-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(s3): allow user to set Log Group on S3 Bucket autoDeleteObjects provider lambda #30394
feat(s3): allow user to set Log Group on S3 Bucket autoDeleteObjects provider lambda #30394
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request
. Additionally, if clarification is needed add Clarification Request
to a comment.
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left some comments
if (provider === undefined) { | ||
throw new Error('Requires at least one bucket with \'autoDeleteObjects: true\'. None is found.'); | ||
} | ||
provider.configureLambdaLogGroup(logGroup.logGroupName); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would this code be problematic eventually? Consider the example where I have the following setups:
const bucket = new s3.Bucket(this, 'MyTempFileBucket', {
removalPolicy: cdk.RemovalPolicy.DESTROY,
autoDeleteObjects: true,
});
s3.Bucket.setAutoDeleteObjectsLogGroup(this, new logs.LogGroup(this, 'MyLogGroup', {
logGroupName: 'MyLogGroup',
retention: logs.RetentionDays.FIVE_YEARS
}))
const bucket2 = new s3.Bucket(this, 'MyTempFileBucket2', {
removalPolicy: cdk.RemovalPolicy.DESTROY,
autoDeleteObjects: true,
});
The first s3 bucket creation and setAutoDeleteObjectsLogGroup
will work as expected. However, during the second bucket creation, it will use the existing singleton custom resource function (since it already exists) and a lambda log group is configured already.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have updated the code to use a different implementation. But to answer your question:
The bucket2
will re-use to the same singleton custom resource function which has been configured to use MyLogGroup
. This is expected.
public static setAutoDeleteObjectsLogGroup(scope: Construct, logGroup: logs.ILogGroup): void { | ||
const provider = AutoDeleteObjectsProvider.getProvider(scope, AUTO_DELETE_OBJECTS_RESOURCE_TYPE); | ||
|
||
if (provider === undefined) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This feels weird to me where I would expect users to do something
s3.Bucket.setAutoDeleteObjectsLogGroup(this, new logs.LogGroup(this, 'MyLogGroup', {
logGroupName: 'MyLogGroup',
retention: logs.RetentionDays.FIVE_YEARS
}))
const bucket = new s3.Bucket(this, 'MyTempFileBucket', {
removalPolicy: cdk.RemovalPolicy.DESTROY,
autoDeleteObjects: true,
});
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Implementation is updated such that the order of the method calls no longer matters.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As discussed last week, I don't believe that this is the right place for this functionality to exist.
* @param scope the stack with bucket(s) with `autoDeleteObjects: true`. | ||
* @param logGroup the log group to use on the lambda. | ||
*/ | ||
public static setAutoDeleteObjectsLogGroup(scope: Construct, logGroup: logs.ILogGroup): void { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this is the right place for this function. Given that the lambda is a singleton for the entire stack, such a function should be at the stack level. Having it exist on the Bucket class and taking in a scope that can be set at the construct level is misleading as to the actual scope of this function.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could argue that you've explained that in the docstring, but I think this will still mislead customers.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, as mentioned last week, I think that a solution here needs to be implemented so that it is consistent across custom resources.
e14888d
to
43718d5
Compare
… to set LoggingConfig for the underlying lambda
…eObjectsLogGroup method
43718d5
to
90520ad
Compare
"@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true | ||
"@aws-cdk/aws-ec2:ebsDefaultGp3Volume": true, | ||
"@aws-cdk/aws-ecs:removeDefaultDeploymentAlarm": true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you update from main to get rid of these changes (which I believe is not part of ur changes).
const useLogGroupMethod = this.addMethod({ | ||
name: 'useLogGroup', | ||
static: true, | ||
docs: { | ||
summary: 'Set the log group to be used by the singleton provider', | ||
}, | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Technically you're adding useLogGroup
functionality to all custom resource handlers not only the s3 ones right? But the functionality is only exposed to the s3 auto delete handler. It would be nice to expose useLogGroup
to other handlers as I believe this issue doesn't only happen on s3 auto delete but also on all custom resource handlers.
Discussed with Samson on this issue. Since there are over 27 upvotes, will merge the fix for s3 custom resource handler first. There’s already a tracking issue for the underlying issue for all custom resources. Will handle that separately. |
@mergify update |
❌ Mergify doesn't have permission to updateFor security reasons, Mergify can't update this pull request. Try updating locally. |
Linking the issue tracking the ability to set log retention across all custom resource: #23909 |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
@mergify update |
☑️ Nothing to do
|
Dismissing to merge the fix in for s3. Have a separate issue to track all other custom resource handlers.
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
…provider lambda (aws#30394) ### Issue # (if applicable) Closes aws#24815. ### Reason for this change To allow log group customization on the custom resource lambda created for the `autoDeleteObjects` feature. ### Description of changes At the highest level overview, a static method `setAutoDeleteObjectsLogGroup` is added to the `Bucket` class. When it is called, it will set the log group on the `AutoDeleteObjectsProvider` lambda (i.e. setting the [`LoggingConfig.LogGroup`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html#cfn-lambda-function-loggingconfig-loggroup). In order to support the above change, 2 underlying changes had to be made: 1. `setAutoDeleteObjectsLogGroup(..)` needs to have a way to find the singleton `AutoDeleteObjectsProvider` lambda. This means a method needs to be added in the `AutoDeleteObjectsProvider` class that returns the singleton. Note that the `AutoDeleteObjectsProvider` class itself is code generated. So I have modified the code gen logic to generate the `getProvider(..)` method, which returns the singleton. 2. With a handle of the singleton of type `AutoDeleteObjectsProvider`, which wraps the actual `AWS::Lambda::Function`, we need a way to set the log group on the lambda. With `AutoDeleteObjectsProvider` extending the `CustomResourceProviderBase` type, a method is added to `CustomResourceProviderBase` class to set the log group. ### Description of how you validated changes Updated the integ test and ran it against my own AWS account ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…provider lambda (aws#30394) ### Issue # (if applicable) Closes aws#24815. ### Reason for this change To allow log group customization on the custom resource lambda created for the `autoDeleteObjects` feature. ### Description of changes At the highest level overview, a static method `setAutoDeleteObjectsLogGroup` is added to the `Bucket` class. When it is called, it will set the log group on the `AutoDeleteObjectsProvider` lambda (i.e. setting the [`LoggingConfig.LogGroup`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-loggingconfig.html#cfn-lambda-function-loggingconfig-loggroup). In order to support the above change, 2 underlying changes had to be made: 1. `setAutoDeleteObjectsLogGroup(..)` needs to have a way to find the singleton `AutoDeleteObjectsProvider` lambda. This means a method needs to be added in the `AutoDeleteObjectsProvider` class that returns the singleton. Note that the `AutoDeleteObjectsProvider` class itself is code generated. So I have modified the code gen logic to generate the `getProvider(..)` method, which returns the singleton. 2. With a handle of the singleton of type `AutoDeleteObjectsProvider`, which wraps the actual `AWS::Lambda::Function`, we need a way to set the log group on the lambda. With `AutoDeleteObjectsProvider` extending the `CustomResourceProviderBase` type, a method is added to `CustomResourceProviderBase` class to set the log group. ### Description of how you validated changes Updated the integ test and ran it against my own AWS account ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one. |
Issue # (if applicable)
Closes #24815.
Reason for this change
To allow log group customization on the custom resource lambda created for the
autoDeleteObjects
feature.Description of changes
At the highest level overview, a static method
setAutoDeleteObjectsLogGroup
is added to theBucket
class. When it is called, it will set the log group on theAutoDeleteObjectsProvider
lambda (i.e. setting theLoggingConfig.LogGroup
.In order to support the above change, 2 underlying changes had to be made:
setAutoDeleteObjectsLogGroup(..)
needs to have a way to find the singletonAutoDeleteObjectsProvider
lambda. This means a method needs to be added in theAutoDeleteObjectsProvider
class that returns the singleton. Note that theAutoDeleteObjectsProvider
class itself is code generated. So I have modified the code gen logic to generate thegetProvider(..)
method, which returns the singleton.AutoDeleteObjectsProvider
, which wraps the actualAWS::Lambda::Function
, we need a way to set the log group on the lambda. WithAutoDeleteObjectsProvider
extending theCustomResourceProviderBase
type, a method is added toCustomResourceProviderBase
class to set the log group.Description of how you validated changes
Updated the integ test and ran it against my own AWS account
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license