search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.38k stars 3.79k forks source link

[lakeformation] CfnDataLakeSettingsProps Leaves cruft, which causes errors #9097

Closed forbesmyester closed 3 years ago

forbesmyester commented 4 years ago

CDK seems to be able to create CfnDataLakeSettingsProps but CloudFoundation seems unable to delete.

Admins get stuck and attempting creation, while already there, causes error and rollback.

Reproduction Steps

        let props: lakeformation.CfnDataLakeSettingsProps = {
            admins: [{ dataLakePrincipalIdentifier: u.userArn }]
        }

        let settings = new lakeformation.CfnDataLakeSettings(this, 'lakeformationsettings', props);

Error Log

10:00:32 AM | CREATE_FAILED | AWS::LakeFormation::DataLakeSettings | lakeformationsettings Invalid principal, arn: arn:aws:iam::XXX:user/ms-datalakeadministrator (Service: AWSLakeFormation; Status Code: 400; Error Code: InvalidInputException; Request ID : 3941ab8c-85cc-4a75-95f8-f52e4a0c7883)

    CdkStack.attachUserToLakeFormation (/home/xxx/xxx/log-level-data/cdk/lib/cdk-stack.ts:168:24)
    \_ new CdkStack (/home/xxx/xxx/log-level-data/cdk/lib/cdk-stack.ts:356:14)
    \_ Promise.all.then (/home/xxx/xxx/log-level-data/cdk/bin/cdk.ts:49:5)
    \_ process._tickCallback (internal/process/next_tick.js:68:7)

❌ LakeFormationTest failed: Error: The stack named LakeFormationTest is in a failed state: UPDATE_ROLLBACK_COMPLETE The stack named LakeFormationTest is in a failed state: UPDATE_ROLLBACK_COMPLETE

Environment

Other

The workaround is to manually delete in AWS Lake Formation > Admins and database creators > Data lake administrators

This is :bug: Bug Report

iliapolo commented 3 years ago

@forbesmyester Can you please expand on the full flow you are doing?

From what I can gather, it looks like you already have a few resources deployed, and you now add this DataLakeSettings resource. The new resource fails to deploy because you specified an invalid principle, and CloudFormation simply rolls back the last operation. You can tell by the UPDATE_ROLLBACK_COMPLETE status, which means CloudFormation performed a rollback on the last UPDATE operation. It does not, and should not, delete your entire stack in such a scenario.

If you want to delete the stack, you can run cdk destroy.

Did I understand correctly?

github-actions[bot] commented 3 years ago

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.