CloudTrail addS3EventSelector wrongly documented and not working #1841
Labels
@aws-cdk/aws-events
Related to CloudWatch Events
@aws-cdk/aws-s3
Related to Amazon S3
bug
This issue is a bug.
Comments
RomainMuller
added
bug
|
Hey @MichaelHindley - the issue (I mean beyond the fact the documentation and code disagree on the signature) is you cannot pass You'd get the correct behavior (I believe) by writing: trail.addS3EvenetSelector([bucket.arnForObjects('')]);It is impossible for the CDK to determine whether the value you pass in a prefix is valid or not, particularly in the case the value is not available at synthesis time (as in the example above - assuming |
RomainMuller
added a commit
that referenced
this issue
Feb 25, 2019
The documentation suggested one could pass an object as the second argument to `CloudTrail.addS3EventSelector`, however the real argument was `ReadWriteType`. Additionally the documentation suggested incorrect uses of the API that would lead to invalid templates being generated. BREAKING CHANGE: The `CloudTrail.addS3EventSelector` accepts an options object instead of only a `ReadWriteType` value. Fixes #1841
4 tasks
RomainMuller
added a commit
that referenced
this issue
Feb 28, 2019
The documentation suggested one could pass an object as the second argument to `CloudTrail.addS3EventSelector`, however the real argument was `ReadWriteType`. Additionally the documentation suggested incorrect uses of the API that would lead to invalid templates being generated. BREAKING CHANGE: The `CloudTrail.addS3EventSelector` accepts an options object instead of only a `ReadWriteType` value. Fixes #1841
|
Thank you very much!
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/awslabs/aws-cdk/blob/v0.24.0/packages/@aws-cdk/aws-cloudtrail/lib/index.ts#L202 is wrongly documented on https://awslabs.github.io/aws-cdk/refs/_aws-cdk_aws-cloudtrail.html?highlight=adds3eventselector, they have different signatures.
The second argument is an Enum, not an Object.
The first argument is not able to work with s3 buckets.
Trying to add an array of strings, for example:
results in the error:
If instead of bucketArn you supply arn:aws:s3::: it works, but that makes it so that you can only have a trail for all s3 buckets or for none of them.
If I go to the AWS Console and try to add the bucket manually, it works and seems to be the equivalent of checking the "Add all buckets in your account" checkbox.
This case is also not handled in the test https://github.com/awslabs/aws-cdk/blob/d7371f0f836ce8b0e08df1673672f904bde1cfe1/packages/%40aws-cdk/aws-cloudtrail/test/test.cloudtrail.ts.
If I can do anything else to help I am able to but I dont even know where to start debugging this internally!
The text was updated successfully, but these errors were encountered: