Skip to content

(custom-resources): AwsCustomResourcePolicy.fromSdkCalls does not work with v3 command format #27255

New issue
New issue
Closed
#27313
Closed
(custom-resources): AwsCustomResourcePolicy.fromSdkCalls does not work with v3 command format#27255
#27313
Labels
@aws-cdk/custom-resourcesRelated to AWS CDK Custom ResourcesbugThis issue is a bug.effort/mediumMedium work item – several days of effortp2
@luxaritas

Description

@luxaritas
luxaritas
opened on Sep 22, 2023

Describe the bug

Creating an AwsCustomResource with a service/action using the AWS CDK v3 format and a policy AwsCustomResourcePolicy.fromSdkCalls fails

Expected Behavior

A policy is correctly created

Current Behavior

Error: Action '@aws-sdk/client-ec2:ModifyInstanceMetadataOptionsCommand' is invalid. An action string consists of a service namespace, a colon, and the name of an action. Action names can include wildcards.
    at PolicyStatement.validatePolicyActions (/home/jonathan/Development/eterna/infra/node_modules/aws-cdk-lib/aws-iam/lib/policy-statement.js:2:3414)
    at PolicyStatement.addActions (/home/jonathan/Development/eterna/infra/node_modules/aws-cdk-lib/aws-iam/lib/policy-statement.js:2:1290)
    at new PolicyStatement (/home/jonathan/Development/eterna/infra/node_modules/aws-cdk-lib/aws-iam/lib/policy-statement.js:2:579)
    at new AwsCustomResource (/home/jonathan/Development/eterna/infra/node_modules/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.js:1:5701

Reproduction Steps

The call I'm currently running into this with:

new AwsCustomResource(instance, `enableMetadataTags`, {
  onCreate: {
    service: '@aws-sdk/client-ec2',
    action: 'ModifyInstanceMetadataOptionsCommand',
    parameters: {
      InstanceId: instance.instanceId,
      InstanceMetadataTags: 'enabled'
    },
    physicalResourceId: PhysicalResourceId.of('EnableMetadataTags')
  },
  onDelete: {
    service: '@aws-sdk/client-ec2',
    action: 'ModifyInstanceMetadataOptionsCommand',
    parameters: {
      InstanceId: instance.instanceId,
      InstanceMetadataTags: 'disabled'
    }
  },
  policy: AwsCustomResourcePolicy.fromSdkCalls({
    resources: AwsCustomResourcePolicy.ANY_RESOURCE
  })
});

Possible Solution

I'm assuming to construct the correct policy, the service name needs to strip @aws-sdk/client- and the action needs to strip Command

Additional Information/Context

No response

CDK CLI Version

2.94.0 (build 987c329)

Framework Version

No response

Node.js Version

v18.17.1

OS

Linux

Language

Typescript

Language Version

No response

Other information

If my assessment is correct, this should be easy for me to submit a PR for if that would be helpful!

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/custom-resourcesRelated to AWS CDK Custom ResourcesbugThis issue is a bug.effort/mediumMedium work item – several days of effortp2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions