Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

update glue trigger via CDK code

0

Hi team,

I'm trying to use CDK customResource to update EventBatchingCondition for a glue trigger( as this is not supported natively by cloudFormation)

this my code :

    new AwsCustomResource(this, "updateEventBatching", {
      policy: AwsCustomResourcePolicy.fromSdkCalls({
        resources: AwsCustomResourcePolicy.ANY_RESOURCE,
      }),
      onCreate: {
        service: "Glue",
        action: "updateTrigger",
        parameters: {
          Name: myGlueTrigger.name, //The name of the trigger to update.
          TriggerUpdate: {
            EventBatchingCondition: {
              BatchSize: "20",
              BatchWindow: "900",
            },
          },
        },

        physicalResourceId: PhysicalResourceId.of(
          "updateEventBatching_id"
        ),
      },
      onUpdate: {
        service: "Glue",
        action: "updateTrigger ",
        parameters: {
          Name: myGlueTrigger.name, //The name of the trigger to update.
          TriggerUpdate: {
            EventBatchingCondition: {
              BatchSize: "20" ,
              BatchWindow: "300",
            },
          },
        },
        physicalResourceId: PhysicalResourceId.of("updateEventBatching_id"),
      },
    });

I followed this article to grabe the service name, action, and parameters :

https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Glue.html#updateTrigger-property

when I try to deploy I have this error :

not sure what if it's about the service action is not correct ?

also I'm not sure what I should put in physicalResourceId parameter in this case, I just put a static string

node_modules\aws-cdk-lib\aws-iam\lib\policy-statement.js:1
"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.Effect=exports.PolicyStatement=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),cdk=require("../../core"),group_1=require("./group"),principals_1=require("./principals"),postprocess_policy_document_1=require("./private/postprocess-policy-document"),util_1=require("./util"),ensureArrayOrUndefined=field=>{if(field!==void 0){if(typeof field!="string"&&!Array.isArray(field))throw new Error("Fields must be either a string or an array of strings");if(Array.isArray(field)&&!!field.find(f=>typeof f!="string"))throw new Error("Fields must be either a string or an array of strings");return Array.isArray(field)?field:[field]}};class PolicyStatement{constructor(props={}){this.action=new Array,this.notAction=new Array,this.principal={},this.notPrincipal={},this.resource=new Array,this.notResource=new Array,this.condition={},this._principals=new Array;try{jsiiDeprecationWarnings.aws_cdk_lib_aws_iam_PolicyStatementProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.constructor),error}for(const action of[...props.actions||[],...props.notActions||[]])if(!/^(\*|[a-zA-Z0-9-]+:[a-zA-Z0-9*]+)$/.test(action)&&!cdk.Token.isUnresolved(action))throw new Error(`Action '${action}' is invalid. An action string consists of a service namespace, a colon, and the name of an action. Action names can include wildcards.`);this.sid=props.sid,this.effect=props.effect||Effect.ALLOW,this.addActions(...props.actions||[]),this.addNotActions(...props.notActions||[]),this.addPrincipals(...props.principals||[]),this.addNotPrincipals(...props.notPrincipals||[]),this.addResources(...props.resources||[]),this.addNotResources(...props.notResources||[]),props.conditions!==void 0&&this.addConditions(props.conditions)}static fromJson(obj){const ret=new PolicyStatement({sid:obj.Sid,actions:ensureArrayOrUndefined(obj.Action),resources:ensureArrayOrUndefined(obj.Resource),conditions:obj.Condition,effect:obj.Effect,notActions:ensureArrayOrUndefined(obj.NotAction),notResources:ensureArrayOrUndefined(obj.NotResource),principals:obj.Principal?[new JsonPrincipal(obj.Principal)]:void 0,notPrincipals:obj.NotPrincipal?[new JsonPrincipal(obj.NotPrincipal)]:void 0}),errors=ret.validateForAnyPolicy();if(errors.length>0)throw new Error("Incorrect Policy Statement: "+errors.join(`





                                                                                                                                                                                    ^
Error: Action 'glue:UpdateTrigger ' is invalid. An action string consists of a service namespace, a colon, and the name of an action. Action names can include wildcards.
    at new PolicyStatement (C:\xxxx\node_modules\aws-cdk-lib\aws-iam\lib\policy-statement.js:1:1371)
    at new AwsCustomResource (C:\xxxx\node_modules\aws-cdk-lib\custom-resources\lib\aws-custom-resource\aws-custom-resource.js:1:4109)
    at new CdkGlueEdwLoadStack (C:\xxxxxx\lib\cdk-glue-edw-load-stack.ts:634:5)
    at Object.<anonymous> (C:\xxxxx\bin\index.ts:115:1)
    at Module._compile (node:internal/modules/cjs/loader:1105:14)
    at Module.m._compile (C:\xxxxx\node_modules\ts-node\src\index.ts:1056:23)
    at Module._extensions..js (node:internal/modules/cjs/loader:1159:10)
    at Object.require.extensions.<computed> [as .ts] (C:\xxxxx\node_modules\ts-node\src\index.ts:1059:12)
    at Module.load (node:internal/modules/cjs/loader:981:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
Themen
Management & UnternehmensführungAnalysenDevOpsMicroservices
Tags
AWS CloudFormationAWS GlueDevOpsMicroservices
Sprache
English
Jess
gefragt vor 2 Jahren337 Aufrufe
2 Antworten
0
Akzeptierte Antwort

I ended up by adding explicitly an I am policy :

used AwsCustomResourcePolicy.fromStatements instead of AwsCustomResourcePolicy.fromSdkCalls

new AwsCustomResource(this, "resourceId", {
      policy: AwsCustomResourcePolicy.fromStatements([
        new iam.PolicyStatement({
          effect: iam.Effect.ALLOW,
          actions: ["glue:UpdateTrigger"],
          resources: [
            `myGlueTrigger_ARN`,
          ], 
        }),
      ]),
      onCreate: {
           ......
           ......

but if someone has any idea why the following doesn't work thanks for sharing :

policy: AwsCustomResourcePolicy.fromSdkCalls({
        resources: AwsCustomResourcePolicy.ANY_RESOURCE,
      }
Jess
beantwortet vor 2 Jahren
0

I tested the below policy in a Custom Resource sample:

policy: AwsCustomResourcePolicy.fromSdkCalls({
        resources: AwsCustomResourcePolicy.ANY_RESOURCE,
      }

The policy worked on my end without any issue.

The below error which you were seeing

Error: Action 'glue:UpdateTrigger ' is invalid. An action string consists of a service namespace, a colon, and the name of an action. Action names can include wildcards.

was due to an extra space after 'glue:UpdateTrigger '. We can see this extra space in the error message as well.

I was getting the same error on my end when I added that extra space.

policy: cr.AwsCustomResourcePolicy.fromStatements([
        new iam.PolicyStatement({
          effect: iam.Effect.ALLOW,
          actions: ["glue:UpdateTrigger "],
......
......

Removing the space should fix the error.

AWS
SUPPORT-TECHNIKER
Ruchir_S
beantwortet vor 2 Jahren
AWS
EXPERTE
Fabrizio@AWS
überprüft vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt