search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.52k stars 3.86k forks source link

aws-s3: Cannot use notification resource handler in monitored environment #20903

Open falkvonohlen opened 2 years ago

falkvonohlen commented 2 years ago

Describe the bug

When the AWS account does not allow for a lambda creation without an VPC attachment Bucket.addEventNotification() fails during the deployment of the Cloudformation stack, because of the NotificationsResourceHandler lambda function that does not allow for an VPC attachment.

Expected Behavior

The props should contain an optional parameter for a vpc assignment and the lambda should then get the correct vpc config attached.

Current Behavior

The lambda gets deployed with no vpc attachment.

Reproduction Steps

Restrict lambdas from being created without an VPC attachment in your account and then try to deploy:

const bucket = new Bucket(scope, "ExampleBucket", {bucketName: "Test"})
const object_deleted_topic = new Topic(this, "object-deleted-topic", {
            displayName: "object-deleted",
        });
bucket.addEventNotification(EventType.OBJECT_REMOVED_DELETE, new SnsDestination(object_deleted_topic))

Possible Solution

Add a new porperty to the bucket: notificationsHandlerVpc.

Additional Information/Context

No response

CDK CLI Version

2.29.1

Framework Version

No response

Node.js Version

16.15.1

OS

Ubuntu 20.04

Language

Typescript

Language Version

3.9.10

Other information

No response

peterwoodworth commented 2 years ago

Thanks for reporting this and posting a PR for it, someone should be able to get to it soon!

peterwoodworth commented 1 year ago

The PR seems to have been abandoned. If anyone wants to pick up where the work was left off, feel free