Skip to content

fix(s3-deployment): broken cross stack reference when using Source.data#34916

Merged
mergify[bot] merged 1 commit intomainfrom
fix-cross-stack-s3-deployment-tokens
Jul 16, 2025
Merged

fix(s3-deployment): broken cross stack reference when using Source.data#34916
mergify[bot] merged 1 commit intomainfrom
fix-cross-stack-s3-deployment-tokens

Conversation

@Abogical
Copy link
Copy Markdown
Member

@Abogical Abogical commented Jul 7, 2025
edited
Loading

Issue #22843

Closes #22843.

Reason for this change

The s3-deployment construct implementation had its own implmenetation of resolving references. This is unnecessary as these references should be resolved in the synthesis stage. Furthermore, this implementation did not support cross-stack references.

Description of changes

The construct will now pass the tokens as is and let the app synthesis take care of resolving the references instead as expected. Non-tokens will not use markers.

Note: Credits to @smnrd who has written the reproduction steps here: #22843
This has helped in writing the nested stack integration test.

Describe any new or updated permissions being added

No new permissions are added.

Description of how you validated changes

Unit tests, Integrations tests, and manually via the AWS console.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@aws-cdk-automation aws-cdk-automation requested a review from a team July 7, 2025 15:19
@github-actions github-actions bot added valued-contributor [Pilot] contributed between 6-12 PRs to the CDK bug This issue is a bug. effort/medium Medium work item – several days of effort p1 labels Jul 7, 2025
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Jul 7, 2025
@Abogical Abogical force-pushed the fix-cross-stack-s3-deployment-tokens branch 3 times, most recently from f0f8225 to 0b14c6d Compare July 7, 2025 16:04
@aws-cdk-automation aws-cdk-automation added the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Jul 7, 2025
@vishaalmehrishi vishaalmehrishi self-assigned this Jul 8, 2025
@vishaalmehrishi vishaalmehrishi force-pushed the fix-cross-stack-s3-deployment-tokens branch from 0b14c6d to 8309de2 Compare July 8, 2025 15:30
@tmokmss
Copy link
Copy Markdown
Contributor

tmokmss commented Jul 9, 2025

Note that this approach was once abandoned because it does not work well with larger files (#12903, #18659).

However, I think most use cases for this feature involve small files (e.g., .env), so it's a valuable trade-off imo. We might need something like Source.dataV2 to avoid breaking changes though.

@Abogical
Copy link
Copy Markdown
Member Author

Abogical commented Jul 9, 2025
edited
Loading

@tmokmss

Note that this approach was once abandoned because it does not work well with larger files (#12903, #18659 ).

However, I think most use cases for this feature involve small files (e.g., .env), so it's a valuable trade-off imo. We might need something like Source.dataV2 to avoid breaking changes though.

  • Just to be clear, are you saying that there was a previous implementation that directly passed tokens to markers? If so, where could I find it? I can't find any references to this on the links you provided.
  • Likewise, I can't find an explanation on why this is will not work well with larger files.
  • I don't see how this can be a breaking change, the assets once deployed will emit the same output as confirmed by the integration tests.

@tmokmss
Copy link
Copy Markdown
Contributor

tmokmss commented Jul 9, 2025

Hi @Abogical, sorry about my incomplete comment! I did a bit of archaeology on this issue before, and I can't resist commenting on it 🥲

As far as I understand, this implementation is essentially the same as the one in the comment #12903 (comment), which passes the entire file content to the custom resource. However, another user claims that this approach has a size limit: #12903 (comment).

This is why the current hacky implementation with marker replacement is used. It should reduce the payload size for the custom resource in many cases.

I guess the current integration tests do not include test cases with large files. However, as long as the file size limit decreases, I think this can be a breaking change.

@Abogical
Copy link
Copy Markdown
Member Author

Abogical commented Jul 9, 2025
edited
Loading

Hi @Abogical, sorry about my incomplete comment! I did a bit of archaeology on this issue before, and I can't resist commenting on it 🥲

As far as I understand, this implementation is essentially the same as the one in the comment #12903 (comment), which passes the entire file content to the custom resource. However, another user claims that this approach has a size limit: #12903 (comment).

This is why the current hacky implementation with marker replacement is used. It should reduce the payload size for the custom resource in many cases.

I guess the current integration tests do not include test cases with large files. However, as long as the file size limit decreases, I think this can be a breaking change.

Thanks for the clarification @tmokmss . You're right, I can see the case for this when using big json files in a single jsonData call. This PR combines all of the file contents into a single marker if it contains at least one token. Its an edge case that can indeed be a breaking change.

I'll have to modify the PR to handle this. I think a solution to this is for each token to have its own marker, but no token should be resolved regardless before synth.

Thank you for bringing this up! I'll mark this PR as do-not-merge.

@Abogical Abogical closed this Jul 9, 2025
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Jul 9, 2025

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 9, 2025
@Abogical Abogical reopened this Jul 9, 2025
@Abogical Abogical added the pr/do-not-merge This PR should not be merged at this time. label Jul 9, 2025
@aws aws unlocked this conversation Jul 14, 2025
@Abogical Abogical force-pushed the fix-cross-stack-s3-deployment-tokens branch 3 times, most recently from 08683c0 to 9890676 Compare July 14, 2025 14:07
@Abogical Abogical removed the pr/do-not-merge This PR should not be merged at this time. label Jul 14, 2025
vishaalmehrishi
vishaalmehrishi requested changes Jul 15, 2025
View reviewed changes
@aws-cdk-automation aws-cdk-automation removed the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Jul 15, 2025
@Abogical Abogical force-pushed the fix-cross-stack-s3-deployment-tokens branch from 9890676 to e8d9302 Compare July 15, 2025 15:17
@Abogical Abogical requested a review from vishaalmehrishi July 15, 2025 15:25
@Abogical
fix(s3-deployment): broken cross stack reference when using Source.data
de08614 
The s3-deployment construct implementation had its own implmenetation of resolving references. This is unnecessary as these references should be resolved in the synthesis stage. The construct will now pass the tokens as is and let the app synthesis take care of resolving the references instead as expected.

Fixes #22843
@Abogical Abogical force-pushed the fix-cross-stack-s3-deployment-tokens branch from e8d9302 to de08614 Compare July 15, 2025 15:29
@aws-cdk-automation
Copy link
Copy Markdown
Collaborator

aws-cdk-automation commented Jul 15, 2025

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: de08614
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@tmokmss
Copy link
Copy Markdown
Contributor

tmokmss commented Jul 16, 2025

I think this looks good 👍 It's clear and more straightforward. (not entirelly sure why the hacky approach was initially taken though.)

vishaalmehrishi
vishaalmehrishi reviewed Jul 16, 2025
View reviewed changes
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Jul 16, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit 0591c44 into main Jul 16, 2025
24 checks passed
@mergify mergify bot deleted the fix-cross-stack-s3-deployment-tokens branch July 16, 2025 09:03
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Jul 16, 2025

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 16, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@vishaalmehrishi vishaalmehrishi vishaalmehrishi approved these changes

Assignees

@vishaalmehrishi vishaalmehrishi

Labels

bug This issue is a bug. contribution/core This is a PR that came from AWS. effort/medium Medium work item – several days of effort p1 valued-contributor [Pilot] contributed between 6-12 PRs to the CDK

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

@aws-cdk/aws-s3-deployment: broken cross stack reference when used in Source.jsonData

5 participants

@Abogical @tmokmss @aws-cdk-automation @vishaalmehrishi @LeeroyHannigan