Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(core): cross stack reference not properly generated in s3 scenario #25621

Closed
peterwoodworth opened this issue May 17, 2023 · 2 comments
Closed

(core): cross stack reference not properly generated in s3 scenario #25621

peterwoodworth opened this issue May 17, 2023 · 2 comments
Labels
@aws-cdk/core Related to core CDK functionality bug This issue is a bug. effort/medium Medium work item – several days of effort p1

Comments

@peterwoodworth
Copy link
Contributor

Describe the bug

Discovered in #25605, when you try to create this particular cross-stack reference, the CDK only properly generates it when a stage is the parent between the two stacks. When a stage is not the parent between the two stacks, CDK generates a template with a standard reference to a resource that exists in another template.

Expected Behavior

I expect CDK to throw, because a cyclical reference is being made.

Current Behavior

An error is not thrown because the cross-stack reference isn't properly produced. Snippet from template:

  {
   "Action": "s3:PutObject",
   "Condition": {
    "ArnLike": {
     "aws:SourceArn": {
      "Fn::GetAtt": [
       "MyBucketF68F3FF0", <------- exists in other template
       "Arn"
      ]
     }
    }
   },

Reproduction Steps

You can play around with how exactly the app is structured easily with the following snippet. The snippet here should throw, but readjusting the scope in which the inventory and bucket stacks are created will create invalid templates

    const parentApp = new cdk.App();
    const parentStage = new cdk.Stage(parentApp, 'parent-stage');
    const inventoryStack = new cdk.Stack(parentStage, 'inv-stack');
    const bucketStack = new cdk.Stack(parentStage, 'bucket-stack');

    const inventoryBucket = new s3.Bucket(inventoryStack, 'InventoryBucket');
    inventoryBucket.addToResourcePolicy(new iam.PolicyStatement({
      effect: iam.Effect.ALLOW,
      principals: [
        new iam.ServicePrincipal('s3.amazonaws.com'),
      ],
      actions: [
        's3:PutObject',
      ],
      resources: [
        inventoryBucket.arnForObjects('*'),
      ],
      conditions: [
        {
          StringEquals: {
            's3:x-amz-acl': 'bucket-owner-full-control',
          },
        },
      ],
    }));

    new s3.Bucket(bucketStack, 'MyBucket', {
      inventories: [
        {
          destination: {
            bucket: inventoryBucket,
          },
        },
      ],
    });


    // Then
    parentApp.synth(); // check for cyclic dependency

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

latest

Framework Version

No response

Node.js Version

16

OS

mac

Language

Typescript

Language Version

No response

Other information

No response
@peterwoodworth peterwoodworth added bug This issue is a bug. p1 @aws-cdk/core Related to core CDK functionality effort/medium Medium work item – several days of effort labels May 17, 2023
@peterwoodworth peterwoodworth mentioned this issue May 17, 2023
Open
@comcalvi
Copy link
Contributor

comcalvi commented Apr 29, 2024
edited
Loading

@peterwoodworth the reproduction you posted now correctly throws. I'm closing this as completed, please reopen and ping me if it's still an issue (tested on 2.139.0).

@github-actions GitHub Actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/core Related to core CDK functionality bug This issue is a bug. effort/medium Medium work item – several days of effort p1
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peterwoodworth @comcalvi