(events): Rules are created incorrectly for resources that don't belong to its Stack environment
See original GitHub issueWe allow resources to be imported from a different environment than the Stack they are imported to. Something like:
import * as cdk from '@aws-cdk/core';
import * as ecr from '@aws-cdk/aws-ecr';
const app = new cdk.App();
const stack = new cdk.Stack(app, 'Stack1', {
env: { region: 'region1', account: 'stack-account' },
});
const repo = ecr.Repository.fromArn(stack, 'Repo',
'arn:aws:ecr:us-west-2:012345678901:repository/my-repo');
Above, repo
belongs to a different environment than stack
.
However, when we use a CloudWatch Events Rule-creating API of a resource like that, like this:
repo.onCloudTrailImagePushed('SourceEventRule', {
target: someTargetThatBelongsToStack,
});
What happens is that the Rule
is created in the environment of the stack
, and not the environment of the source (repo
in this case)!
This means this logic of determining whether a given Target is cross-environment or not fails for this case.
This was noticed by @fasatrix in https://github.com/aws/aws-cdk/issues/10901#issuecomment-905940853.
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 2 years ago
- Comments:8 (4 by maintainers)
Top Results From Across the Web
Detecting unmanaged configuration changes to stacks and ...
Drift detection enables you to detect whether a stack's actual configuration differs, or has drifted, from its expected configuration.
Read more >Cannot connect with RDP to a Windows VM in Azure - Virtual ...
Troubleshoot issues when you cannot connect to your Windows virtual machine in Azure using Remote Desktop.
Read more >Using Custom Resources to Extend your CloudFormation
Perhaps CloudFormation doesn't have support for a resource that you need. ... them incorrectly can wreak havoc on your CloudFormation stack.
Read more >Content Management API | Contentful
There are no events for creating or deleting an environment. Environments and snapshots. Snapshots are only available for entries and content types belonging...
Read more >Problem detection and analysis | Dynatrace Docs
Understand the basic concepts related to how Dynatrace detects and raises alerts for problems detected in your environment.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@skinny85 Thanks for your answer. I am not sure I got what you mean but to clarify I have made a diagram.
Context:
Account A
(which belongs to aDevOps/Infrastructure squad
and hosts all common things Including ECR as a service)Account A
), squads wants to listen to image changes and then trigger and auto-deployment if that happens.To make the above happen we have created the following process:
Account A
events to be written on each of this Account’s default bus (Trusted principal policy)The above works already well, we are just worried that if the proposed change goes ahead it will break this current solution and also we are wondering whether there is a simpler way to achieve the above.
This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.