search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.68k stars 3.93k forks source link

(integ-tests-alpha): `ForbiddenException: UnknownError` when using `awsApiCall('IotData', 'publish', ...)` #26645

Open yamatatsu opened 1 year ago

yamatatsu commented 1 year ago

Describe the bug

ForbiddenException: UnknownError occurs when using awsApiCall('IotData', 'publish', ...).

Expected Behavior

Publish without error.

Current Behavior

It causes a CFn error as following;

snstopicactiontestDefaultTestDeployAssert7CEC369B | 2/5 | 17:17:50 | CREATE_FAILED        | Custom::DeployAssert@SdkCallIotDatapublish    | sns-topic-action-test/DefaultTest/DeployAssert/AwsApiCallIotDatapublish0e02a766e2fbbaa9d608b52a8e174d10/Default/Default (AwsApiCallIotDatapublish0e02a766e2fbbaa9d608b52a8e174d10) Received response status [FAILED] from custom resource. Message returned: UnknownError (RequestId: 0274816b-6937-4120-9387-6a49a46d7085)

At this time, the following error occurs in Lambda;

2023-08-05T08:17:48.674Z    af822d34-a72d-4a59-bdf2-b680dc4cde03    INFO    ForbiddenException: UnknownError
    at throwDefaultError (/var/runtime/node_modules/@aws-sdk/smithy-client/dist-cjs/default-error-handler.js:8:22)
    at deserializeAws_restJson1PublishCommandError (/var/runtime/node_modules/@aws-sdk/client-iot-data-plane/dist-cjs/protocols/Aws_restJson1.js:473:51)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async /var/runtime/node_modules/@aws-sdk/middleware-serde/dist-cjs/deserializerMiddleware.js:7:24
    at async /var/runtime/node_modules/@aws-sdk/middleware-signing/dist-cjs/middleware.js:13:20
    at async StandardRetryStrategy.retry (/var/runtime/node_modules/@aws-sdk/middleware-retry/dist-cjs/StandardRetryStrategy.js:51:46)
    at async /var/runtime/node_modules/@aws-sdk/middleware-logger/dist-cjs/loggerMiddleware.js:6:22
    at async AwsApiCallHandler.processEvent (/var/task/index.js:31779:22)
    at async AwsApiCallHandler.handle (/var/task/index.js:31459:26)
    at async Runtime.handler (/var/task/index.js:31836:20) {
  '$fault': 'client',
  '$metadata': {
    httpStatusCode: 403,
    requestId: '43e28e61-c146-23b3-c37f-e452f61fc45b',
    extendedRequestId: undefined,
    cfId: undefined,
    attempts: 1,
    totalRetryDelay: 0
  },
  traceId: '43e28e61-c146-23b3-c37f-e452f61fc45b'
}

Reproduction Steps

Use IntegTest as follofing;

const iotPublishCall = integ.assertions.awsApiCall('IotData', 'publish', {
  topic: 'device/test-device-id/data',
});

Possible Solution

It can be fixed changing the prefix of IotData in sdk-api-metadata.json to iot instead of iot-data. https://github.com/aws/aws-cdk/blob/972a06f07e861fcd71b2ebb6ca72a72c97bda0d9/packages/@aws-cdk/integ-tests-alpha/lib/assertions/providers/sdk-api-metadata.json#L266

This json file is used for setting an action of a policy of CustomResource; https://github.com/aws/aws-cdk/blob/c8258a6a6976da51e1096bef7e2e84bdc89a71c5/packages/@aws-cdk/integ-tests-alpha/lib/assertions/providers/provider.ts#L159-L172

From the document, all commands of IotData are below;

All policy actions of these command need iot prefix not iot-data. It can be confirmed with this documentation.

Additional Information/Context

No response

CDK CLI Version

v2.90.0 (git hash 972a06f07e861fcd71b2ebb6ca72a72c97bda0d9)

Framework Version

No response

Node.js Version

v20.4.0

OS

mac m1

Language

Typescript

Language Version

v1.22.19

Other information

No response

peterwoodworth commented 1 year ago

Thanks for the report and PR