Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Circular dependency on s3 notification to a destination when both destination and s3 are encrypted by same CMK

See original GitHub issue

Note: for support questions, please first reference our documentation, then use Stackoverflow. This repository’s issues are intended for feature requests and bug reports.

  • I’m submitting a …

    • 🪲 bug report
  • What is the current behavior? If the current behavior is a 🪲bug🪲: Please provide the steps to reproduce

import cdk = require('@aws-cdk/cdk');
import s3 = require('@aws-cdk/aws-s3')
import sqs = require("@aws-cdk/aws-sqs");
import kms = require("@aws-cdk/aws-kms");
import {SqsDestination} from "@aws-cdk/aws-s3-notifications";
import {BucketEncryption} from "@aws-cdk/aws-s3";
import {QueueEncryption} from "@aws-cdk/aws-sqs";

export class TestConstruct extends cdk.Construct {
    constructor(scope: cdk.Construct, id: string) {
        super(scope, id);

        const cmk = new kms.Key(this, 'CDKTest')

        const queue =  new sqs.Queue(this, 'TestQueue', {
            queueName: 'TestQueue',
            encryption: QueueEncryption.Kms,
            encryptionMasterKey: cmk

        const bucket =  new s3.Bucket(this, 'test-ankag-bucket', {
            bucketName: 'test-ankag-bucket',
            encryption: BucketEncryption.Kms,
            encryptionKey: cmk

        bucket.addObjectCreatedNotification(new SqsDestination(queue));

Exception: Circular dependency between resources: [TestConstructCDKTest25F6C8B9, TestConstructTestQueuePolicy8D6FDA03, TestConstructtestankagbucket1D7F9833, TestConstructtestankagbucketNotifications6A969D21, TestConstructTestQueue9EDE46FC]

  • What is the expected behavior (or behavior of feature suggested)?

s3 notification should be created to sqs without circular dependency exception

  • What is the motivation / use case for changing the behavior or adding this feature? This is a bug

  • Please tell us about your environment:

    • CDK CLI Version: 0.33
    • Module Version: 0.33
    • OS: [all | Windows 10 | OSX Mojave | Ubuntu | etc… ]
    • Language: [all | TypeScript | Java | Python ] TypeScript
  • Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. associated pull-request, stackoverflow, gitter, etc)

CDK 0.32 is working fine but when upgrading to CDK 0.33 we had to introduce a SqsDestination and thats when we start seeing this issue

Issue Analytics

  • State:open
  • Created 4 years ago
  • Reactions:4
  • Comments:20 (8 by maintainers)

github_iconTop GitHub Comments

berenddeboercommented, May 10, 2021

BTW, I’m on 1.102.0 (build a75d52f), and this is definitely not fixed.

berenddeboercommented, May 10, 2021

Have tried using the trust account option for the key?

You mean using trustAccountIdentities: true? That didn’t help.

Facing exactly the same issue.

I could only fix this by using a different key for S3 ad for SQS.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Resolving circular dependency in provisioning of Amazon S3 ...
Solution using custom resource​​ We can avoid the circular dependency demonstrated earlier by creating the S3 bucket without any notification ...
Read more >
S3 Cross Region Replication with KMS Encrypted Objects
DevOps Online Training Registration form: Online training, connect us on WhatsApp at +91-9642858583 =======...
Read more >
awss3 - Go Packages
Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects. Example: // The code below shows an example...
Read more >
How to solve circular dependency between AWS resources ...
The S3 bucket depends on the KMS key for encryption, and the KMS key has a condition that depends on the S3 bucket....
Read more >
@aws-cdk/aws-s3-notifications | Yarn - Package Manager
S3 Bucket Notifications Destinations. cdk-constructs: Stable. This module includes integration classes for using Topics, Queues or Lambdas as S3 ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found