-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
❗ NOTICE (custom-resources): attribute error - vendor response doesn't contain endpointAddress
#29949
Comments
Related (I think): #25283 Note that in both versions, the generated CFTs seem to look exactly the same. {
"Type": "Custom::AWS",
"Properties": {
"ServiceToken": {
"Fn::GetAtt": [
"<redacted>",
"Arn"
]
},
"Create": "{\"service\":\"Iot\",\"action\":\"describeEndpoint\",\"physicalResourceId\":{\"responsePath\":\"endpointAddress\"},\"parameters\":{\"endpointType\":\"iot:Data-ATS\"},\"logApiResponseData\":true}",
"InstallLatestAwsSdk": false
},
"DependsOn": [
"<redacted>"
],
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete",
"Metadata": {
"aws:cdk:path": "<redacted>/IoTEndpoint/Resource/Default"
}
} |
Looks like your response does not contain the
Are you able to check the cloudwatch logs for the custom resource and see the full response object of that API call? I believe the full response object should be in the log. |
And, can you check if this issue exists in 2.139.0 as it fixed some custom resource issues. |
Thanks @pahud . I deployed |
@pahud I can also confirm that there is a breaking change in export const getGroupId = (scope: Construct, identityStoreId: string, group: string, logGroup: logs.LogGroup) =>
new cr.AwsCustomResource(scope, `getGroupId-${group}`, {
onCreate: {
service: 'IdentityStore',
action: 'getGroupId',
parameters: {
IdentityStoreId: identityStoreId,
AlternateIdentifier: {
UniqueAttribute: {
AttributePath: 'DisplayName',
AttributeValue: group,
},
},
},
physicalResourceId: cr.PhysicalResourceId.fromResponse('GroupId'),
},
policy: cr.AwsCustomResourcePolicy.fromSdkCalls({
resources: cr.AwsCustomResourcePolicy.ANY_RESOURCE,
}),
logGroup,
}); The error message is Can you please have a look at this since it is quite critical and would block us from deploying AWS SSO Assignments? Regards, |
Is this related to the issue now that a new attribute
|
Bumping this to p1 and I have escalated this to the team. |
@markusl that would only be for the EKS cluster-resource. aws-cdk/packages/aws-cdk-lib/custom-resources/lib/aws-custom-resource/aws-custom-resource.ts Line 520 in fd3a5e3
|
Hi @grant-d I can deploy the following code in
export class DummyStack extends Stack {
constructor(scope: Construct, id: string, props: StackProps) {
super(scope, id, props);
const getIoTEndpoint = new cr.AwsCustomResource(this, 'IoTEndpoint', {
onCreate: {
service: 'Iot',
action: 'describeEndpoint',
physicalResourceId: cr.PhysicalResourceId.fromResponse('endpointAddress'),
parameters: {
endpointType: 'iot:Data-ATS'
}
},
policy: cr.AwsCustomResourcePolicy.fromSdkCalls({ resources: cr.AwsCustomResourcePolicy.ANY_RESOURCE })
})
const IOT_ENDPOINT = getIoTEndpoint.getResponseField('endpointAddress')
new CfnOutput(this, 'EndpointOutput', { value: IOT_ENDPOINT });
}
} I can't reproduce this issue on my end. This is my CloudWatch Logs
Can you try my code snippets above and see if it works for you? |
Looking at your provided code, I would not recommend specifying
Instead, I would recommend this statically.
