Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(aws-events): {EventsPolicyId} already exists in stack Upgrade to 2.117.0 rolls back due duplicate resources #28520

Closed
pgarbe opened this issue Dec 29, 2023 · 2 comments · Fixed by #28521
Closed

(aws-events): {EventsPolicyId} already exists in stack Upgrade to 2.117.0 rolls back due duplicate resources #28520

pgarbe opened this issue Dec 29, 2023 · 2 comments · Fixed by #28521
Labels
@aws-cdk/aws-events Related to CloudWatch Events bug This issue is a bug. effort/small Small work item – less than a day of effort management/tracking Issues that track a subject or multiple issues p0

Comments

@pgarbe
Copy link
Contributor

pgarbe commented Dec 29, 2023
edited by HBobertz
Loading

Please add your +1 👍 to let us know you have encountered this

Status: RESOLVED

Overview:

#27340 introduced the ability to create multiple event bus policies on a single event bus. To facilitate this, the logical Id was changed from "Policy" to the statementId. This triggers a replacement, which fails in CloudFormation because the statement ID does not change.

Complete Error Message:

MyEventsPolicySid already exists in stack arn:aws:cloudformation:eu-west-1:123456789012:stack/MyStack/...

Workaround:

Solution:

Upgrade to 2.118.0 or higher

Related Issues:

Original Report

Describe the bug

Upgrading to v2.117.0 breaks existing EventBus resources with an attached EventBusPolicy. The stack can't be deployed.

Expected Behavior

Upgrade of CDK versions without breaking changes

Current Behavior

The stack rolls back with a message like this:

MyEventsPolicySid already exists in stack arn:aws:cloudformation:eu-west-1:123456789012:stack/MyStack/...

Reproduction Steps

Create an EventBus and a EventBus policy with CDK < 2.117.0. After updating to 2.117.0 the deployment fails.

Reason:
The PR #27340 changes the logicalId of the policy (from "Policy" to Sid) but keeps the StatementId. The changed logicalId triggers a replacement. But CloudFormation can't create multiple policies with the same StatementId and rolls back.

Possible Solution

Workaround: Rename the Sid of your Policy and CloudFormation can roll out the update.

Possible fix: Ensure that the StatementId changes for existing resources (maybe prefix it or add a hash)

Additional Information/Context

No response

CDK CLI Version

2.117.0

Framework Version

No response

Node.js Version

18

OS

all

Language

TypeScript, Python, .NET, Java, Go

Language Version

No response

Other information

No response
@pgarbe pgarbe added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Dec 29, 2023
@github-actions github-actions bot added the @aws-cdk/aws-events Related to CloudWatch Events label Dec 29, 2023
@kaizencc
Copy link
Contributor

Thanks for the report @pgarbe -- looks like something needs to be done about this, I'll be looking into it

@kaizencc kaizencc added p0 effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Dec 29, 2023
@kaizencc kaizencc mentioned this issue Dec 29, 2023
Merged
@github-actions github-actions bot mentioned this issue Jan 1, 2024
Closed
@mergify mergify bot closed this as completed in #28521 Jan 2, 2024
mergify bot pushed a commit that referenced this issue Jan 2, 2024
@kaizencc
fix(events): event bus fails with duplicate policy resource (#28521)
166967f 
#27340 introduced the ability to create multiple event bus policies on a single event bus. To facilitate this, the logical Id was changed from `"Policy"` to the statementId. This triggers a replacement, which fails in CloudFormation because the statement ID does not change. The idea behind this PR is simple -- we are updating the statement ID of the policy to trigger a change for anyone who updates to the new version.

I think we are okay with this change because no one should be depending on the statementIds of their policies. And since the policy is not a stateful resource, updating the policy should not harm anyone. I have checked the feasibility of this PR on my own, hence the lack of an integ test.

closes #28520 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 2, 2024

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@hawflau hawflau added the management/tracking Issues that track a subject or multiple issues label Jan 3, 2024
@HBobertz HBobertz pinned this issue Jan 3, 2024
@HBobertz HBobertz changed the title (aws-events): Upgrade to 2.117.0 rolls back due duplicate resources (aws-events): {EventsPolicyId} already exists in stack a Upgrade to 2.117.0 rolls back due duplicate resources Jan 3, 2024
@HBobertz HBobertz changed the title (aws-events): {EventsPolicyId} already exists in stack a Upgrade to 2.117.0 rolls back due duplicate resources (aws-events): {EventsPolicyId} already exists in stack a Upgrade to 2.117.0 rolls back due duplicate resources Jan 3, 2024
@HBobertz HBobertz changed the title (aws-events): {EventsPolicyId} already exists in stack a Upgrade to 2.117.0 rolls back due duplicate resources (aws-events): {EventsPolicyId} already exists in stack Upgrade to 2.117.0 rolls back due duplicate resources Jan 3, 2024
HBobertz pushed a commit to cdklabs/aws-cdk-notices that referenced this issue Jan 3, 2024
notice for aws/aws-cdk#28520
3744acf
@HBobertz HBobertz mentioned this issue Jan 3, 2024
Merged
mergify bot pushed a commit to cdklabs/aws-cdk-notices that referenced this issue Jan 3, 2024
@HBobertz
chore: notice for aws/aws-cdk#28520 (#372)
4339af6 
Notice for [#28520](aws/aws-cdk#28520)
paulhcsun pushed a commit to paulhcsun/aws-cdk that referenced this issue Jan 5, 2024
@kaizencc @paulhcsun
fix(events): event bus fails with duplicate policy resource (aws#28521)
724929d 
aws#27340 introduced the ability to create multiple event bus policies on a single event bus. To facilitate this, the logical Id was changed from `"Policy"` to the statementId. This triggers a replacement, which fails in CloudFormation because the statement ID does not change. The idea behind this PR is simple -- we are updating the statement ID of the policy to trigger a change for anyone who updates to the new version.

I think we are okay with this change because no one should be depending on the statementIds of their policies. And since the policy is not a stateful resource, updating the policy should not harm anyone. I have checked the feasibility of this PR on my own, hence the lack of an integ test.

closes aws#28520 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@TheRealAmazonKendra TheRealAmazonKendra unpinned this issue Feb 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-events Related to CloudWatch Events bug This issue is a bug. effort/small Small work item – less than a day of effort management/tracking Issues that track a subject or multiple issues p0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(events): event bus fails with duplicate policy resource aws/aws-cdk
3 participants
@pgarbe @hawflau @kaizencc