambda/lib/function-base.ts @@ -488,10 +488,10 @@ export abstract class FunctionBase extends Resource implements IFunction, ec2.IC * @internal */ protected _isStackAccount(): boolean { - if (Token.isUnresolved(this.stack.account) || Token.isUnresolved(this.functionArn)) { + if (Token.isUnresolved(this.env.account) || Token.isUnresolved(this.functionArn)) { return false; } - return this.stack.splitArn(this.functionArn, ArnFormat.SLASH_RESOURCE_NAME).account === this.stack.account; + return this.stack.splitArn(this.functionArn, ArnFormat.SLASH_RESOURCE_NAME).account === this.env.account; } private grant( diff --git a/packages/@aws-cdk/aws-opensearchservice/lib/domain.ts b/packages/@aws-cdk/aws-opensearchservice/lib/domain.ts index 58129ee3d15df..24d5a91fea54d 100644 --- a/packages/@aws-cdk/aws-opensearchservice/lib/domain.ts +++ b/packages/@aws-cdk/aws-opensearchservice/lib/domain.ts @@ -883,7 +883,7 @@ abstract class DomainBase extends cdk.Resource implements IDomain { metricName, dimensionsMap: { DomainName: this.domainName, - ClientId: this.stack.account, + ClientId: this.env.account, }, ...props, }).attachTo(this); diff --git a/packages/@aws-cdk/aws-s3objectlambda/lib/access-point.ts b/packages/@aws-cdk/aws-s3objectlambda/lib/access-point.ts index a99fd64669f81..7d0804aa3367a 100644 --- a/packages/@aws-cdk/aws-s3objectlambda/lib/access-point.ts +++ b/packages/@aws-cdk/aws-s3objectlambda/lib/access-point.ts @@ -101,14 +101,14 @@ abstract class AccessPointBase extends core.Resource implements IAccessPoint { /** Implement the {@link IAccessPoint.domainName} field. */ get domainName(): string { const urlSuffix = this.stack.urlSuffix; - return `${this.accessPointName}-${this.stack.account}.s3-object-lambda.${urlSuffix}`; + return `${this.accessPointName}-${this.env.account}.s3-object-lambda.${urlSuffix}`; } /** Implement the {@link IAccessPoint.regionalDomainName} field. */ get regionalDomainName(): string { const urlSuffix = this.stack.urlSuffix; - const region = this.stack.region; - return `${this.accessPointName}-${this.stack.account}.s3-object-lambda.${region}.${urlSuffix}`; + const region = this.env.region; + return `${this.accessPointName}-${this.env.account}.s3-object-lambda.${region}.${urlSuffix}`; } /** Implement the {@link IAccessPoint.virtualHostedUrlForObject} method. */ @@ -252,4 +252,4 @@ export class AccessPoint extends AccessPointBase { }), ); } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-sns-subscriptions/lib/lambda.ts b/packages/@aws-cdk/aws-sns-subscriptions/lib/lambda.ts index 99e2bdb919280..a74e73f00fdb4 100644 --- a/packages/@aws-cdk/aws-sns-subscriptions/lib/lambda.ts +++ b/packages/@aws-cdk/aws-sns-subscriptions/lib/lambda.ts @@ -59,9 +59,9 @@ export class LambdaSubscription implements sns.ITopicSubscription { if (topic.stack !== this.fn.stack) { // only if we know the region, will not work for // env agnostic stacks - if (!Token.isUnresolved(topic.stack.region) && - (topic.stack.region !== this.fn.stack.region)) { - return topic.stack.region; + if (!Token.isUnresolved(topic.env.region) && + (topic.env.region !== this.fn.env.region)) { + return topic.env.region; } } return undefined; diff --git a/packages/@aws-cdk/aws-sns-subscriptions/lib/sqs.ts b/packages/@aws-cdk/aws-sns-subscriptions/lib/sqs.ts index 10c218dd3ef38..6d79b78c8a12b 100644 --- a/packages/@aws-cdk/aws-sns-subscriptions/lib/sqs.ts +++ b/packages/@aws-cdk/aws-sns-subscriptions/lib/sqs.ts @@ -85,9 +85,9 @@ export class SqsSubscription implements sns.ITopicSubscription { if (topic.stack !== this.queue.stack) { // only if we know the region, will not work for // env agnostic stacks - if (!Token.isUnresolved(topic.stack.region) && - (topic.stack.region !== this.queue.stack.region)) { - return topic.stack.region; + if (!Token.isUnresolved(topic.env.region) && + (topic.env.region !== this.queue.env.region)) { + return topic.env.region; } } return undefined; diff --git a/packages/@aws-cdk/core/lib/resource.ts b/packages/@aws-cdk/core/lib/resource.ts index cdd116afd86b9..68bab9cdae3d7 100644 --- a/packages/@aws-cdk/core/lib/resource.ts +++ b/packages/@aws-cdk/core/lib/resource.ts @@ -163,8 +163,8 @@ export abstract class Resource extends CoreConstruct implements IResource { this.stack.splitArn(props.environmentFromArn, ArnFormat.NO_RESOURCE_NAME) : undefined; this.env = { - account: props.account ?? parsedArn?.account ?? this.stack.account, - region: props.region ?? parsedArn?.region ?? this.stack.region, + account: props.account ?? parsedArn?.account ?? this.env.account, + region: props.region ?? parsedArn?.region ?? this.env.region, }; let physicalName = props.physicalName; @@ -315,4 +315,4 @@ function mimicReference(refSource: any, producer: IStringProducer): string { return producer.produce(context); } }(reference, reference.target, reference.displayName)); -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/core/lib/stack-synthesizers/_shared.ts b/packages/@aws-cdk/core/lib/stack-synthesizers/_shared.ts index f0cc2d548fd81..a0fda29bfadac 100644 --- a/packages/@aws-cdk/core/lib/stack-synthesizers/_shared.ts +++ b/packages/@aws-cdk/core/lib/stack-synthesizers/_shared.ts @@ -151,8 +151,8 @@ export class StringSpecializer { public specialize(s: string): string { s = replaceAll(s, '${Qualifier}', this.qualifier); return cxapi.EnvironmentPlaceholders.replace(s, { - region: resolvedOr(this.stack.region, cxapi.EnvironmentPlaceholders.CURRENT_REGION), - accountId: resolvedOr(this.stack.account, cxapi.EnvironmentPlaceholders.CURRENT_ACCOUNT), + region: resolvedOr(this.env.region, cxapi.EnvironmentPlaceholders.CURRENT_REGION), + accountId: resolvedOr(this.env.account, cxapi.EnvironmentPlaceholders.CURRENT_ACCOUNT), partition: cxapi.EnvironmentPlaceholders.CURRENT_PARTITION, }); } diff --git a/packages/@aws-cdk/core/lib/stack-synthesizers/legacy.ts b/packages/@aws-cdk/core/lib/stack-synthesizers/legacy.ts index 204f3b8ba6827..d7e017947df03 100644 --- a/packages/@aws-cdk/core/lib/stack-synthesizers/legacy.ts +++ b/packages/@aws-cdk/core/lib/stack-synthesizers/legacy.ts @@ -156,7 +156,7 @@ export class LegacyStackSynthesizer extends StackSynthesizer { } return { - imageUri: `${this.stack.account}.dkr.ecr.${this.stack.region}.${this.stack.urlSuffix}/${repositoryName}:${imageTag}`, + imageUri: `${this.env.account}.dkr.ecr.${this.env.region}.${this.stack.urlSuffix}/${repositoryName}:${imageTag}`, repositoryName, }; } @@ -195,7 +195,7 @@ export class LegacyStackSynthesizer extends StackSynthesizer { const s3Filename = Fn.select(1, Fn.split(cxapi.ASSET_PREFIX_SEPARATOR, encodedKey)); const objectKey = `${s3Prefix}${s3Filename}`; - const httpUrl = `https://s3.${this.stack.region}.${this.stack.urlSuffix}/${bucketName}/${objectKey}`; + const httpUrl = `https://s3.${this.env.region}.${this.stack.urlSuffix}/${bucketName}/${objectKey}`; const s3ObjectUrl = `s3://${bucketName}/${objectKey}`; return { bucketName, objectKey, httpUrl, s3ObjectUrl, s3Url: httpUrl }; From 13e335e426eca10a4c52f55d06268eec32363758 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=A7=91=F0=9F=8F=BB=E2=80=8D=F0=9F=92=BB=20Romain=20M?= =?UTF-8?q?arcadier?= Date: Tue, 3 May 2022 16:16:53 +0200 Subject: [PATCH 2/4] fix oopsie --- packages/@aws-cdk/core/lib/resource.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/core/lib/resource.ts b/packages/@aws-cdk/core/lib/resource.ts index 68bab9cdae3d7..d3f57e3250c3f 100644 --- a/packages/@aws-cdk/core/lib/resource.ts +++ b/packages/@aws-cdk/core/lib/resource.ts @@ -163,8 +163,8 @@ export abstract class Resource extends CoreConstruct implements IResource { this.stack.splitArn(props.environmentFromArn, ArnFormat.NO_RESOURCE_NAME) : undefined; this.env = { - account: props.account ?? parsedArn?.account ?? this.env.account, - region: props.region ?? parsedArn?.region ?? this.env.region, + account: props.account ?? parsedArn?.account ?? this.stack.account, + region: props.region ?? parsedArn?.region ?? this.stack.region, }; let physicalName = props.physicalName; From b63368ab039c4b3f6e69da2c49f5b332e60056db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=A7=91=F0=9F=8F=BB=E2=80=8D=F0=9F=92=BB=20Romain=20M?