S3 Bucket Policy Changes Not Recognized As A Change on CDK Deploy
See original GitHub issueWhen making changes to a bucket policy from a pre-existing bucket, applying changes to its Policy are not applied. The CDK seems to act as if no changes are needed
Reproduction Steps
Note that I have changed the names of things in this example to simplify and avoid disclosing
Adding the following code to my application to edit a pre-existing bucket’s bucket policy so that other resources may get to it which may or may not have been created with the CDK
const myPreExistingBucket = s3.Bucket.fromBucketName(this, 'MyPreExistingBucket-Lookup-ID', "mypreexistingbucket");
myPreExistingBucket.addToResourcePolicy(new iam.PolicyStatement({
actions:[
"s3:*"
],
resources:[
"arn:aws:s3:::mypreexistingbucket",
"arn:aws:s3:::mypreexistingbucket/*"
],
principals:[
new iam.AccountPrincipal("arn:aws:iam::XXXXXXXXXXXX:root")
]
}));
Then deploy with the CDK:
cdk -i --region us-east-1 --app 'npx --quiet ts-node app.ts' deploy --profile datascience
Error Log
Error message is not an error but a false positive in that there are no changes needing to be applied, when there are. Checking the account as well shows no updates in the cloud formation templates and the Bucket Policy not being applied to the Bucket
Environment
- CLI Version : Attempted with v1.26.0 and v1.18.0
- Framework Version: Nodejs - v12.16.1, NPM - v6.13.4
- OS : MAC OS Mojave
- Language : Typescript - v3.7.4
Other
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 4 years ago
- Reactions:13
- Comments:18 (9 by maintainers)
I’m kinda facing similar issue. Is there a way to append the statements to existing policy in the existing bucket? The solutions discussed here just overwrites the whole bucket policy.
just experienced this issue. An error would be nice as cdk fails silently 😦