-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws-s3: eventBridgeEnabled not working as expected. #26772
Comments
Makes sense. Looks like current implementation requires aws-cdk/packages/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource.ts Line 116 in 72481a3
And this will be created once when when aws-cdk/packages/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource.ts Lines 95 to 98 in 72481a3
I am not sure if aws-cdk/packages/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource.ts Lines 20 to 34 in 72481a3
|
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled. |
same problem on my situation, on enterprise account can not create many lambda as we want, so I think that if enable event bridge it not really need NotificationsResourceHandler then we should not create this lambda |
Same problem here. Would appreciate a fix :) |
reopening this issue as it's still relevant |
As I mentioned above, the reason we need the custom resource is per description below: aws-cdk/packages/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource.ts Lines 20 to 34 in 72481a3
I am asking a second review from the maintainers and see if we could get rid of it. |
We're not able to remove the The IAM role + policy do not seem to be overly permissive or anything to me. I understand that it was not something explicitly defined in your stack but as mentioned in aws-cdk/packages/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource.ts Lines 20 to 34 in 72481a3
this is a necessary permission. |
Apologies I was mistaken about there not being any CFN L1 resources available to replace the custom resource. It should be possible to implement with the following CFN S3 EventBridgeConfiguration resource. This would likely be implemented as a new property and we would add a deprecation notice and warning to anyone using the old property. The implementation should also make it possible and not overly difficult for customers using the custom resource to migrate off of it. |
See also comment here d8e602b for context on why it was done this way:
For now you can do the following workaround:
But be aware that if you also add SQS/SNS/Lambda notifications (via native CDK L2 methods) on top of EventBridge then CDK will override it. |
Describe the bug
Take this simple example :
const bucket = new s3.Bucket(this, 'MyEventBridgeBucket', { eventBridgeEnabled: true, });
CDK is supposed to enable only event bridge notification. It is available on UI as "Send notifications to Amazon EventBridge for all events in this bucket" but instead CDK is creating IAM role + Policy, Lambda function which I have not defined anywhere and do not want.
Expected Behavior
Expected behaviour should be S3 bucket creation with event bridge notification enabled without extra IAM/Lambda resource creations.
Current Behavior
It is creating extra resources like IAM role+policy, Lambda function which is not mentioned and required to enable event bridge notification.
Reproduction Steps
Create new bucket with below code:
const bucket = new s3.Bucket(this, 'MyEventBridgeBucket', { eventBridgeEnabled: true, });
You will be able to see extra resources in cloud formation.
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
4.0
Framework Version
^2.17.0
Node.js Version
18
OS
mac OS 13.4
Language
Typescript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: