Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[EFS]: default file system policy will be created by file_system_policy=None #30753

Closed
IllarionovDimitri opened this issue Jul 4, 2024 · 3 comments
Closed

[EFS]: default file system policy will be created by file_system_policy=None #30753

IllarionovDimitri opened this issue Jul 4, 2024 · 3 comments
Labels
@aws-cdk/aws-efs Related to Amazon Elastic File System bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. p2

Comments

@IllarionovDimitri
Copy link

IllarionovDimitri commented Jul 4, 2024
edited
Loading

Describe the bug

During creation of EFS with explicit or implicit setting file_system_policy=None the following policy will be created on a file system.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": [
                "elasticfilesystem:ClientRootAccess",
                "elasticfilesystem:ClientWrite"
            ],
            "Resource": "arn:aws:elasticfilesystem:eu-west-1:<AWS-ACCOUNT>:file-system/<EFS-ID>",
            "Condition": {
                "Bool": {
                    "elasticfilesystem:AccessedViaMountTarget": "true"
                }
            }
        }
    ]
}

This causes an error e.g. on ECS Task to create a volume and mount point on EFS. By removing the policy from EFS the creation of mount point succeeds

Expected Behavior

In case file_system_policy=None or not providing it at all no policy is created on EFS

Current Behavior

Regardless of file_system_policy value the policy on file system is created

Reproduction Steps

create an EFS using efs.FileSystem(...) class without providing any policy to file_system_policy parameter (default is None)

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.147.3 (build 32f0fdb)

Framework Version

No response

Node.js Version

v20.11.1

OS

Ubuntu 20.04

Language

Python

Language Version

No response

Other information

No response
@IllarionovDimitri IllarionovDimitri added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jul 4, 2024
@github-actions github-actions bot added the @aws-cdk/aws-efs Related to Amazon Elastic File System label Jul 4, 2024
@IllarionovDimitri
Copy link
Author

duplicate of aws_efs (Python): Incorrect File System Policy defaults #27374

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 4, 2024

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

This was referenced Jul 8, 2024
Closed
Closed
@aws-cdk-automation
Copy link
Collaborator

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

@aws aws locked as resolved and limited conversation to collaborators Jul 25, 2024
@pahud pahud added the p2 label Oct 15, 2024
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
@aws-cdk/aws-efs Related to Amazon Elastic File System bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pahud @aws-cdk-automation @IllarionovDimitri