Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-cdk-lib/aws-s3: How to add depend on between s3 bucket policy and event notification? #27644

Closed
2 tasks
zhaoyi0113 opened this issue Oct 23, 2023 · 3 comments
Closed
2 tasks

aws-cdk-lib/aws-s3: How to add depend on between s3 bucket policy and event notification? #27644

zhaoyi0113 opened this issue Oct 23, 2023 · 3 comments
Labels
@aws-cdk/aws-s3 Related to Amazon S3 guidance Question that needs advice or information.

Comments

@zhaoyi0113
Copy link

Describe the feature

I am using CDK to deploy s3 bucket and also add an event notification on that bucket. The code I have is:

const bucket = new BaseS3Bucket(this, "bucket", {
      versioned: true,
      enforceSSL: true,
      bucketName: this.bucketName,
      blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
      accessControl: options.setAccessControl !== false ? s3.BucketAccessControl.PRIVATE : undefined,
      publicReadAccess: false,
      encryption: s3.BucketEncryption.KMS_MANAGED,
      serverAccessLogsBucket: logBucket,
      serverAccessLogsPrefix: 'deployment-logs',
      lifecycleRules: [
        {
          id: 'NonCurrentVersionRule',
          enabled: true,
          noncurrentVersionExpiration: cdk.Duration.days(BucketCdkStack.NON_CURRENT_VERSION_EXPIRATION_DAY),
        },
      ],
    });
    const topic = cdk.aws_sns.Topic.fromTopicArn(
      this,
      "topic",
      topicArn,
    );
bucket.policy?.node.addDependency(topic);
    bucket.addEventNotification(s3.EventType.OBJECT_REMOVED_DELETE, new cdk.aws_s3_notifications.SnsDestination(topic));

The problem I have is I got a deployment error: Resource handler returned message: "A conflicting conditional operation is currently in progress against this resource. Please try again.

It says there are multiple operations tried to deploy at the same time which conflict with each other. When examining the cloud trail, I found there are two events happened at the same time period, one is PutBucketPolicy, the other is PutBucketNotification.

How can I add depend_on between PutBucketPolicy and PutBucketNotification?

Use Case

Solve conflict error during deployment

Proposed Solution

No response

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

"aws-cdk": "^2.80.0",

Environment details (OS name and version, etc.)

Mac 14
@zhaoyi0113 zhaoyi0113 added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Oct 23, 2023
@github-actions github-actions bot added the @aws-cdk/aws-s3 Related to Amazon S3 label Oct 23, 2023
@indrora
Copy link
Contributor

indrora commented Oct 23, 2023

You have a circular dependency: By adding the notification to the bucket, you've created an intrinsic dependency of the bucket on the topic. By adding a dependency of the topic on the bucket, you have created an impossible to resolve dependency graph.

Create each construct separately and assign it. Tokens will be used in place and CloudFormation will be able to resolve it.

@indrora indrora added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed feature-request A feature should be added or improved. labels Oct 23, 2023
@peterwoodworth
Copy link
Contributor

@indrora the topic is imported, which means there won't be a topic in the CloudFormation template to create a cyclic resource. This also isn't typically the error message you'd see when a circular dependency is created. Can you expand on your findings and provide an example of how to work around this?

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Oct 24, 2023
@khushail khushail added guidance Question that needs advice or information. and removed needs-triage This issue or PR still needs to be triaged. labels Oct 24, 2023
@github-actions github-actions bot mentioned this issue Nov 1, 2023
Closed
@tim-finnigan
Copy link

Converting to a discussion since this involves a guidance question. Please let us know if you have any updates on your end as far as testing on more recent versions.

@aws aws locked and limited conversation to collaborators Mar 14, 2024
@tim-finnigan tim-finnigan converted this issue into discussion #29489 Mar 14, 2024

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
@aws-cdk/aws-s3 Related to Amazon S3 guidance Question that needs advice or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@indrora @zhaoyi0113 @peterwoodworth @tim-finnigan @khushail