Synth Error: AWS S3 Bucket with SSE

chiayuan commented 2 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

cdktf & Language Versions

cdktf: 0.6.3
Python: 3.7
Terraform: 1.0.2

Affected Resource(s)

AWS S3 Bucket

Debug Output

https://gist.github.com/chiayuan/654b16547bc398d19dcd04a460a1b9bf

Expected Behavior

It is an official Terraform example code. Should be able to synth and deploy an S3 bucket with SSE.

Actual Behavior

A jsii.errors.JSIIError: Missing required properties for aws.S3BucketServerSideEncryptionConfigurationRule: applyServerSideEncryptionByDefault. error occurs when synthesizing.

Steps to Reproduce

By cdktf convert feature, I just copy terraform s3 bucket example. and use pbpaste | cdktf convert --language python to get converted python codes to paste in my stack.

Others

Also just wondering, it will be great if there are some guides to use complex attributes. Actually, I can write IaC with cdktf smoothly most of the time, but I stuck and didn't know how to do when i saw something like:

server_side_encryption_configuration: typing.Optional[typing.Sequence["S3BucketServerSideEncryptionConfiguration"]] = None,

That's the reason why I use cdktf convert to give it a try.

danieldreier commented 2 years ago

@chiayuan thanks for reporting this!

jsteinich commented 2 years ago

I suspect that this is similar to #934.

Try using something along the lines of:

aws.S3Bucket(self, "mybucket",
    bucket="mybucket",
    server_side_encryption_configuration=[S3BucketServerSideEncryptionConfiguration(
        "rule": [S3BucketServerSideEncryptionConfigurationRule(
            "apply_server_side_encryption_by_default": [S3BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault(
                "kms_master_key_id": aws_kms_key_mykey.arn,
                "sse_algorithm": "aws:kms"
            )
            ]
        )
        ]
    )
    ]
)

Sometimes jsii (technology behind the multi-language support) is able to infer the correct types, but not always.

chiayuan commented 2 years ago

@jsteinich Thank you for helping. Python code that works will look like:

S3Bucket(
    self,
    "mybucket",
    bucket="mybucket",
    server_side_encryption_configuration=[
        S3BucketServerSideEncryptionConfiguration(
            rule=[
                S3BucketServerSideEncryptionConfigurationRule(
                    apply_server_side_encryption_by_default=[
                        S3BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault(
                            kms_master_key_id= aws_kms_key_mykey.arn,
                            sse_algorithm="aws:kms",
                        )
                    ]
                )
            ]
        )
    ],
)

And yeah, the jsii converted Sequence["S3BucketServerSideEncryptionConfiguration"] type confuses me lol. Thanks a lot!

mutahhir commented 1 year ago

mutahhir commented 12 months ago

It's hard to test this anymore because the AWS provider has changed to remove this specific resource configuration. However, with the new changes to convert on main right now, I expect this to be solved already.

If that's not the case, please reopen with a terraform config that we can use to reproduce the issue.

github-actions[bot] commented 11 months ago

I'm going to lock this issue because it has been closed for 30 days. This helps our maintainers find and focus on the active issues. If you've found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashicorp / terraform-cdk