Skip to content

elbv2: Network Load Balancer - access logs permission issues #8113

New issue
New issue
Closed
#8114
Closed
elbv2: Network Load Balancer - access logs permission issues#8113
#8114
Assignees
rix0rrr
Labels
@aws-cdk/aws-elasticloadbalancingv2Related to Amazon Elastic Load Balancing V2bugThis issue is a bug.in-progressThis issue is being actively worked on.needs-triageThis issue or PR still needs to be triaged.p2
@DaWyz

Description

@DaWyz
DaWyz
opened on May 21, 2020

The NetworkLoadBalancer class inherit logAccessLogs method from the BaseLoadBalancer to enable access logs.

When enabling it, the stack creation fails because of missing permissions on the S3 Bucket.

The required permissions are listed here.

Reproduction Steps

Create a new CDK app and install the following dependencies.

cdk init sample-app --language=typescript
npm install @aws-cdk/aws-elasticloadbalancingv2 @aws-cdk/aws-s3

Pass an aws account and aws region as Stack Props when instanciating the following stack.

import * as cdk from '@aws-cdk/core';
import { NetworkLoadBalancer } from '@aws-cdk/aws-elasticloadbalancingv2';
import { Vpc } from '@aws-cdk/aws-ec2';
import { Bucket } from '@aws-cdk/aws-s3';

export class NlbExampleStack extends cdk.Stack {
  constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    let bucket = new Bucket(this, 'bucket');

    let vpc = new Vpc(this, 'vpc', {
      cidr: '10.0.0.0/16',
    });

    let nlb = new NetworkLoadBalancer(this, 'nlb', {
      loadBalancerName: `my-nlb`,
      vpc: vpc,
      internetFacing: true,
    });

    nlb.logAccessLogs(bucket);
  }
}

Then, deploy the app.

cdk deploy

Error Log

37/38 | 7:48:56 PM | CREATE_FAILED        | AWS::ElasticLoadBalancingV2::LoadBalancer | nlb (nlbC39469D4) Access Denied for bucket: nlbexamplestack-bucket43879c71-17wi9vtrueh7w. Please check S3bucket permission (Service: AmazonElasticLoadBalancingV2; Status Code: 400; Error Code: ValidationError; Request ID: 96c228a0-fe63-4d71-8913-22c410c990b0)
	new BaseLoadBalancer (.../nlb-example/node_modules/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts:136:22)
	\_ new NetworkLoadBalancer (.../nlb-example/node_modules/@aws-cdk/aws-elasticloadbalancingv2/lib/nlb/network-load-balancer.ts:85:5)
	\_ new NlbExampleStack (.../nlb-example/lib/nlb-example-stack.ts:16:15)
	\_ Object.<anonymous> (.../nlb-example/bin/nlb-example.ts:20:1)
	\_ Module._compile (internal/modules/cjs/loader.js:1133:30)
	\_ Module.m._compile (.../nlb-example/node_modules/ts-node/src/index.ts:858:23)
	\_ Module._extensions..js (internal/modules/cjs/loader.js:1153:10)
	\_ Object.require.extensions.<computed> [as .ts] (.../nlb-example/node_modules/ts-node/src/index.ts:861:12)
	\_ Module.load (internal/modules/cjs/loader.js:977:32)
	\_ Function.Module._load (internal/modules/cjs/loader.js:877:14)
	\_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:74:12)
	\_ main (.../nlb-example/node_modules/ts-node/src/bin.ts:227:14)
	\_ Object.<anonymous> (.../nlb-example/node_modules/ts-node/src/bin.ts:513:3)
	\_ Module._compile (internal/modules/cjs/loader.js:1133:30)
	\_ Object.Module._extensions..js (internal/modules/cjs/loader.js:1153:10)
	\_ Module.load (internal/modules/cjs/loader.js:977:32)
	\_ Function.Module._load (internal/modules/cjs/loader.js:877:14)
	\_ Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:74:12)

Environment

  • CLI Version : 1.40.0
  • Framework Version: 1.40.0
  • OS : Ubuntu 18.04
  • Language : TypeScript

Other

This is 🐛 Bug Report

Metadata

Metadata

Assignees

Labels

@aws-cdk/aws-elasticloadbalancingv2Related to Amazon Elastic Load Balancing V2bugThis issue is a bug.in-progressThis issue is being actively worked on.needs-triageThis issue or PR still needs to be triaged.p2

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions