Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Russell Maclean
    @russmac
    @rob-gonz Cheers, Ill check out the ticket.
    Fernando Correa Neto
    @fcorrea
    Hi there. I'm currently trying to pass RDS secrets from secrets manager in a Fargate task and it seems impossible, at least right now, to create an ecs.Secret that uses dynamic references like so that it can resolve host, password etc. What would be the advised way of doing that? The secret itself is created from an ARN and from there I'd like to get the dynamic references such as {{resolve:secretsmanager:secret-id:secret-string:json-key:version-stage:version-id}} to be used as ValueFrom
    zBrianW
    @zBrianW
    Hi, we are using Fn.importValue to get a list of id's (comma delimited) exported by another stack; how would we be able to iterate through each value, as the value is ${Token[TOKEN.10]} so are unable to do a split ... any thoughts / ideas please?
    have read mentions of .resolve() but not sure re the implementation for that
    niranjan2020
    @niranjan2020
    How to specify SourceSecurityGroupId? For example, mws_vpc_sg.add_ingress_rule(peer = ec2.Peer(mws_vpc_sg_alb), connection = ec2.Port.tcp(80));
    Zhi Yan Liu
    @LiuZhiyan
    @niranjan2020 can you access http://git.awsrun.com/rp/riverrun-wheeltower/blob/master/src/main/java/com/amazonaws/rp/riverrun/wheeltower/videostreamdemo/VideoStreamDemoDeviceStack.java#L72
    if you are using CfnInstance and CfnSecurityGroup, you can use CfnInstance.withSecurityGroupIds(Arrays.asList(CfnSecurityGroup.getRef()))
    Eduard Thamm
    @edthamm_gitlab
    @itajaja yeah probably. Still sticks out as odd to me since at least the way I learned English and the way sizes are used where I currently stay it is just way of base.
    Well anyways thanks for your answer.
    niranjan2020
    @niranjan2020
    How to write lifecycle rules to ecr? Any examples in python?
    ECRRepository.add_lifecycle_rule(???)
    niranjan2020
    @niranjan2020
    Tried something ECRRepository.add_lifecycle_rule(rule_priority=1, description="Image retention", tag_status="any", max_image_count=100, type="imageCountMoreThan", type="expire" )
    This is throwing SyntaxError: keyword argument repeated error
    Any idea on correct syntex?
    jforge
    @jforge

    @jkosternl @fogfish

    @jforge > Is it possible to load a cloudfront webdistribution by id or arn with CDK in a multi stack environment? I would like to decouple creation of the distribution from creation of Route53 Zones, and I do not see some .fromXXX method with Cloudfront.

    That's similar to my question, on how to decouple the creation of an S3 bucket, CloudFront with Route53 and Certificate and later set a bucket policy, referring back to the webdistribution. Until now, I don't have a working solution unfortunately, so maybe create a feature request out of it?

    If there is no solid argument against such a feature: yes.

    I scrutinize myself, whether it makes sense from the CDK creators point of view. In my case a .fromXXX method in the Cloudfront module allows me to establish a better logic/structure in the stack code improving maintainability and testability.
    (Besides this I'm used to avoid "bigbangs" in such code, even if the actual outcome do so).

    niranjan2020
    @niranjan2020
    How to include principals in policystatement? Any thoughts?
    Tim McGee
    @wasitim
    @nikhilbhoj , thanks for the link I'll take a look at it this morning. @russmac thank you as well for the comments. I've found differences from the created roles as well and it seems this one also had an issue with KMS policies. Tech support has been looking at the issue as well for 2 days now and can't produce a workable solution.
    I'll keep you updated.
    fogfish
    @fogfish
    @jforge Usage of fromXXX is advertised for any resources created outside of CDK. CDK team recommends to use cross stack dependencies for CDK manager resources. fromXXX would be useful things.
    J. Koster
    @jkosternl
    @fogfish When I need to have multi region setup with Cloudfront and regional buckets and policies set correctly, I it just not possible to do that without circular dependencies... A fromXXX on Cloudfront would help a bit maybe.
    This is the order I need:
    1. setup bucket in EU
    2. setup Cloudfront in US with reference to bucket
    3. add certificate and domain name
    4. go back to EU and add a bucket policy which is only open for our Cloudfront.
      Since different regions needs to be done in a different Stack, I can't get this to work with CDK.
    working.unit.0
    @wrkngu0
    Hi all, is there any possibility to avoid using "!Ref" in resource properties from CDK side?
    I'm facing this issue awslabs/serverless-application-model#271
    I wanted to ref from s3-asset object, but SAM does not support ref for CodeUri property
    Leonardo Machado
    @Leonard35083106_twitter

