Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ARNs use aws as partition #67

Closed
dscpinheiro opened this issue Sep 15, 2020 · 1 comment
Closed

ARNs use aws as partition #67

dscpinheiro opened this issue Sep 15, 2020 · 1 comment
Assignees
@hnishar
Labels
bug Something isn't working

Comments

@dscpinheiro
Copy link
Contributor

dscpinheiro commented Sep 15, 2020
edited
Loading

In some places of the Constructs library, ARNs are built using the string aws as the partition. For instance:

aws-solutions-constructs/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/lib/index.ts

Lines 95 to 100 in 50d3e9c

new iam.PolicyStatement({
actions: [
'logs:PutLogEvents'
],
resources: [`arn:aws:logs:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:log-group:${this.kinesisFirehoseLogGroup.logGroupName}:log-stream:${cwLogStream.logStreamName}`]
})

aws-solutions-constructs/source/patterns/@aws-solutions-constructs/core/lib/lambda-helper.ts

Line 66 in 2740df7

resources: [`arn:aws:logs:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:log-group:/aws/lambda/*`]

aws-solutions-constructs/source/patterns/@aws-solutions-constructs/core/lib/apigateway-helper.ts

Line 46 in abddeed

resources: [`arn:aws:logs:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:*`]

This can cause problems when deploying to AWS China or AWS GovCloud (US) regions.

Environment

  • CDK CLI Version : 1.63.0
  • AWS Solutions Constructs Version : 1.63.0

Other

Suggestion is to use the PARTITION property of the Aws class in the CDK:

resources: [`arn:${cdk.Aws.PARTITION}:logs:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:log-group:/aws/lambda/*`]

This is 🐛 Bug Report
@dscpinheiro dscpinheiro added bug Something isn't working needs-triage The issue or PR still needs to be triaged labels Sep 15, 2020
@dscpinheiro dscpinheiro changed the title ARNs always use aws as partition ARNs use aws as partition Sep 15, 2020
@hnishar hnishar added in-progress This issue is being actively worked on and removed needs-triage The issue or PR still needs to be triaged labels Sep 16, 2020
@hnishar hnishar self-assigned this Sep 17, 2020
@hnishar
Copy link
Contributor

hnishar commented Sep 24, 2020

This has been fixed in v1.64.0

@hnishar hnishar closed this as completed Sep 24, 2020
@hnishar hnishar removed the in-progress This issue is being actively worked on label Sep 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hnishar hnishar

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dscpinheiro @hnishar