aws_s3: BucketNotification in owning stack deletes BucketNotifications from other stacks #30607

sebastian-fredriksson-bernholtz · 2024-06-21T04:02:17Z

Describe the bug

When making changes to the S3 event notifications in the stack that owns an S3 Bucket (on Bucket), it deletes event notifications for the bucket that have been configured in other stacks (on IBucket).

Expected Behavior

Event notifications configured in other stacks should not be deleted.

Current Behavior

Event notifications configured in other stacks are being deleted.

Reproduction Steps

Create and deploy Bucket in stack 1.

// stack 1
new Bucket(this, 'Bucket', {
    bucketName: 'bucketname',
});

Add and deploy event notification in stack 2

// stack 2
Bucket.fromBucketName(this, 'DataBucket', 'bucketName').addEventNotification(
    EventType.OBJECT_CREATED_PUT,
    new LambdaDestination(lambda)
);

Make a change to event notifications in stack 1 and deploy:

// stack 1
new Bucket(this, 'Bucket', {
    bucketName: 'bucketname',
+   eventBridgeEnabled: true,
});

The event handler configured and deployed in step 2 will be deleted when doing step 3.

Possible Solution

Use the same logic for handling BucketNotifications in the stack that owns the Bucket as in other stack:

aws-cdk/packages/@aws-cdk/custom-resource-handlers/lib/aws-s3/notifications-resource-handler/index.py

Line 37 in 7360a88

    
           def handle_unmanaged(bucket, stack_id, request_type, notification_configuration, old):

Additional Information/Context

This is happening for Bucket (unlike IBucket) cdk sets Managed property on the custom resource that manages event notifications to true.

aws-cdk/packages/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource.ts

Line 120 in 71986ff

const managed = this.bucket instanceof Bucket;

aws-cdk/packages/aws-cdk-lib/aws-s3/lib/notifications-resource/notifications-resource.ts

Line 135 in 71986ff

Managed: managed,

And the code in the custom resource lambda handler disregards externally set notifications if Managed is set to true.

aws-cdk/packages/@aws-cdk/custom-resource-handlers/lib/aws-s3/notifications-resource-handler/index.py

Line 21 in 7360a88

config = handle_managed(event["RequestType"], notification_configuration)

CDK CLI Version

2.146.0 (build b368c78)

Framework Version

2.146.0

Node.js Version

v20.11.0

OS

macOS 14.3.1 (23D60)

Language

TypeScript

Language Version

5.5.2

Other information

Activating eventbridge for our S3 Bucket in cdk caused our site to break because a notification set up in another stack using cdk got deleted.

The text was updated successfully, but these errors were encountered:

pahud · 2024-06-26T17:47:38Z

Yes I can reproduce that by following your steps. I think we need to look into the implementation from the custom resource to get it fixed.

sebastian-fredriksson-bernholtz · 2024-07-08T01:07:58Z

Yes I can reproduce that by following your steps. I think we need to look into the implementation from the custom resource to get it fixed.

It seems to me like a reasonable solution (the one I suggested) is to not have the special case for the owning stack (managed). If all the code related to managed was removed and just used the code path for "unmanaged" it seems like it would be a lot safer?

xazhao · 2024-08-08T00:09:52Z

I agree separating managed/unmanaged seems unnecessary here. unmanaged should be able handle all cases. However there might be some edge cases using managed path that we're not aware of. Removing it directly could be a breaking change. I'm thinking maybe we could put this change behind a feature flag which is safer.

Also it's the same issue as #29653

…tions from other stacks (#31091) ### Issue # (if applicable) Closes #30607. ### Reason for this change There's a bug reported in the Github issue that bucket notifications in owing stack will remove all notifications added in imported stack. This is because we treated the bucket as `managed` hence we use bucket notifications in that stack as source of truth. In the `unmanaged` path, we already filtered out external notifications it should handle both scenarios when the bucket is managed or unmanaged. ### Description of changes Always set `Managed` property to false when the feature flag is enabled. Here we introduce a feature flag to prevent it breaking current customers. ### Description of how you validated changes Added unit tests. Integrations test can't validate this change because we need to deploy twice to actually see the change. Also tested manually. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

github-actions · 2024-08-27T21:18:18Z

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

…tions from other stacks (aws#31091) ### Issue # (if applicable) Closes aws#30607. ### Reason for this change There's a bug reported in the Github issue that bucket notifications in owing stack will remove all notifications added in imported stack. This is because we treated the bucket as `managed` hence we use bucket notifications in that stack as source of truth. In the `unmanaged` path, we already filtered out external notifications it should handle both scenarios when the bucket is managed or unmanaged. ### Description of changes Always set `Managed` property to false when the feature flag is enabled. Here we introduce a feature flag to prevent it breaking current customers. ### Description of how you validated changes Added unit tests. Integrations test can't validate this change because we need to deploy twice to actually see the change. Also tested manually. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

sebastian-fredriksson-bernholtz added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jun 21, 2024

github-actions bot added the @aws-cdk/aws-s3 Related to Amazon S3 label Jun 21, 2024

github-actions bot mentioned this issue Jun 24, 2024

Weekly issue metrics report #30636

Closed

pahud self-assigned this Jun 26, 2024

pahud removed their assignment Jun 26, 2024

pahud added p1 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Jun 26, 2024

pahud assigned pahud and GavinZZ and unassigned pahud Jun 26, 2024

github-actions bot mentioned this issue Jul 1, 2024

Monthly issue metrics report #30714

Closed

xazhao assigned xazhao and unassigned GavinZZ Aug 8, 2024

xazhao mentioned this issue Aug 12, 2024

fix(s3): bucket notifications in owning stack deletes bucket notifications from other stacks #31091

Merged

1 task

mergify bot closed this as completed in #31091 Aug 27, 2024

github-actions bot locked as resolved and limited conversation to collaborators Aug 27, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

aws_s3: BucketNotification in owning stack deletes BucketNotifications from other stacks #30607

aws_s3: BucketNotification in owning stack deletes BucketNotifications from other stacks #30607

sebastian-fredriksson-bernholtz commented Jun 21, 2024

pahud commented Jun 26, 2024

sebastian-fredriksson-bernholtz commented Jul 8, 2024

xazhao commented Aug 8, 2024

github-actions bot commented Aug 27, 2024