‼️ (aws-appsync): invalid service role creation #23035
Comments
mtliendo
added
bug
|
Is this related to 65d8e3d? Do the references to the service principal need to be updated? The commit indicates this change was behind a feature flag. |
|
It appears this reference (https://github.com/aws/aws-cdk/blob/main/packages/%40aws-cdk/aws-appsync/lib/data-source.ts#L116) needs to be updated. |
|
I'm finding this new incorrect behavior is only being applied with the feature flag enabled. You should be able to disable the feature flag for now while we get this fixed up. Thanks for reporting! |
peterwoodworth
added
p1
effort/small
|
Ah yea, that seems to be the issue. On new CDK projects, the default state of the flag is set to |
In aws#22819, a feature flag was added to use standardized service principal names instead of using a database lookup. This reference wasn't updated which causes failures in new CDK applications that try to create AppSync resources. This change passes the fully qualified service principal when creating a service role for a new data source. fixes aws#23035
In aws#22819, a feature flag was added to use standardized service principal names instead of using a database lookup. This reference wasn't updated which causes failures in new CDK applications that try to create AppSync resources. This change passes the fully qualified service principal when creating a service role for a new data source. fixes aws#23035
In aws#22819, a feature flag was added to use standardized service principal names instead of using a database lookup. This reference wasn't updated which causes failures in new CDK applications that try to create AppSync resources. This change passes the fully qualified service principal when creating a service role for a new data source. fixes aws#23035
Builds on top of @jpignata 's PR #23050. Updated integration tests. Closes #23050 Fixes #23035 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
|
Thanks to @robertd for the fix, it has been merged and will be included in the next release shortly after re:invent. Here’s a workaround for the interim: Disable the
{
"context": {
"@aws-cdk/aws-iam:standardizedServicePrincipals": false
}
} |
ryparker
changed the title
ryparker
changed the title
ryparker
added
the
pending-release
Builds on top of @jpignata 's PR #23050. Updated integration tests. Closes #23050 Fixes #23035 ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
Patched in |
ryparker
removed
the
pending-release
ryparker
changed the title
PATCHED - Upgrade
aws-cdk-lib/aws-appsyncto version 2.52.1-alpha.0 or later.Describe the bug
When attaching a DynamoDB datasource to an API, the generated service role does not include the correct servicerole name
(it's missing the
.amazonawspart)Expected Behavior
I would expect the correct service role to be created.
Current Behavior
On version 2.51.1 I created the following stack and deployed the application but it failed on the deploying the API. After inspecting the output, I found that the datasource was not given the correct datasource.
Reverting back to v2.50.0 had the correct service role
Reproduction Steps
Possible Solution
Appending the correct principal
Additional Information/Context
No response
CDK CLI Version
2.51.1
Framework Version
CDK
Node.js Version
16
OS
mac
Language
Typescript
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: