Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(s3): allow user to set Log Group on S3 Bucket autoDeleteObjects provider lambda #30394

Merged
merged 13 commits into from
Jun 17, 2024

Conversation

samson-keung
Copy link
Contributor

Issue # (if applicable)

Closes #24815.

Reason for this change

To allow log group customization on the custom resource lambda created for the autoDeleteObjects feature.

Description of changes

At the highest level overview, a static method setAutoDeleteObjectsLogGroup is added to the Bucket class. When it is called, it will set the log group on the AutoDeleteObjectsProvider lambda (i.e. setting the LoggingConfig.LogGroup.

In order to support the above change, 2 underlying changes had to be made:

  1. setAutoDeleteObjectsLogGroup(..) needs to have a way to find the singleton AutoDeleteObjectsProvider lambda. This means a method needs to be added in the AutoDeleteObjectsProvider class that returns the singleton. Note that the AutoDeleteObjectsProvider class itself is code generated. So I have modified the code gen logic to generate the getProvider(..) method, which returns the singleton.
  2. With a handle of the singleton of type AutoDeleteObjectsProvider, which wraps the actual AWS::Lambda::Function, we need a way to set the log group on the lambda. With AutoDeleteObjectsProvider extending the CustomResourceProviderBase type, a method is added to CustomResourceProviderBase class to set the log group.

Description of how you validated changes

Updated the integ test and ran it against my own AWS account

Checklist


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p1 labels May 31, 2024
@aws-cdk-automation aws-cdk-automation requested a review from a team May 31, 2024 00:31
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label May 31, 2024
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

@samson-keung samson-keung changed the title feat(s3): Allow user to set Log Group on S3 Bucket autoDeleteObjects provider lambda feat(s3): allow user to set Log Group on S3 Bucket autoDeleteObjects provider lambda May 31, 2024
@aws-cdk-automation aws-cdk-automation dismissed their stale review May 31, 2024 16:59

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

@samson-keung samson-keung marked this pull request as ready for review May 31, 2024 18:15
This was referenced Jun 1, 2024
Copy link
Contributor

@GavinZZ GavinZZ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some comments

if (provider === undefined) {
throw new Error('Requires at least one bucket with \'autoDeleteObjects: true\'. None is found.');
}
provider.configureLambdaLogGroup(logGroup.logGroupName);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would this code be problematic eventually? Consider the example where I have the following setups:

const bucket = new s3.Bucket(this, 'MyTempFileBucket', {
  removalPolicy: cdk.RemovalPolicy.DESTROY,
  autoDeleteObjects: true,
});

s3.Bucket.setAutoDeleteObjectsLogGroup(this, new logs.LogGroup(this, 'MyLogGroup', {
  logGroupName: 'MyLogGroup',
  retention: logs.RetentionDays.FIVE_YEARS
}))

const bucket2 = new s3.Bucket(this, 'MyTempFileBucket2', {
  removalPolicy: cdk.RemovalPolicy.DESTROY,
  autoDeleteObjects: true,
});

The first s3 bucket creation and setAutoDeleteObjectsLogGroup will work as expected. However, during the second bucket creation, it will use the existing singleton custom resource function (since it already exists) and a lambda log group is configured already.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have updated the code to use a different implementation. But to answer your question:

The bucket2 will re-use to the same singleton custom resource function which has been configured to use MyLogGroup. This is expected.

public static setAutoDeleteObjectsLogGroup(scope: Construct, logGroup: logs.ILogGroup): void {
const provider = AutoDeleteObjectsProvider.getProvider(scope, AUTO_DELETE_OBJECTS_RESOURCE_TYPE);

if (provider === undefined) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This feels weird to me where I would expect users to do something

s3.Bucket.setAutoDeleteObjectsLogGroup(this, new logs.LogGroup(this, 'MyLogGroup', {
  logGroupName: 'MyLogGroup',
  retention: logs.RetentionDays.FIVE_YEARS
}))

const bucket = new s3.Bucket(this, 'MyTempFileBucket', {
  removalPolicy: cdk.RemovalPolicy.DESTROY,
  autoDeleteObjects: true,
});

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implementation is updated such that the order of the method calls no longer matters.

Copy link
Contributor

@TheRealAmazonKendra TheRealAmazonKendra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed last week, I don't believe that this is the right place for this functionality to exist.

* @param scope the stack with bucket(s) with `autoDeleteObjects: true`.
* @param logGroup the log group to use on the lambda.
*/
public static setAutoDeleteObjectsLogGroup(scope: Construct, logGroup: logs.ILogGroup): void {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is the right place for this function. Given that the lambda is a singleton for the entire stack, such a function should be at the stack level. Having it exist on the Bucket class and taking in a scope that can be set at the construct level is misleading as to the actual scope of this function.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could argue that you've explained that in the docstring, but I think this will still mislead customers.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, as mentioned last week, I think that a solution here needs to be implemented so that it is consistent across custom resources.

@samson-keung samson-keung force-pushed the bucket-auto-delete-objects-logging branch from e14888d to 43718d5 Compare June 11, 2024 00:25
@samson-keung samson-keung force-pushed the bucket-auto-delete-objects-logging branch from 43718d5 to 90520ad Compare June 12, 2024 17:08
Comment on lines 131 to 134
"@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true
"@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true,
"@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you update from main to get rid of these changes (which I believe is not part of ur changes).

Comment on lines +302 to +308
const useLogGroupMethod = this.addMethod({
name: 'useLogGroup',
static: true,
docs: {
summary: 'Set the log group to be used by the singleton provider',
},
});
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically you're adding useLogGroup functionality to all custom resource handlers not only the s3 ones right? But the functionality is only exposed to the s3 auto delete handler. It would be nice to expose useLogGroup to other handlers as I believe this issue doesn't only happen on s3 auto delete but also on all custom resource handlers.

@GavinZZ
Copy link
Contributor

GavinZZ commented Jun 17, 2024

Discussed with Samson on this issue. Since there are over 27 upvotes, will merge the fix for s3 custom resource handler first. There’s already a tracking issue for the underlying issue for all custom resources. Will handle that separately.

@GavinZZ
Copy link
Contributor

GavinZZ commented Jun 17, 2024

@mergify update

Copy link
Contributor

mergify bot commented Jun 17, 2024

update

❌ Mergify doesn't have permission to update

For security reasons, Mergify can't update this pull request. Try updating locally.
GitHub response: refusing to allow a GitHub App to create or update workflow .github/workflows/github-merit-badger.yml without workflows permission

@samson-keung
Copy link
Contributor Author

Discussed with Samson on this issue. Since there are over 27 upvotes, will merge the fix for s3 custom resource handler first. There’s already a tracking issue for the underlying issue for all custom resources. Will handle that separately.

Linking the issue tracking the ability to set log retention across all custom resource: #23909

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: fbde1ad
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@GavinZZ
Copy link
Contributor

GavinZZ commented Jun 17, 2024

@mergify update

Copy link
Contributor

mergify bot commented Jun 17, 2024

update

☑️ Nothing to do

  • #commits-behind>0 [📌 update requirement]
  • -closed [📌 update requirement]
  • -conflict [📌 update requirement]
  • queue-position=-1 [📌 update requirement]

@GavinZZ GavinZZ dismissed TheRealAmazonKendra’s stale review June 17, 2024 19:30

Dismissing to merge the fix in for s3. Have a separate issue to track all other custom resource handlers.

Copy link
Contributor

mergify bot commented Jun 17, 2024

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 95938b2 into aws:main Jun 17, 2024
10 checks passed
mergify bot pushed a commit that referenced this pull request Jun 19, 2024
sarangarav pushed a commit to sarangarav/aws-cdk that referenced this pull request Jun 21, 2024
…provider lambda (aws#30394)

### Issue # (if applicable)

Closes aws#24815.

### Reason for this change

To allow log group customization on the custom resource lambda created for the `autoDeleteObjects` feature.

### Description of changes

At the highest level overview, a static method `setAutoDeleteObjectsLogGroup` is added to the `Bucket` class. When it is called, it will set the log group on the `AutoDeleteObjectsProvider` lambda (i.e. setting the [`LoggingConfig.LogGroup`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html#cfn-lambda-function-loggingconfig-loggroup).

In order to support the above change, 2 underlying changes had to be made:
1. `setAutoDeleteObjectsLogGroup(..)` needs to have a way to find the singleton `AutoDeleteObjectsProvider` lambda. This means a method needs to be added in the `AutoDeleteObjectsProvider` class that returns the singleton. Note that the `AutoDeleteObjectsProvider` class itself is code generated. So I have modified the code gen logic to generate the `getProvider(..)` method, which returns the singleton.
2. With a handle of the singleton of type `AutoDeleteObjectsProvider`, which wraps the actual `AWS::Lambda::Function`, we need a way to set the log group on the lambda. With `AutoDeleteObjectsProvider` extending the `CustomResourceProviderBase` type, a method is added to `CustomResourceProviderBase` class to set the log group.

### Description of how you validated changes

Updated the integ test and ran it against my own AWS account

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
sarangarav pushed a commit to sarangarav/aws-cdk that referenced this pull request Jun 21, 2024
mazyu36 pushed a commit to mazyu36/aws-cdk that referenced this pull request Jun 22, 2024
…provider lambda (aws#30394)

### Issue # (if applicable)

Closes aws#24815.

### Reason for this change

To allow log group customization on the custom resource lambda created for the `autoDeleteObjects` feature.

### Description of changes

At the highest level overview, a static method `setAutoDeleteObjectsLogGroup` is added to the `Bucket` class. When it is called, it will set the log group on the `AutoDeleteObjectsProvider` lambda (i.e. setting the [`LoggingConfig.LogGroup`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html#cfn-lambda-function-loggingconfig-loggroup).

In order to support the above change, 2 underlying changes had to be made:
1. `setAutoDeleteObjectsLogGroup(..)` needs to have a way to find the singleton `AutoDeleteObjectsProvider` lambda. This means a method needs to be added in the `AutoDeleteObjectsProvider` class that returns the singleton. Note that the `AutoDeleteObjectsProvider` class itself is code generated. So I have modified the code gen logic to generate the `getProvider(..)` method, which returns the singleton.
2. With a handle of the singleton of type `AutoDeleteObjectsProvider`, which wraps the actual `AWS::Lambda::Function`, we need a way to set the log group on the lambda. With `AutoDeleteObjectsProvider` extending the `CustomResourceProviderBase` type, a method is added to `CustomResourceProviderBase` class to set the log group.

### Description of how you validated changes

Updated the integ test and ran it against my own AWS account

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
mazyu36 pushed a commit to mazyu36/aws-cdk that referenced this pull request Jun 22, 2024
@aws-cdk-automation
Copy link
Collaborator

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

@aws aws locked as resolved and limited conversation to collaborators Jul 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
contribution/core This is a PR that came from AWS. effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p1
Projects
None yet
Development

Successfully merging this pull request may close these issues.

(aws-s3): retention on S3 autoDeleteObjects lambda CloudWatch log group is Never expire
4 participants