fix(dynamodb): replication regions are incompatible with resource policies in TableV2 and feature flag#31513
fix(dynamodb): replication regions are incompatible with resource policies in TableV2 and feature flag#31513mergify[bot] merged 10 commits intoaws:mainfrom LeeroyHannigan:resource-policy-flag
Conversation
GavinZZ
left a comment
There was a problem hiding this comment.
Thanks for drafting the changes!
| ? (this.region ? this.tableOptions.resourcePolicy : props.resourcePolicy) | ||
| : (props.region === this.region ? this.tableOptions.resourcePolicy : props.resourcePolicy) || undefined; |
There was a problem hiding this comment.
On feature flag false case, can we stick to the original behaviour?
| export const S3_KEEP_NOTIFICATION_IN_IMPORTED_BUCKET = '@aws-cdk/aws-s3:keepNotificationInImportedBucket'; | ||
| export const USE_NEW_S3URI_PARAMETERS_FOR_BEDROCK_INVOKE_MODEL_TASK = '@aws-cdk/aws-stepfunctions-tasks:useNewS3UriParametersForBedrockInvokeModelTask'; | ||
| export const REDUCE_EC2_FARGATE_CLOUDWATCH_PERMISSIONS = '@aws-cdk/aws-ecs:reduceEc2FargateCloudWatchPermissions'; | ||
| export const DYNAMODB_TABLEV2_RESOURCE_POLICY_PER_REPLICA = '@aws-cdk/aws-dynamodb:resourcePolicyPerReplica'; |
There was a problem hiding this comment.
Can you add this to https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/cx-api/README.md
| const app = new App({ | ||
| postCliContext: { | ||
| '@aws-cdk/aws-dynamodb:resourcePolicyPerReplica': false, | ||
| }, | ||
| }); |
There was a problem hiding this comment.
Can we add a test for true case?
Pull request has been modified.
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
1 similar comment
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
2 similar comments
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
|
This PR cannot be merged because it has conflicts. Please resolve them. The PR will be considered stale and closed if it remains in an unmergeable state. |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Comments on closed issues and PRs are hard for our team to see. |
Issue # (if applicable)
Closes #30705
Reason for this change
Resource policies were shared across all replicas in a region.
Description of changes
Changed the logic to only apply resource policy to the local replica region, or to specific replicas only when defined.
Description of how you validated changes
yes
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license