Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

aws-appsync: imported resources from other regions using the current stack region #20195

Closed
ryanvaloris opened this issue May 3, 2022 · 2 comments · Fixed by #20193
Closed
Assignees
Labels
@aws-cdk/aws-appsync Related to AWS AppSync bug This issue is a bug. p1

Comments

@ryanvaloris
Copy link

Describe the bug

When trying to import a Cognito UserPool to be used in an AppSync Graphql domain, the UserPool is configured with the region of the stack that is being deployed and disregards the region supplied in the ARN.

Expected Behavior

Using the construct below and assuming that this.stack is created in us-west-2:

return new GraphqlApi(this.stack, `api`, {
      name: `TheAPI`,
      schema: Schema.fromAsset('schema.graphql'),
      authorizationConfig: {
        defaultAuthorization: {
          authorizationType: AuthorizationType.USER_POOL,
          userPoolConfig: {
            userPool: UserPool.fromUserPoolArn(this.stack, 'CognitoUserPool', `arn:aws:cognito-idp:us-east-1:${this.awsAccountId}:userpool/${userPoolId}`),
            defaultAction: UserPoolDefaultAction.ALLOW
          }
        }
      },
      logConfig: {
        excludeVerboseContent: false,
        fieldLogLevel: FieldLogLevel.ALL
      },
      xrayEnabled: true
    });

I expected the UserPool to be linked to the UserPool created in us-east-1 per the ARN provided.

  "TheApi": {
   "Type": "AWS::AppSync::GraphQLApi",
   "Properties": {
    "AuthenticationType": "AMAZON_COGNITO_USER_POOLS",
    "Name": "TheApi",
    "UserPoolConfig": {
     "AwsRegion": "us-east-1",
     "DefaultAction": "ALLOW",
     "UserPoolId": {
      "Ref": "SomeId"
     }
     ...
  }

Current Behavior

However, the generated output shows us-west-2 as the region:

  "TheApi": {
   "Type": "AWS::AppSync::GraphQLApi",
   "Properties": {
    "AuthenticationType": "AMAZON_COGNITO_USER_POOLS",
    "Name": "TheApi",
    "UserPoolConfig": {
     "AwsRegion": "us-west-2",
     "DefaultAction": "ALLOW",
     "UserPoolId": {
      "Ref": "SomeId"
     }
     ...
  }

Reproduction Steps

build a new graphQl API with a UserPool from a different region

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

1.152.0

Framework Version

No response

Node.js Version

v16.10.0

OS

MacOS Monterey 12.3

Language

Typescript

Language Version

No response

Other information

No response

@ryanvaloris ryanvaloris added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels May 3, 2022
@github-actions github-actions bot added the @aws-cdk/aws-appsync Related to AWS AppSync label May 3, 2022
@RomainMuller RomainMuller added p1 and removed needs-triage This issue or PR still needs to be triaged. labels May 3, 2022
@ryanvaloris
Copy link
Author

related #13691

@mergify mergify bot closed this as completed in #20193 May 5, 2022
mergify bot pushed a commit that referenced this issue May 5, 2022
…20193)

Replaces all uses of `resource.stack.region` with `resource.env.region`
so that imported resources can provide a different region than the
current stack, wich can result in invalid configuration.

Applying the same treatment to occurrences of `resources.stack.account`
as this is also surfaced as `resources.env.account`.

Fixes #20195

----

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

github-actions bot commented May 5, 2022

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

wphilipw pushed a commit to wphilipw/aws-cdk that referenced this issue May 23, 2022
…ws#20193)

Replaces all uses of `resource.stack.region` with `resource.env.region`
so that imported resources can provide a different region than the
current stack, wich can result in invalid configuration.

Applying the same treatment to occurrences of `resources.stack.account`
as this is also surfaced as `resources.env.account`.

Fixes aws#20195

----

### All Submissions:

* [X] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
@aws-cdk/aws-appsync Related to AWS AppSync bug This issue is a bug. p1
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants