search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.65k stars 3.91k forks source link

stepfunctions-tasks: mediapackagevod service generates wrong action in role policy #28774

Closed orekav closed 9 months ago

orekav commented 9 months ago

Describe the bug

Following code is properly creates a step in Step Functions

new sfn_tasks.CallAwsService(stack, 'DeleteMediaPackageVoDAsset', {
  service: 'mediapackagevod',
  action: 'deleteAsset',
  resultPath: sfn.JsonPath.DISCARD,
  iamResources: ['*'],
});

However, it creates wrong statement in the role policy.

        {
            "Action": "mediapackagevod:deleteAsset",
            "Resource": "*",
            "Effect": "Allow"
        }

Correct service prefix for MediaPackageVoD is mediapackage-vod. https://docs.aws.amazon.com/service-authorization/latest/reference/list_awselementalmediapackagevod.html

This issue is similar with https://github.com/aws/aws-cdk/issues/27573 and https://github.com/aws/aws-cdk/issues/28081.

Expected Behavior

Action should be mediapackage-vod:deleteAsset

Current Behavior

Action is mediapackagevod:deleteAsset

Reproduction Steps

Sample code for reproduction is below:

import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import {
  aws_stepfunctions as sfn,
  aws_stepfunctions_tasks as sfn_tasks,
} from 'aws-cdk-lib';

export class SfnMediaPackageVoDStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const deleteAsset = new sfn_tasks.CallAwsService(stack, 'DeleteMediaPackageVoDAsset', {
      service: 'mediapackagevod',
      action: 'deleteAsset',
      resultPath: sfn.JsonPath.DISCARD,
      iamResources: ['*'],
    });

    new sfn.StateMachine(this, 'SimpleStateMachine', {
      definitionBody: sfn.DefinitionBody.fromChainable(deleteAsset)
    });
  }
}

Possible Solution

aws-cdk/packages/aws-cdk-lib/aws-stepfunctions-tasks/lib/aws-sdk/call-aws-service.ts

Additional Information/Context

No response

CDK CLI Version

2.122.0

Framework Version

No response

Node.js Version

v18.19.0

OS

MacOS

Language

TypeScript

Language Version

No response

Other information

No response

pahud commented 9 months ago

Thank you for the report and pull request.

github-actions[bot] commented 9 months ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.