= =?UTF-8?q?arcadier?= Date: Tue, 3 May 2022 16:34:21 +0200 Subject: [PATCH 3/4] fix oopsie --- packages/@aws-cdk/core/lib/stack-synthesizers/_shared.ts | 4 ++-- packages/@aws-cdk/core/lib/stack-synthesizers/legacy.ts | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/@aws-cdk/core/lib/stack-synthesizers/_shared.ts b/packages/@aws-cdk/core/lib/stack-synthesizers/_shared.ts index a0fda29bfadac..f0cc2d548fd81 100644 --- a/packages/@aws-cdk/core/lib/stack-synthesizers/_shared.ts +++ b/packages/@aws-cdk/core/lib/stack-synthesizers/_shared.ts @@ -151,8 +151,8 @@ export class StringSpecializer { public specialize(s: string): string { s = replaceAll(s, '${Qualifier}', this.qualifier); return cxapi.EnvironmentPlaceholders.replace(s, { - region: resolvedOr(this.env.region, cxapi.EnvironmentPlaceholders.CURRENT_REGION), - accountId: resolvedOr(this.env.account, cxapi.EnvironmentPlaceholders.CURRENT_ACCOUNT), + region: resolvedOr(this.stack.region, cxapi.EnvironmentPlaceholders.CURRENT_REGION), + accountId: resolvedOr(this.stack.account, cxapi.EnvironmentPlaceholders.CURRENT_ACCOUNT), partition: cxapi.EnvironmentPlaceholders.CURRENT_PARTITION, }); } diff --git a/packages/@aws-cdk/core/lib/stack-synthesizers/legacy.ts b/packages/@aws-cdk/core/lib/stack-synthesizers/legacy.ts index d7e017947df03..204f3b8ba6827 100644 --- a/packages/@aws-cdk/core/lib/stack-synthesizers/legacy.ts +++ b/packages/@aws-cdk/core/lib/stack-synthesizers/legacy.ts @@ -156,7 +156,7 @@ export class LegacyStackSynthesizer extends StackSynthesizer { } return { - imageUri: `${this.env.account}.dkr.ecr.${this.env.region}.${this.stack.urlSuffix}/${repositoryName}:${imageTag}`, + imageUri: `${this.stack.account}.dkr.ecr.${this.stack.region}.${this.stack.urlSuffix}/${repositoryName}:${imageTag}`, repositoryName, }; } @@ -195,7 +195,7 @@ export class LegacyStackSynthesizer extends StackSynthesizer { const s3Filename = Fn.select(1, Fn.split(cxapi.ASSET_PREFIX_SEPARATOR, encodedKey)); const objectKey = `${s3Prefix}${s3Filename}`; - const httpUrl = `https://s3.${this.env.region}.${this.stack.urlSuffix}/${bucketName}/${objectKey}`; + const httpUrl = `https://s3.${this.stack.region}.${this.stack.urlSuffix}/${bucketName}/${objectKey}`; const s3ObjectUrl = `s3://${bucketName}/${objectKey}`; return { bucketName, objectKey, httpUrl, s3ObjectUrl, s3Url: httpUrl }; From 4a0865b4908114696db681eed850245e6d70b6eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=A7=91=F0=9F=8F=BB=E2=80=8D=F0=9F=92=BB=20Romain=20M?= =?UTF-8?q?arcadier?= Date: Tue, 3 May 2022 16:53:34 +0200 Subject: [PATCH 4/4] fix oopsie --- packages/@aws-cdk/aws-lambda/lib/function-base.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/@aws-cdk/aws-lambda/lib/function-base.ts b/packages/@aws-cdk/aws-lambda/lib/function-base.ts index a96c528846824..f53bc54a18012 100644 --- a/packages/@aws-cdk/aws-lambda/lib/function-base.ts +++ b/packages/@aws-cdk/aws-lambda/lib/function-base.ts @@ -488,10 +488,10 @@ export abstract class FunctionBase extends Resource implements IFunction, ec2.IC * @internal */ protected _isStackAccount(): boolean { - if (Token.isUnresolved(this.env.account) || Token.isUnresolved(this.functionArn)) { + if (Token.isUnresolved(this.stack.account) || Token.isUnresolved(this.functionArn)) { return false; } - return this.stack.splitArn(this.functionArn, ArnFormat.SLASH_RESOURCE_NAME).account === this.env.account; + return this.stack.splitArn(this.functionArn, ArnFormat.SLASH_RESOURCE_NAME).account === this.stack.account; } private grant(