search

aws-amplify / amplify-backend

Home to all tools related to Amplify's code-first DX (Gen 2) for building fullstack apps on AWS
Apache License 2.0
169 stars 56 forks source link

Cannot add DDB stream event mapping to lambda #2094

Open justinmakaila opened 3 days ago

justinmakaila commented 3 days ago

Environment information

System:
  OS: macOS 15.0.1
  CPU: (12) arm64 Apple M3 Pro
  Memory: 464.98 MB / 18.00 GB
  Shell: /bin/zsh
Binaries:
  Node: 22.6.0 - /private/var/folders/l5/hjlkqmn160n235q2fx60mrmw0000gn/T/xfs-acd3d827/node
  Yarn: 4.4.1 - /private/var/folders/l5/hjlkqmn160n235q2fx60mrmw0000gn/T/xfs-acd3d827/yarn
  npm: 10.8.2 - ~/.nvm/versions/node/v22.6.0/bin/npm
  pnpm: undefined - undefined
NPM Packages:
  @aws-amplify/auth-construct: 1.3.0
  @aws-amplify/backend: 1.1.1
  @aws-amplify/backend-auth: 1.1.3
  @aws-amplify/backend-cli: 1.2.5
  @aws-amplify/backend-data: 1.1.2
  @aws-amplify/backend-deployer: 1.1.0
  @aws-amplify/backend-function: 1.3.3
  @aws-amplify/backend-output-schemas: 1.1.0
  @aws-amplify/backend-output-storage: 1.1.1
  @aws-amplify/backend-secret: 1.1.0
  @aws-amplify/backend-storage: 1.1.2
  @aws-amplify/cli-core: 1.1.2
  @aws-amplify/client-config: 1.2.1
  @aws-amplify/deployed-backend-client: 1.4.0
  @aws-amplify/form-generator: 1.0.1
  @aws-amplify/model-generator: 1.0.5
  @aws-amplify/platform-core: 1.0.6
  @aws-amplify/plugin-types: 1.2.1
  @aws-amplify/sandbox: 1.2.0
  @aws-amplify/schema-generator: 1.2.1
  aws-amplify: 6.5.1
  aws-cdk: 2.153.0
  aws-cdk-lib: 2.153.0
  typescript: 5.5.4
AWS environment variables:
  AWS_STS_REGIONAL_ENDPOINTS = regional
  AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1
  AWS_SDK_LOAD_CONFIG = 1
No CDK environment variables

Describe the bug

I'm attempting to add DDB triggers to my amplify backend. I have the following backend definition:

const backend = defineBackend({
  auth,
  data,
  preTokenGeneration,
  ...functionResources,
});

const {
  auth: { resources: authResources },
  data: { resources: dataResources },
} = backend;

const createDDBPolicy = (stack: Stack, id: string, table: ITable) => {
  return new iam.Policy(stack, id, {
    statements: [
      new iam.PolicyStatement({
        effect: iam.Effect.ALLOW,
        actions: [
          "dynamodb:DescribeStream",
          "dynamodb:GetRecords",
          "dynamodb:GetShardIterator",
          "dynamodb:ListStreams",
        ],
        resources: [table.tableStreamArn!, table.tableArn],
      }),
    ],
  });
};

const inviteTable = dataResources.tables.Invite;
const inviteStreamPolicy = createDDBPolicy(
  Stack.of(inviteTable),
  "InviteStreamPolicy",
  inviteTable
);

backend.inviteCreateTrigger.resources.lambda.role?.attachInlinePolicy(
  inviteStreamPolicy
);

const inviteMapping = new EventSourceMapping(
  Stack.of(inviteTable),
  "InviteStreamMapping",
  {
    eventSourceArn: inviteTable.tableStreamArn,
    target: backend.inviteCreateTrigger.resources.lambda,
    startingPosition: StartingPosition.LATEST,
  }
);

inviteMapping.node.addDependency(inviteStreamPolicy);

// Create other relevant table mappings

This works fine on a fresh deploy, but if I attempt to deploy over existing resources, I get an issue saying:

UPDATE_ROLLBACK_COMPLETE: Resource handler returned message: "Invalid request provided: Stream arn:aws:dynamodb:{region}:{id}:table/Invite-{stackId}-NONE/stream/{timestamp} is Disabled. You cannot create a lambda mapping on a stream that is Disabled.

it seems to have to do with the stream ARNs... the timestamp that my deploy/CF template is assuming is stream/2024-10-01T15:42:39.380 but the actual ARN on my table is stream/2024-10-01T15:55:59.319.

Reproduction steps

Deploy a DDB table using the defineBackend method.

After successful deploy, use the code above to add the stream policy to a defined/deployed lambda and EventSourceMapping for the table using the lambda.

You should see the error listed above during attempted deploy and a clear mismatch between the enabled stream ARN on the existing table vs the one the mapping is trying to reference.

ykethan commented 1 day ago

Hey @justinmakaila, thank you for reaching out. Tried reproducing the error using the code snippet provided but was not able to run into the error. Did notice the packages are bit out of date, could you try upgrading them and let us know if this mitigates the issue. If you do have a repository with a minimal reproduction would help us in diving into this as well

justinmakaila commented 1 day ago

@ykethan i will give it a shot this weekend or early next week. Will try to build a reproducible example