Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

aws-stepfunctions-tasks: Custom resources being provisioned when passing in subnets to EcsRunTask #26013

Open
marsavar opened this issue Jun 16, 2023 · 4 comments
Labels
@aws-cdk/aws-stepfunctions-tasks bug This issue is a bug. effort/medium Medium work item – several days of effort p2

Comments

@marsavar
Copy link

Describe the bug

I'm attempting to cloudform an EcsRunTask (with no context file).
Not passing the subnet prop results in this error:

There are no 'Private' subnet groups in this VPC.

This is somewhat expected, CDK doesn't know at compile time what subnet groups are in a VPC.
Passing in an array of private subnets (whose ids are stored in an SSM param) causes CDK to provision custom resources when passing the subnets prop to EcsRunTask.

For reasons I don't fully understand, CDK attempts to cloudform a lambda to be served from an S3 bucket. The following parameters are also created:

  • Asset hash
  • S3 bucket name
  • S3 bucket version number

Because these parameters do not have any values, it is not possible to update the stack.

Expected Behavior

I expect CDK to reference the private subnets I'm passing to the EcsRunTask construct.

Current Behavior

synth works as expected, but updating the stack with the newly generated template fails due to the parameters not having values.

The parameters being generated are

"AssetParameters28739348edff6f1084f6a50d8d934e2d3fc2a3bb77442d8a9a1361d51ccd03c0ArtifactHashAF1370F8": {
      "Description": "Artifact hash for asset "28739348edff6f1084f6a50d8d934e2d3fc2a3bb77442d8a9a1361d51ccd03c0"",
      "Type": "String",
    },
    "AssetParameters28739348edff6f1084f6a50d8d934e2d3fc2a3bb77442d8a9a1361d51ccd03c0S3BucketCD1790E7": {
      "Description": "S3 bucket for asset "28739348edff6f1084f6a50d8d934e2d3fc2a3bb77442d8a9a1361d51ccd03c0"",
      "Type": "String",
    },
    "AssetParameters28739348edff6f1084f6a50d8d934e2d3fc2a3bb77442d8a9a1361d51ccd03c0S3VersionKeyCE63AE8F": {
      "Description": "S3 key for asset version "28739348edff6f1084f6a50d8d934e2d3fc2a3bb77442d8a9a1361d51ccd03c0"",
      "Type": "String",
    },

and the custom resource (a node lambda):

  "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57": {
      "DependsOn": [
        "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867",
      ],
      "Properties": {
        "Code": {
          "S3Bucket": {
            "Ref": "AssetParameters28739348edff6f1084f6a50d8d934e2d3fc2a3bb77442d8a9a1361d51ccd03c0S3BucketCD1790E7",
          },
          "S3Key": {
            "Fn::Join": [
              "",
              [
                {
                  "Fn::Select": [
                    0,
                    {
                      "Fn::Split": [
                        "||",
                        {
                          "Ref": "AssetParameters28739348edff6f1084f6a50d8d934e2d3fc2a3bb77442d8a9a1361d51ccd03c0S3VersionKeyCE63AE8F",
                        },
                      ],
                    },
                  ],
                },
                {
                  "Fn::Select": [
                    1,
                    {
                      "Fn::Split": [
                        "||",
                        {
                          "Ref": "AssetParameters28739348edff6f1084f6a50d8d934e2d3fc2a3bb77442d8a9a1361d51ccd03c0S3VersionKeyCE63AE8F",
                        },
                      ],
                    },
                  ],
                },
              ],
            ],
          },
        },
        "Handler": "__entrypoint__.handler",
        "MemorySize": 128,
        "Role": {
          "Fn::GetAtt": [
            "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867",
            "Arn",
          ],
        },
        "Runtime": "nodejs16.x",
        "Timeout": 900,
      },
      "Type": "AWS::Lambda::Function",
    },
    "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867": {
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com",
              },
            },
          ],
          "Version": "2012-10-17",
        },
        "ManagedPolicyArns": [
          {
            "Fn::Sub": "arn:\${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
          },
        ],
      },
      "Type": "AWS::IAM::Role",
    },
    "CdkJsonStringify2": {
      "DeletionPolicy": "Delete",
      "Properties": {
        "ServiceToken": {
          "Fn::GetAtt": [
            "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57",
            "Arn",
          ],
        },
        "Value": {
          "Ref": "ecstestPrivateSubnets",
        },
      },
      "Type": "Custom::AWSCDKCfnJsonStringify",
      "UpdateReplacePolicy": "Delete",
    },

Reproduction Steps

This is a complex construct that requires several props to be defined, so I'm including an example for our repository.

https://github.com/guardian/cdk/blob/effb29ee6aaa8cd72bd10102649991eb55067c3c/src/constructs/ecs/ecs-task.ts#L206-L223

Removing the subnets prop gets rid of the custom resources.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.78.0

Framework Version

No response

Node.js Version

v18.16.0

OS

macOS Monterey 12.6.2

Language

Typescript

Language Version

TypeScript 4.9.5

Other information

No response

@marsavar marsavar added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jun 16, 2023
@marsavar marsavar changed the title aws-stepfunctions-tasks: Custom resources being provisioned when passing in subnets to EcsRunTask aws-stepfunctions-tasks: Custom resources being provisioned when passing in subnets to EcsRunTask Jun 16, 2023
@pahud
Copy link
Contributor

pahud commented Jun 16, 2023

You will need to provide ec2.SubnetSelection to the subnet property. Looking at your code, you are not actually providing the SubnetSelection and the subnetsFromParameter actually returns ISubnet[] instead of SubnetSelection.

https://github.com/guardian/cdk/blob/effb29ee6aaa8cd72bd10102649991eb55067c3c/src/constructs/ecs/ecs-task.ts#L161

@pahud pahud added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Jun 16, 2023
@marsavar
Copy link
Author

marsavar commented Jun 16, 2023

Ah, that's just a prop for a wrapper around EcsRunTask.
It gets passed to the real EcsRunTaskas an ec2.SubnetSelection on L208: https://github.com/guardian/cdk/blob/effb29ee6aaa8cd72bd10102649991eb55067c3c/src/constructs/ecs/ecs-task.ts#L208

SubnetSelection's fields are all optional, including subnets: ISubnet[] so subnets: { subnets } is a valid SubnetSelection. TypeScript would complain if it wasn't.

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Jun 16, 2023
l3ku added a commit to l3ku/aws-cdk that referenced this issue Jun 17, 2023
@ashishdhingra
Copy link
Contributor

@marsavar Good afternoon. Could you please confirm if your are unblocked and if this issue could be closed?

Thanks,
Ashish

@ashishdhingra ashishdhingra added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Jun 6, 2024
Copy link

github-actions bot commented Jun 9, 2024

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Jun 9, 2024
@pahud pahud removed closing-soon This issue will automatically close in 4 days unless further comments are made. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. labels Jun 12, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
@aws-cdk/aws-stepfunctions-tasks bug This issue is a bug. effort/medium Medium work item – several days of effort p2
Projects
None yet
Development

No branches or pull requests

3 participants