    @skinny85 I've got to reduce the problem to this: If I just write one Lambda function (nothing cross-stack inside the Lambda Construct) using e.g. an Asset Code (which should by itself create a zip file from a local lambda folder / take an already zipped lambda, upload it to an S3 bucket, and reference it afterwards), I get the exact same error (i.e. "Parameters must have values") in the pipeline's deploy stage when trying to create a CFN Change Set. Reference code is below.

    Lambda function:

    new lambda.Function(this, ‘LambdaFunction’, {
    handler: “index.handler",
    runtime: lambda.Runtime.NODEJS_8_10,
    code: lambda.Code.fromAsset(path.join(__dirname, 'lambda.zip')),
});

    Exact error message during CFN Change Set creation (redacted parts are identifier characters only):

    Parameters: [AssetParameters[…]S3VersionKey[...], AssetParameters[…]S3Bucket[...], AssetParameters[…]ArtifactHash[...]] must have values (Service: AmazonCloudFormation; Status Code: 400; Error Code: ValidationError; Request ID: […])

    As a solution to my problem, as far as I got to it: In CDK, aws-codepipeline-actions.CloudFormationCreateReplaceChangeSetActionProps() and aws-codepipeline-actions.CloudFormationExecuteChangeSetActionProps() seem not to use cdk deploy during deployment, it deploys the CFN template alone. That means if you are deploying a CFN template with e.g. assets, these assets are not packed and uploaded into S3, hence the problem of the stack deployed from this CFN template not finding them afterwards. As a workaround, I've deployed my app through cdk deploy from the build environment's console at the end of the build phase. Works as expected this way.

    So, if you are using any of these classes, do count with cdk deploy not being called.

    (Any corrections/updates here are welcome).

    Leonardo Machado
    @Leonard35083106_twitter
    @wasitim Were you able to find a solution to your problem?
    J. Koster
    @jkosternl
    Simple CDK Lambda question: where/how can I configure a SQS destination for a Lambda? I can find info on event sources, but not for a destination.
    Or is this just not available inside CDK yet? I can't find examples doing this as well. Only for Lambda's who listen on a queue.
    Jonathan Goldwasser
    @jogold
    @jkosternl not supported yet, you can follow #5299
    J. Koster
    @jkosternl
    Ah ok, thanks @jogold for giving the pointer and info.
    Tim McGee
    @wasitim
    @nikhilbhoj , thanks so much, your code worked for me. @Leonard35083106_twitter , yes, if you run into similar issues, take a look at @nikhilbhoj link to his repo
    I think I had a couple issues in not understanding how the deploy process was working. For one, I just copied in a file into the lambda director with no npm init being done so the npm build wasn't really happening. The other issue, was that I had copied over a js file and for some odd reason, renamed it to ts. It therefore wasn't doing anything when the top level package.json ran a build with tsc. The odd bit about all of this is how that caused the S3 permissions error I was running into.
    At this point it's taken up far to much of my time, but I will be going back to my original stack to try and replicate the good results and will report back on any issues found.
    Nevin
    @unclenevin_twitter
    apigateway question....I'm deploying an API Gateway with a Lambda integration, but I can't get it to actually deploy the gateway. It seems that the automatic deployment of the resource does not include the deploying of the POST method as it is added after the fact. There seems like there should be a way to re-deploy or add it to the deployment, but the documentation is extremely spotty in this particular case.
    does anyone have an example of this?
    fogfish
    @fogfish
    hmm... it just work.
    just provide deploy: true and deployOptions
    then use LambdaIntergation
    minimal example is here https://github.com/aws-samples/aws-cdk-examples/tree/master/typescript/my-widget-service
    luketk05
    @luketk05

    Hello, I'm trying to write an S3 bucket policy using typscript that limits access to an S3 endpoint. I;m having difficulty determining how to add a deny statement and how to get the vpceid. Here's the code I have do far:

    var s3EndpointVpce = this.s3endpoint.getAtt(//vpceid);
    const policyInStatement = new iam.PolicyStatement();
    //Need to somehow specify a 'deny' effect
    policyInStatement.addActions('s3:GetBucket');
    policyInStatement.addActions('s3:GetObject    ');
    policyInStatement.addActions('s3:List');
    policyInStatement.addAnyPrincipal();
    //policyInStatement.addResources(this.dataInBucket.bucketArn);
    policyInStatement.addResources(`${this.dataInBucket.bucketArn}/    `);
    //policyInStatement.addArnPrincipal(s3EndpointArn.toString());
    policyInStatement.addCondition('StringNotEquals', 'SourceVpce:'.concat(s3EndpointVpce.toString()));
    this.dataInBucket.addToResourcePolicy(policyInStatement)

    Any idea how I should go about accomplishing this?

    Tim McGee
    @wasitim
    @unclenevin_twitter , I just used code similar to what @fogfish mentioned in the link and worked without issue.
    Jonathan Goldwasser
    @jogold
    @luketk05 
    const policyInStatement = new iam.PolicyStatement({
  effect: iam.Effect.DENY,
  actions: ['...'],
  // other props
});
    Nevin
    @unclenevin_twitter
    thanks @fogfish and @wasitim ....I'll give it another shot. I have to be missing something simple.
    luketk05
    @luketk05
    thanks @jogold I'm going to try that now
    luketk05
    @luketk05
    aslso how can I get a vpceid?
    Jonathan Goldwasser
    @jogold
    this.s3endpoint.vpcEndpointId
    luketk05
    @luketk05
    thanks again!
    Nevin
    @unclenevin_twitter
    @fogfish and @wasitim.....I forgot to mention. Due to some restrictions with our CI/CD pipeline, we are taking the CFT's generated by a cdk synth and manually putting them into CloudFormation. So is there something that cdk deploy is doing with an api gateway deploy that isn't included in the CFT?
    luketk05
    @luketk05
    @jogold I should have mentioned I defined the S3Endpoint using CFN:
    this.s3endpoint = new CfnVPCEndpoint(this, 'application-s3-endpoint', {
    serviceName: 'com.amazonaws.'.concat(Aws.REGION).concat('.s3'),
    vpcId: this.applicationVpc.vpcId,
    vpcEndpointType: 'Gateway',
    });
    Jonathan Goldwasser
    @jogold
    then it's .ref
    any reason why you're not using GatewayVpcEndpoint? example here https://github.com/aws/aws-cdk/blob/v1.18.0/packages/@aws-cdk/aws-ec2/test/integ.vpc-endpoint.lit.ts
    luketk05
    @luketk05
    I think that the documentation was easier to understand for CFN, I'm creating ec2, kms, and s3 endpoints. HAving examples like the one you just posted referenced in the developer documentation would help out quite a lot :) There are quite a few options listed in the Typescript API reference and I guess I wasn't sure which was best to use
    Jonathan Goldwasser
    @jogold
    https://docs.aws.amazon.com/cdk/api/latest/docs/aws-ec2-readme.html#vpc-endpoints
    Tim McGee
    @wasitim
    @unclenevin_twitter , not sure I’m following. When you run cdk deploy it’s doing the synth and will be pushing the generated CFT and running it
    ringdevmk
    @ringdevmk
    Question for the room ... I'm trying to use the CDK with Java. The example provided for Java uses javascript lambdas in a lambda directory. If I want to create my lambdas using Java, where do I folder the files? When I say "example" I'm referring to the workshop - https://cdkworkshop.com/50-java/20-create-project/300-structure.html.
    Luiz Guilherme Picorelli
    @picorelli
    Does someone have an example how to add a docker_volume_configuration on a task definition?