From 8fbd385cb1cac8f309554d15bed738ea756b1b09 Mon Sep 17 00:00:00 2001 From: Momo Kornher Date: Fri, 12 Jan 2024 14:24:55 +0000 Subject: [PATCH 1/2] fix(cli): program execution fails without debug information (#28687) When executing the CDK app program fails, we don't print any useful debug information. This makes sense because we are passing all output from the program to the shell, expecting this would be enough to debug any faults. However the program might be faulty in a way that no (useful) output is printed. To help with this case print the failing command when `--debug` is enabled. This might require a follow up with a better DX for the generic non debug case. For now this will improve the situation. Related to https://github.com/aws/aws-cdk/issues/28637 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- packages/aws-cdk/lib/api/cxapp/exec.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/aws-cdk/lib/api/cxapp/exec.ts b/packages/aws-cdk/lib/api/cxapp/exec.ts index 757e03653d0e0..4069d7a660143 100644 --- a/packages/aws-cdk/lib/api/cxapp/exec.ts +++ b/packages/aws-cdk/lib/api/cxapp/exec.ts @@ -118,6 +118,7 @@ export async function execProgram(aws: SdkProvider, config: Configuration): Prom if (code === 0) { return ok(); } else { + debug('failed command:', commandAndArgs); return fail(new Error(`Subprocess exited with error ${code}`)); } }); From d07deec4435e75c71cec6965e40b5282edfb55b1 Mon Sep 17 00:00:00 2001 From: Momo Kornher Date: Fri, 12 Jan 2024 15:25:31 +0000 Subject: [PATCH 2/2] fix(opensearchservice): OpenSearchAccessPolicy unnecessarily attempts to install latest sdk version (#28688) This introduced uncertainty into the resource behavior, adds at least 60s to the execution time and will cause deployments in CN regions to fail. No tests add because the existing tests run with the `@aws-cdk/customresources:installLatestAwsSdkDefault` feature flag set to the recommended value. This change is merely change the `OpenSearchAccessPolicy` config for users that don't set the feature flag. We can safely do this, because we control the code for this custom resource and know it works with the provided SDK version. Related to https://github.com/aws/aws-cdk/issues/27597 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-elasticsearch/lib/elasticsearch-access-policy.ts | 1 + .../aws-opensearchservice/lib/opensearch-access-policy.ts | 1 + 2 files changed, 2 insertions(+) diff --git a/packages/aws-cdk-lib/aws-elasticsearch/lib/elasticsearch-access-policy.ts b/packages/aws-cdk-lib/aws-elasticsearch/lib/elasticsearch-access-policy.ts index 1a87c2fe1a820..3f6ad52eb45cc 100644 --- a/packages/aws-cdk-lib/aws-elasticsearch/lib/elasticsearch-access-policy.ts +++ b/packages/aws-cdk-lib/aws-elasticsearch/lib/elasticsearch-access-policy.ts @@ -33,6 +33,7 @@ export class ElasticsearchAccessPolicy extends cr.AwsCustomResource { constructor(scope: Construct, id: string, props: ElasticsearchAccessPolicyProps) { super(scope, id, { resourceType: 'Custom::ElasticsearchAccessPolicy', + installLatestAwsSdk: false, onUpdate: { action: 'updateElasticsearchDomainConfig', service: 'ES', diff --git a/packages/aws-cdk-lib/aws-opensearchservice/lib/opensearch-access-policy.ts b/packages/aws-cdk-lib/aws-opensearchservice/lib/opensearch-access-policy.ts index eca4d4b229621..86066d8191c87 100644 --- a/packages/aws-cdk-lib/aws-opensearchservice/lib/opensearch-access-policy.ts +++ b/packages/aws-cdk-lib/aws-opensearchservice/lib/opensearch-access-policy.ts @@ -33,6 +33,7 @@ export class OpenSearchAccessPolicy extends cr.AwsCustomResource { constructor(scope: Construct, id: string, props: OpenSearchAccessPolicyProps) { super(scope, id, { resourceType: 'Custom::OpenSearchAccessPolicy', + installLatestAwsSdk: false, onUpdate: { action: 'updateDomainConfig', service: 'OpenSearch',