Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

S3 SqsDestination and SnsDestination creates a cyclic reference

See original GitHub issue

Reproduction Steps

const app1= new cdk.App();
const stack1 = new cdk.Stack(app, "stack1");
const stack2 = new cdk.Stack(app, "stack2");

const topic = new Topic(stack2, 'Topic');

const bucket = new s3.Bucket(stack1, "bucket");
bucket.addEventNotification(      EventType.OBJECT_CREATED_PUT, new s3n.SnsDestination(topic));

$ cdk synth

What actually happened?

Error: 'stack1' depends on 'stack2' ("stack1/bucket/Notifications/Resource" depends on "stack2/Topic/Resource", "stack1/bucket/Notifications/Resource" depends on "stack2/Topic/Policy/Resource", stack1 -> stack2/Topic/Resource.Ref). Adding this dependency (stack2 -> stack1/bucket/Resource.Arn) would create a cyclic reference.

Issue Analytics

State:
Created 3 years ago
Reactions:11
Comments:14

Top GitHub Comments

1reaction

larsskaugcommented, Dec 7, 2021

0reactions

gfteixcommented, Nov 29, 2022

Other possible workaround is to use AwsCustomResource. You basically specify an AWS SDK call to be executed onCreate, onUpdate or onDelete - internally this creates a Lambda that will do the real work: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.custom_resources-readme.html#custom-resources-for-aws-apis

Note: This replaces the existing notification configuration with the configuration you include in the parameter. Check: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketNotificationConfiguration.html

// bucket created in stack1

// queue and notification in stack2
queue.addPermission(`AllowS3Invocation`, {
    action: 'sqs:SendMessage',
    principal: new ServicePrincipal('s3.amazonaws.com'),
    sourceArn: bucket.bucketArn
  })

  const notificationResource = new AwsCustomResource(this, `NotificationCustomResource`, {
    logRetention: RetentionDays.THREE_DAYS,
    policy: AwsCustomResourcePolicy.fromStatements([
      new PolicyStatement({
        effect: Effect.ALLOW,
        actions: ['s3:PutBucketNotification'],
        resources: [bucket.bucketArn, `${ bucket.bucketArn }/*`],
      })
    ]),
    onCreate: {
      service: 'S3',
      action: 'putBucketNotificationConfiguration',
      parameters: {
        Bucket: bucket.bucketName,
        NotificationConfiguration: {
          QueueConfigurations: [
            {
              Events:['s3:ObjectCreated:*'],
              QueueArn: queue.queueArn,
            }
          ]
        }
      },
      physicalResourceId: PhysicalResourceId.of(`${ id + Date.now().toString() }`),
    },
  })

  notificationResource.node.addDependency(queue.permissionsNode.findChild('AllowS3Invocation'))