(aws-cdk-lib/custom-resources): L2 Provider construct generate circular dependency #20360
Comments
lmouhib
added
bug
github-actions
bot
added
the
@aws-cdk/custom-resources
|
To reproduce the error clone/fork this repository |
|
This is the actual error message Circular dependency between resources: [customresourceproviderframeworkonTimeout03C9F325, customresourceproviderframeworkonEvent8A5AE2D2, customresourceproviderwaiterstatemachineRoleDefaultPolicy7AD89E4F, customresourceproviderframeworkisComplete934E4E18, customresourceproviderwaiterstatemachineBC63D394, providerRoleDefaultPolicy70D60963] |
|
if we comment |
rix0rrr
added
effort/small
|
I got the following : Stack Deployments Failed: ValidationError: Circular dependency between resources: [CloudSearchDomainRoleDefaultPolicyD495E4C7, CloudSearchDomainCustomResourceE2BABF82, CloudSearchDomainProviderframeworkonTimeout333FF4AE, CloudSearchDomainProviderwaiterstatemachineRoleDefaultPolicy831754FB, CloudSearchDomainProviderframeworkisComplete94D623D4, CloudSearchDomainProviderwaiterstatemachine21988061, CloudSearchDomainProviderframeworkonEvent4A6BA2ED] |
|
you can work around this by manually defining the provider role, granting the required permissions and then calling |
|
Comments on closed issues and PRs are hard for our team to see. |
1 similar comment
|
Comments on closed issues and PRs are hard for our team to see. |
…vided to Provider (aws#33600) ### Issue # (if applicable) Closes aws#20360 ### Reason for this change When users specify a isCompletehandler and specifies a custom role for the provider framework, the output template is not deployable due to circular dependencies. ### Description of changes The change here is to deprecate the old `role` property because this `role` is shared between the 3 framework lambda functions. The state machine will depends on the sfn default policy. The default policy depends on isCompleteLambda (granting invoke function permission). isCompleteLambda depends on common default role policy. The common role default policy has startExecution permission to SFN. The solution is to deprecate `role` and introduce new roles for the onEvent lambda and isComplete/onTimeout lambda ### Describe any new or updated permissions being added N/A ### Description of how you validated changes New tests ### Checklist - [ ] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Describe the bug
When passing a role to the
Providerthe construct is no longer able to deploy correctly and fails with a circular dependency between the functions and policies generated by theProvider.At CDK deploy time the deployment fails with
Circular dependency between resources:this where the construct is defined
https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_custom-resources.Provider.html
Expected Behavior
The Provider should deploy with the provider role without CFN failing with
Circular dependency between resources:Current Behavior
The Provider fail deploying with
Circular dependency between resources:Reproduction Steps
onEventHandlerandisCompleteHandlerFunctionslambda.amazonaws.comProviderand pass to it the role and functions created abovePossible Solution
Fix the dependency on the Provider created resources.
Additional Information/Context
No response
CDK CLI Version
2.24.1 (build 585f9ca)
Framework Version
No response
Node.js Version
v14.17.6
OS
macOS Monterey
Language
Typescript
Language Version
4.1.6
Other information
No response
The text was updated successfully, but these errors were encountered: