Describe the bug
After CDK 2.31.0 aws_cdk.aws_ec2.FlowLogOptions synthesize with a new parameter DestinationOptions regardless of whether or not that parameter is defined in CDK code.
For example, you can implement aws_cdk.aws_ec2.FlowLogDestination.to_s3 without specifying destination options, resulting in a synthesized value of DestinationOptions set to {}.
This appears valid at first, an a CDK diff:
Stack prod-vpc-ap-northeast-1
--
Resources
[~] AWS::EC2::FlowLog primary/vpcFlowLogs/FlowLog primaryvpcFlowLogsFlowLogA2C669F8 replace
└─ [+] DestinationOptions (requires replacement)
└─ {}
But then fails CFN validation during deployment:
Failed resources:
--
prod-vpc-ap-northeast-1 | 3:19:15 PM | UPDATE_FAILED | AWS::EC2::FlowLog
Resource handler returned message: "Model validation failed (#/DestinationOptions: 3 schema violations found)
#/DestinationOptions: required key [FileFormat] not found (#/DestinationOptions)
#/DestinationOptions: required key [HiveCompatiblePartitions] not found (#/DestinationOptions)
#/DestinationOptions: required key [PerHourPartition] not found (#/DestinationOptions)" (RequestToken: 3d6360da-a3f1-b912-c6c1-63fca4576878, HandlerErrorCode: InvalidRequest)
Looking at the CFN User Guide, DestinationOptions is not required, but apparently if specified, all three keys become required.
Expected Behavior
I expect the ec2.Vpc.add_flow_log method to synthesize without an empty DestinationOptions parameter.
e.g. this CDK python code:
self.prodVpc.add_flow_log(
id= "prodVpcFlowLog",
destination= ec2.FlowLogDestination.to_s3(
bucket= self.vpcFlowLogsBucket,
key_prefix= self.prodVpc.vpc_id
),
traffic_type= ec2.FlowLogTrafficType.ALL
)
should synthesize as such:
[..]
{
"Type": "AWS::EC2::FlowLog",
"Properties": {
"ResourceId": "vpc-xxx",
"ResourceType": "VPC",
"TrafficType": "ALL",
"LogDestination": { "s3://xxxx" },
"LogDestinationType": "s3"
}
[..]
Current Behavior
Current behavior is ec2.Vpc.add_flow_log method synthesizes with an empty DestinationOptions parameter.
e.g. this CDK python code:
self.prodVpc.add_flow_log(
id= "prodVpcFlowLog",
destination= ec2.FlowLogDestination.to_s3(
bucket= self.vpcFlowLogsBucket,
key_prefix= self.prodVpc.vpc_id
),
traffic_type= ec2.FlowLogTrafficType.ALL
)
synthesizes as invalid CFN:
[..]
{
"Type": "AWS::EC2::FlowLog",
"Properties": {
"ResourceId": "vpc-xxx",
"ResourceType": "VPC",
"TrafficType": "ALL",
"DestinationOptions": {},
"LogDestination": { "s3://xxxx" },
"LogDestinationType": "s3"
}
[..]
Reproduction Steps
See "Expected Behavior"
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.31.0
Framework Version
No response
Node.js Version
16.15.1
OS
macOS 12.4
Language
Python
Language Version
Python 3.10.5
Other information
No response
Describe the bug
After CDK 2.31.0
aws_cdk.aws_ec2.FlowLogOptionssynthesize with a new parameterDestinationOptionsregardless of whether or not that parameter is defined in CDK code.For example, you can implement
aws_cdk.aws_ec2.FlowLogDestination.to_s3without specifying destination options, resulting in a synthesized value ofDestinationOptionsset to{}.This appears valid at first, an a CDK diff:
But then fails CFN validation during deployment:
Looking at the CFN User Guide,
DestinationOptionsis not required, but apparently if specified, all three keys become required.Expected Behavior
I expect the
ec2.Vpc.add_flow_logmethod to synthesize without an emptyDestinationOptionsparameter.e.g. this CDK python code:
should synthesize as such:
Current Behavior
Current behavior is
ec2.Vpc.add_flow_logmethod synthesizes with an emptyDestinationOptionsparameter.e.g. this CDK python code:
synthesizes as invalid CFN:
Reproduction Steps
See "Expected Behavior"
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.31.0
Framework Version
No response
Node.js Version
16.15.1
OS
macOS 12.4
Language
Python
Language Version
Python 3.10.5
Other information
No response