Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AwsCustomResource: AwsSdkCall implementations don't support empty parameters for some APIs #30943

Closed
ricmattj opened this issue Jul 24, 2024 · 2 comments
Closed

AwsCustomResource: AwsSdkCall implementations don't support empty parameters for some APIs #30943

ricmattj opened this issue Jul 24, 2024 · 2 comments
Assignees
@ashishdhingra
Labels
@aws-cdk/aws-ses Related to Amazon Simple Email Service bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@ricmattj
Copy link

ricmattj commented Jul 24, 2024
edited
Loading

Describe the bug

The SES API has an endpoint to set an active receipt rule set. To deactivate all rulesets you need to call the set-active-receipt-rule-set API and not provide a rule-set-name

CLI example:

# Set active receipt rule
aws ses set-active-receipt-rule-set --rule-set-name my-rule

# Deactivate all receipt rules
aws ses set-active-receipt-rule-set

When creating a receipt rule set in CDK it is recommended to use an AwsCustomResource, as setting a ruleset active in Cloud Formation is not supported.

Example:

const setActiveReceiptRuleSetSdkCall: AwsSdkCall = {
      service: "SES",
      action: "setActiveReceiptRuleSet",
      physicalResourceId: PhysicalResourceId.of("SesCustomResource"),
      parameters: {
        RuleSetName: sesRuleSet.receiptRuleSetName,
      },
    };

    new AwsCustomResource(this, "SetActiveReceiptRuleSetCustomResource", {
      onCreate: setActiveReceiptRuleSetSdkCall,
     });

The Problem

Attempting to implement the onDelete handler for this consistently gives an error:

Sample Code:

const setInactiveReceiptRuleSetSdkCall: AwsSdkCall = {
      service: "SES",
      action: "setActiveReceiptRuleSet",
    };

    new AwsCustomResource(this, "SetActiveReceiptRuleSetCustomResource", {
      ...
      onDelete: setInactiveReceiptRuleSetSdkCall,
     });

Received response status [FAILED] from custom resource. Message returned: ruleSetName must not be empty

This error is consistent with the following permutations:

  • Undefined parameters
  • Empty parameters
  • Null parameters
  • Null RuleSetName

It seems that the AwsSdkCall expects a RuleSetName regardless and it's impossible to unset it via an AwsSdkCall

Expected Behavior

AwsCustomResource objects with AwsSdkCall implementations will only pass in parameters that are explicitly defined in the parameters object

Current Behavior

Certain parameters seem to be hard-coded

Reproduction Steps

  1. Create a ReceiptRuleSet and an AwsCustomResource to activate and deactivate the ruleset
 // Create the Receipt Rule Set
    const sesRuleSet = new ReceiptRuleSet(this, "SESRuleSet", {
      rules: [
        {
          recipients: ["foobar@anycompany.com"],
          actions: [
            new S3({
              bucket,
              objectKeyPrefix: "foo/",
            }),
          ],
        },
      ],
    });

    /*
     * Enable the Receipt Rule Set - NOTE: this is not supported with bare CloudFormation calls, so this is a custom resource to activate the rule set after creation
     */
    const setActiveReceiptRuleSetSdkCall: AwsSdkCall = {
      service: "SES",
      action: "setActiveReceiptRuleSet",
      physicalResourceId: PhysicalResourceId.of("SesCustomResource"),
      parameters: {
        RuleSetName: sesRuleSet.receiptRuleSetName,
      },
    };

    const setInactiveReceiptRuleSetSdkCall: AwsSdkCall = {
      service: "SES",
      action: "setActiveReceiptRuleSet",
    };

    new AwsCustomResource(this, "SetActiveReceiptRuleSetCustomResource", {
      onCreate: setActiveReceiptRuleSetSdkCall,
      onUpdate: setActiveReceiptRuleSetSdkCall,
      onDelete: setInactiveReceiptRuleSetSdkCall,
      logRetention: RetentionDays.ONE_WEEK,
      installLatestAwsSdk: true,
      policy: AwsCustomResourcePolicy.fromStatements([
        new PolicyStatement({
          sid: "CanActivateSESRuleSet",
          effect: Effect.ALLOW,
          actions: ["ses:SetActiveReceiptRuleSet"],
          resources: ["*"],
        }),
      ]),
    });
  1. CDK Deploy
  2. CDK Destroy

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.150.0

Framework Version

No response

Node.js Version

v20.15.1

OS

MacOS Ventura 13.6.7

Language

TypeScript

Language Version

No response

Other information

No response
@ricmattj ricmattj added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jul 24, 2024
@ricmattj ricmattj changed the title (module name): (short issue description) AwsCustomResource: AwsSdkCall implementations don't support empty parameters for some APIs Jul 24, 2024
@github-actions github-actions bot added the @aws-cdk/aws-ses Related to Amazon Simple Email Service label Jul 24, 2024
@ashishdhingra
Copy link
Contributor

ashishdhingra commented Jul 25, 2024
edited
Loading

@ricmattj Good morning. Thanks for reporting the issue. Upon quickly checking SES:: SetActiveReceiptRuleSet, for RuleSetName property, setting value to null disables all email receiving. Could you please check if you are able to explicitly set RuleSetName to null in your API call? CDK uses AWS JavaScript SDK behind the scenes, if this doesn't work, then most likely it is an issue with AWS JavaScript SDK.

Also check AWS JavaScript SDK SetActiveReceiptRuleSetCommand documentation where it mentions that to disable your email-receiving through Amazon SES completely, you can call this operation with RuleSetName set to null.

AWS CLI might be setting the parameter to null behind the scenes (you may check this my using --debug option while executing your AWS CLI command).

Thanks,
Ashish

@ashishdhingra ashishdhingra added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed needs-triage This issue or PR still needs to be triaged. labels Jul 25, 2024
@ashishdhingra ashishdhingra self-assigned this Jul 25, 2024
@kellertk kellertk added the p2 label Jul 25, 2024
@github-actions GitHub Actions
Copy link

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Jul 27, 2024
This was referenced Jul 29, 2024
Closed
Closed
@github-actions github-actions bot added closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Aug 1, 2024
@github-actions github-actions bot closed this as completed Aug 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ashishdhingra ashishdhingra

Labels
@aws-cdk/aws-ses Related to Amazon Simple Email Service bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kellertk @ricmattj @ashishdhingra