fix(dynamodb): replication regions are incompatible with resource policies in TableV2 and feature flag #31513
Conversation
github-actions
bot
added
bug
github-actions
bot
added
the
beginning-contributor
aws-cdk-automation
added
the
pr/needs-community-review
| ? (this.region ? this.tableOptions.resourcePolicy : props.resourcePolicy) | ||
| : (props.region === this.region ? this.tableOptions.resourcePolicy : props.resourcePolicy) || undefined; |
There was a problem hiding this comment.
On feature flag false case, can we stick to the original behaviour?
| @@ -108,6 +108,7 @@ export const LOG_API_RESPONSE_DATA_PROPERTY_TRUE_DEFAULT = '@aws-cdk/custom-reso | |||
| export const S3_KEEP_NOTIFICATION_IN_IMPORTED_BUCKET = '@aws-cdk/aws-s3:keepNotificationInImportedBucket'; | |||
| export const USE_NEW_S3URI_PARAMETERS_FOR_BEDROCK_INVOKE_MODEL_TASK = '@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask'; | |||
| export const REDUCE_EC2_FARGATE_CLOUDWATCH_PERMISSIONS = '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions'; | |||
| export const DYNAMODB_TABLEV2_RESOURCE_POLICY_PER_REPLICA = '@aws-cdk/aws-dynamodb:resourcePolicyPerReplica'; | |||
There was a problem hiding this comment.
| const app = new App({ | ||
| postCliContext: { | ||
| '@aws-cdk/aws-dynamodb:resourcePolicyPerReplica': false, | ||
| }, | ||
| }); |
There was a problem hiding this comment.
Can we add a test for true case?
aws-cdk-automation
removed
the
pr/needs-community-review
mergify
bot
dismissed
GavinZZ’s stale review
Pull request has been modified.
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
1 similar comment
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
aws-cdk-automation
added
the
pr/needs-community-review
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
2 similar comments
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
aws-cdk-automation
removed
the
pr/needs-community-review
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
Issue # (if applicable)
Closes #30705
Reason for this change
Resource policies were shared across all replicas in a region.
Description of changes
Changed the logic to only apply resource policy to the local replica region, or to specific replicas only when defined.
Description of how you validated changes
yes
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license