Let me know if it works for you. |
@markusl I was not able to execute export class DummyStack extends Stack {
constructor(scope: Construct, id: string, props: StackProps) {
super(scope, id, props);
const groupId = new cr.AwsCustomResource(this, 'getGroupId', {
onCreate: {
service: 'IdentityStore',
action: 'describeGroup',
parameters: {
IdentityStoreId,
GroupId,
},
physicalResourceId: cr.PhysicalResourceId.fromResponse('GroupId'),
},
policy: cr.AwsCustomResourcePolicy.fromSdkCalls({
resources: cr.AwsCustomResourcePolicy.ANY_RESOURCE,
}),
});
const attrGroupId = groupId.getResponseField('GroupId');
new CfnOutput(this, 'GroupIdOutput', { value: attrGroupId });
}
} And I was able to get the GroupId from its response. And this works in Are you able to successfully run my snippet above? |
We should decouple the physicalResourceId from the API response as describe here to avoid potential error: |
In our case, with the help of AWS support, we were able to identify the problem, which was a missing We are now using the same handler for // AWS Custom Resource to dynamically fetch GroupId based on group name
export const getGroupId = (scope: Construct, identityStoreId: string, group: string, logGroup: logs.LogGroup) => new cr.AwsCustomResource(scope, `getGroupId-${group}`, {
onCreate: getGroupIdSdkCall(identityStoreId, group),
onUpdate: getGroupIdSdkCall(identityStoreId, group),
policy: cr.AwsCustomResourcePolicy.fromSdkCalls({
resources: cr.AwsCustomResourcePolicy.ANY_RESOURCE,
}),
logGroup,
}); I'm not sure if this is a "breaking change" or not, but I would suggest highlighting this properly in the changelog that the CDK version upgrade will cause an update to all Custom Resources. |
@markusl Thanks for the follow-up and I agree, this feels like a documentation miss on our end. From the perspective of the custom resource it saw an update and didn't make an API call which is how it was configured. However, obviously you now don't have a |
endpointAddress
endpointAddress
endpointAddress
endpointAddress
endpointAddress
CDK CLI notice for aws/aws-cdk#29949
…ce event properties by default (#30418) Closes #30121, #29949 ### Reason for this change PR #29648 introduced a new resource property `logApiResponseData`. This resource property is `true` by default which forces an update for `AwsCustomResource`. For users without `onUpdate` configured an empty data object is returned if no SDK call is configured. This can cause an attribute error if the user is depending on a data from a specific SDK call. ### Description of changes Made `logApiResponseData` undefined by default which will not trigger `onUpdate`. To maintain backwards compatibility with the original PR introducing `logApiResponseData` as true by default, I've also introduced a feature flag that will allow users to keep the current behavior so they aren't now forced into another `onUpdate` event. ### Description of how you validated changes Updated unit tests where `logApiResponseData` was added as a resource property. Added new unit test to verify that `logApiResponseData` could be added to the event. Updated unit tests that test `_render()` to ensure that the default case will result in an empty object. Updated integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
Adds a warning to let users know that they should set the `@aws-cdk/custom-resources:logApiResponseDataPropertyTrueDefault` feature flag to true if upgrading to a CDK version >2.144.0 from a CDK version >=2.138.0 <=2.144.0.
…ce event properties by default (aws#30418) Closes aws#30121, aws#29949 ### Reason for this change PR aws#29648 introduced a new resource property `logApiResponseData`. This resource property is `true` by default which forces an update for `AwsCustomResource`. For users without `onUpdate` configured an empty data object is returned if no SDK call is configured. This can cause an attribute error if the user is depending on a data from a specific SDK call. ### Description of changes Made `logApiResponseData` undefined by default which will not trigger `onUpdate`. To maintain backwards compatibility with the original PR introducing `logApiResponseData` as true by default, I've also introduced a feature flag that will allow users to keep the current behavior so they aren't now forced into another `onUpdate` event. ### Description of how you validated changes Updated unit tests where `logApiResponseData` was added as a resource property. Added new unit test to verify that `logApiResponseData` could be added to the event. Updated unit tests that test `_render()` to ensure that the default case will result in an empty object. Updated integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
…ce event properties by default (aws#30418) Closes aws#30121, aws#29949 ### Reason for this change PR aws#29648 introduced a new resource property `logApiResponseData`. This resource property is `true` by default which forces an update for `AwsCustomResource`. For users without `onUpdate` configured an empty data object is returned if no SDK call is configured. This can cause an attribute error if the user is depending on a data from a specific SDK call. ### Description of changes Made `logApiResponseData` undefined by default which will not trigger `onUpdate`. To maintain backwards compatibility with the original PR introducing `logApiResponseData` as true by default, I've also introduced a feature flag that will allow users to keep the current behavior so they aren't now forced into another `onUpdate` event. ### Description of how you validated changes Updated unit tests where `logApiResponseData` was added as a resource property. Added new unit test to verify that `logApiResponseData` could be added to the event. Updated unit tests that test `_render()` to ensure that the default case will result in an empty object. Updated integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one. |
Please add your +1 👍 to let us know you have encountered this
Status: In progress
Describe the bug
If I upgrade
cdk
&cdk-lib
to2.138.0
from2.137.0
, the following error occurs at deployment.If I rollback, the error goes away.
CustomResource attribute error: Vendor response doesn't contain endpointAddress attribute in object ...|...IoTEndpoint
This was previously working for quite some time.
The specific resource is an
AwsCustomResource
related toIoT
.(I could not find a way to get the endpoint using
aws-cdk-lib/aws-iot
, so had to use a custom resource)Code repro below.
Expected Behavior
Deployment succeeds
Current Behavior
Deployment fails with the following error:
Reproduction Steps
Possible Solution
Rollback
cdk-lib
to2.137.0
Additional Information/Context
No response
CDK CLI Version
2.119.0 (build 0392e71)
Framework Version
2.138.0
Node.js Version
v20.7.0
OS
MacOS
Language
TypeScript
Language Version
5.4.5
Other information
No response
The text was updated successfully, but these errors were encountered: