Open ujjwol05 opened 1 week ago
When you enable the crossRegionReferences: true,
, what's happening behind the scene is that there would be a custom resource as the writer being created to write the state to SSM parameter. It won't be conditional and it would always happen. If you are referencing something that could be conditionally created cross-region, that might be an issue.
I guess you probably need to create a mock or dummy webAclArnOutput
and still output from the waf stack even when the waf is not going to be created and that might be a workaround.
Describe the bug
In my main stack located in the ap-southeast-2 region, I have a CloudFront distribution, which operates globally. This setup is functioning correctly.
However, I faced difficulties creating an AWS WAF in the same stack because WAF needs to be in a different stack due to regional constraints. I resolved this by creating a separate stack for the WAF and enabled crossRegionReferences in the main stack to reference the WAF.
When the condition to enable the WAF is true, everything works as expected. But when I set the condition to false, I receive an error: Template format error: Unresolved resource dependencies [XXXX] in the Resources block of the template. Upon reviewing the synthesized template, I see that the Lambda function and the role were created without considering the condition. I believe this is the issue? The lambda and the role should also have condition attached to it? Example of synth temp is
Regression Issue
Last Known Working CDK Version
No response
Expected Behavior
When the condition is false, the stack should deploy successfully, and no resources should be created.
Current Behavior
Throws and error "Template format error: Unresolved resource dependencies [XXXX] in the Resources block of the template"
Reproduction Steps
new MainStack( app,
main-stack
, { webAclArnExport: wafStack?.webAclArnOutput, }, { env: { region: process.env.CDK_DEFAULT_REGION, }, crossRegionReferences: true, } );// WAF stack const isWafEnabled = new cdk.CfnCondition(this, 'waf', { expression: cdk.Fn.conditionEquals( 'false', 'true' ), });
const webAcl = new wafv2.CfnWebACL(this, 'web-acl', { scope: 'CLOUDFRONT', ... }
webAcl.cfnOptions.condition = isWafEnabled;