Open pwed opened 7 months ago
I have tested with a typescript project and this doesn't seem to be an issue as you can just pass in a Dict with the correct key names
// aws-backup-test/lib/aws-backup-test-stack.ts
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as backup from 'aws-cdk-lib/aws-backup';
export class AwsBackupTestStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const backupFramework = new backup.CfnFramework(this, "Framework", {
frameworkControls: [
{
controlName: "BACKUP_RESOURCES_PROTECTED_BY_BACKUP_PLAN",
controlScope: {
"ComplianceResourceTypes": [
"RDS"
]
}
}
]
})
}
}
A workaround I have found for python is to not use the backup.CfnFramework.ControlScopeProperty()
class and just pass in a raw Dict as the value for control_scope
.
from aws_cdk import (
aws_backup as backup,
Stack,
App,
)
class BackupAudit(Stack):
def __init__(self, app: App, id: str, **kwargs) -> None:
super().__init__(app, id, **kwargs)
default_framework = backup.CfnFramework(
self,
"DefaultFramework",
framework_controls=[
backup.CfnFramework.FrameworkControlProperty(
control_name="BACKUP_RESOURCES_PROTECTED_BY_BACKUP_PLAN",
control_input_parameters=[],
control_scope={
"ComplianceResourceTypes": [
"RDS",
"Aurora",
"EFS",
"EC2",
"EBS",
"DynamoDB",
"FSx",
],
},
),
],
)
app = App()
BackupAudit(app, "backup-audit-sandpit")
app.synth()
The controlScope
is type any
which means it's not typed and you'll need to pass a JSON dict to it as you mentioned above.
https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_backup.CfnFramework.FrameworkControlProperty.html#controlscope
Hi @pahud,
Thanks for your response
My issue was specifically with the python class backup.CfnFramework.ControlScopeProperty
which can be used to construct the JSON Dict. When using this class, and using the key work argument compliance_resource_types
, I would expect it to render correctly.
I peeked into the source and found that the L1 constructs are generated by a build step so could not see a simple way to override the output of this type of class
Describe the bug
Can not deploy AWS Backup Audit Manager Framework using the L1 construct
The issue is that the property name for the sub type
FrameworkControl.ControlScope.ComplianceResourceTypes
is synthesized as complianceResourceTypes (lowercase c) and CFN will fail validation.Expected Behavior
L1 construct for
AWS::Backup::Framework.FrameworkControl.ControlScope.ComplianceResourceTypes
would synth with the correct casingCurrent Behavior
L1 construct for
AWS::Backup::Framework.FrameworkControl.ControlScope.ComplianceResourceTypes
synth produces the following with a lowercase "c"Reproduction Steps
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.127.0 (build 6c90efc)
Framework Version
aws-cdk-lib 2.128.0
Node.js Version
v20.11.0
OS
Ubuntu 22.04 (WSL)
Language
Python
Language Version
Python 3.10.12
Other information
Passing a raw dictionary into
control_scope
with the correct key values will produce the correct CFN outputThe issue only seems to occur when you use the
backup.CfnFramework.ControlScopeProperty()
class as an input