Open Ronnie76er opened 3 months ago
Hi @Ronnie76er , thanks for reaching out. This scenario works fine for me ,given the same bucket name and stack name. I Here is the snapshot for the same -
sample code snippet for reference -
export class BucketNameIssueStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const s3Bucket = new s3.Bucket(this, "some-bucket", {
bucketName: "my-bucket-name-009"
})
const somerole = new iam.Role(this, 'some-role', {
assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
});
s3Bucket.grantReadWrite(somerole);
}
}
There Cloudformation tracks resources through Logical ids described in this article. Although given the same name to stack and bucket, their logical id is different ,hence it should not cause any error.
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
@khushail it's very weird. So, using your code to reference the role, I get the same result as you, it works. However, referencing a role in the way I do, the error is there. You may need to reference a role that already exists in the account to get it to reproduce.
Here's the code now:
export class SampleCdkIssueStack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
const someBucket = new s3.Bucket(this, 'some-bucket', {
bucketName: `a-bucket-${this.account}`
});
// This throws the "Error: There is already a Construct with name 'some-bucket' in SampleCdkIssueStack [some-bucket]"
// const someRole = Role.fromRoleName(this, id, 'some-role');
// This works fine
// const someRole = new iam.Role(this, 'some-role', {
// assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
// });
// someBucket.grantReadWrite(someRole);
}
}
And here's the screenshot of it running, first referencing the role how I did, and then creating a role as you did (I aborted without deploying, but it seems like it would apply fine):
Here's a screenshot of the resources in the CloudFormation, before trying to apply the role:
Let me know if there's any other information I could provide. What I'm trying to do in my actual CloudFormation is allow an existing role in the account to readWrite to the bucket, and I'm wondering if I have to do some annoying moving of resources so that the logical ids don't conflict.
NOTE: Doing the above, I used CDK version: 2.135.0 (build d46c474)
Hey @Ronnie76er , I used an existing role and granted the bucket read write access to the role which succeeded. Sharing the snippet -
const s3Bucket = new s3.Bucket(this, "some-bucket", {
bucketName: "my-bucket-name-0913"
})
const somerole = iam.Role.fromRoleArn(this,"some-role-091","arn:aws:iam::12345678910:role/some-role-name-090")
s3Bucket.grantReadWrite(somerole);
This is the policy role had-
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:Abort*",
"s3:DeleteObject*",
"s3:GetBucket*",
"s3:GetObject*",
"s3:List*",
"s3:PutObject",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:PutObjectTagging",
"s3:PutObjectVersionTagging"
],
"Resource": [
"arn:aws:s3:::my-bucket-name-0913",
"arn:aws:s3:::my-bucket-name-0913/*"
],
"Effect": "Allow"
}
]
}
let me know if this does not work for you.
Describe the bug
I created a stack and a bucket with the same value for
id
,some-bucket
in the example. This created successfully. I then tried to add a role to the bucket. It failed with an error:Expected Behavior
I expect that the stack would error out on first create, being that the stack construct ID and the bucket construct ID are the same.
Current Behavior
The stack is allowed to be created at first, but you cannot update the role afterwards, and need to do some type of migration of the bucket to fix it.
The full stack trace of the error is:
Reproduction Steps
bin/sample-cdk-issue.ts
lib/sample-cdk-issue-stack.ts
This is the only use case I came across where it happens. I tried adding a tag to the bucket, but that did NOT recreate the issue.
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.133.0 (build dcc1e75)
Framework Version
No response
Node.js Version
v20.6.1
OS
Linux 6a3d87591146 6.6.16-linuxkit #1 SMP Fri Feb 16 11:54:02 UTC 2024 aarch64 GNU/Linux
Language
TypeScript
Language Version
5.3.3
Other information
No response