Open steven-robbins opened 1 month ago
Hi @steven-robbins , thanks for reaching out. I tried to repro the scenario and observed that by adding this block, the code started failing with imports as you mentioned above -
const rotationSchedule = new secretsmanager.RotationSchedule(this, 'ExampleRotationSchedule', {
secret: secret,
hostedRotation: secretsmanager.HostedRotation.mysqlSingleUser(),
});
Although the issue is reproducible, I noticed that its mentioned in the docs that one has to add the transform- You must specify Transform: AWS::SecretsManager-2020-07-23 at the beginning of the CloudFormation template.
. that is the reason why this function -
is being executed which invokes the addTransform()
method -
This is snippet of synthesized template , the Transform
gets added in the beginning of the template-
{
"Transform": "AWS::SecretsManager-2020-07-23",
"Resources": {
"ExampleVpc7799291B": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsHostnames": true,
"EnableDnsSupport": true,
"InstanceTenancy": "default",
"Tags": [
{
"Key": "Name",
"Value": "SecretManagerIssueStack/ExampleVpc"
}
]
},
"Metadata": {
"aws:cdk:path": "SecretManagerIssueStack/ExampleVpc/Resource"
}
},
@steven-robbins , RotationSchedule()
is not supported by cdk import
. Please see here the list of importable resources -https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html.
However you could proceed with importing VPC and Secret. I am closing this issue for now as its not supported. Please feel free to reopen if you have any further queries. Thanks!
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
I'm not sure I would consider this bug addressed. Introducing secret rotation causes all resources in the stack to be considered an "unsupported resource type". This means the VPC and Secret resources cannot be imported.
I'm not sure I would consider this bug addressed. Introducing secret rotation causes all resources in the stack to be considered an "unsupported resource type". This means the VPC and Secret resources cannot be imported.
In order to use cdk import
your code in the app must be modeled exactly the same as it already exists. It cannot contain any mutations on those resources until the import is already completed. While you're correct that the error message here is misleading, the fact that this does not work how you are attempting to use it is expected behavior.
We should not resolve this, however, until the error messages have been addressed.
Describe the bug
Secrets Manager RotationSchedule is causing all resources in the stack to be reported as "unsupported resource type" during cdk import.
Expected Behavior
Supported resources are able to be imported during cdk import
Current Behavior
Reproduction Steps
Possible Solution
No response
Additional Information/Context
It looks like this is the line that is causing all stack imports to fail.
Stack.of(scope).addTransform('AWS::SecretsManager-2020-07-23');
https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-secretsmanager/lib/rotation-schedule.ts#L309CDK CLI Version
2.148.1
Framework Version
No response
Node.js Version
v20.10.0
OS
MacOS 14.5
Language
TypeScript
Language Version
No response
Other information
No response