Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[apigateway] Ability to specify custom cloudwatch role #10094

Closed
excavador opened this issue Sep 1, 2020 · 7 comments
Closed

[apigateway] Ability to specify custom cloudwatch role #10094

excavador opened this issue Sep 1, 2020 · 7 comments
Labels
@aws-cdk/aws-apigateway Related to Amazon API Gateway closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2

Comments

@excavador
Copy link

Take a look there: https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-apigateway/lib/restapi.ts#L505

Class SpecRestApi always invokes configureCloudWatchRole (in case if props.cloudWatchRole missed as well in case if props.cloudWatchRole specified)

aws-cdk/packages/@aws-cdk/aws-apigateway/lib/restapi.ts

Line 394 in 384f9cb

protected configureCloudWatchRole(apiResource: CfnRestApi) {

Method configureCloudWatchRole unconditionally create new role.

As result, props.cloudWatchRole option does not make any sense

Reproduction Steps

new apigateway.LambdaRestApi(.... { cloudWatchRole: <some role>})

What did you expect to happen?

AWS::ApiGateway::Account uses my role

What actually happened?

AWS::ApiGateway::Account uses unconditionally created role from configureCloudWatchRole

Environment

  • CLI Version : does not matter
  • Framework Version:: 1.61.0
  • Node.js Version: does not matter
  • OS : does not matter
  • Language (Version): TypeScript (3.8.3)

This is 🐛 Bug Report
@excavador excavador added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Sep 1, 2020
@github-actions github-actions bot added the @aws-cdk/aws-apigateway Related to Amazon API Gateway label Sep 1, 2020
@nija-at
Copy link
Contributor

nija-at commented Sep 2, 2020

cloudwatchRole is a boolean. Role creation and configuration will be skipped if you set it to false.

We currently don't have an option to configure your own role here. This can definitely be added. Is this what you're looking for?

@nija-at nija-at added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Sep 2, 2020
@excavador
Copy link
Author

cloudwatchRole is a boolean. Role creation and configuration will be skipped if you set it to false.

I missed it.

We currently don't have an option to configure your own role here. This can definitely be added. Is this what you're looking for?

Yes. I need some analogue of LogRetention role for lambda. When I have fine-grained project permissions, I need to follow our internal policy (role name/used managed policies).

That's why I am looking to ability to configure the CloudWatch role

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Sep 3, 2020
@nija-at nija-at changed the title [apigateway] AWS CDK API Gateway Rest API always creates CloudWatchRole (even it specified) [apigateway] Ability to specify custom cloudwatch role Sep 3, 2020
@nija-at nija-at added effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2 and removed bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Sep 3, 2020
@nija-at
Copy link
Contributor

nija-at commented Sep 3, 2020

Marking this as a feature request.

@excavador - you can work around this by setting cloudwatchRole to false and configuring CfnAccount.

@excavador
Copy link
Author

@nija-at thank you for workaround

@alvyn279
Copy link
Contributor

I'm gonna pick this up if no one is taking it.

@nija-at
Copy link
Contributor

nija-at commented Oct 21, 2020
edited
Loading

@alvyn279 - this CfnAccount cloudwatch role area has a few holes here that needs a proper re-think and re-design.
We've got issues like #7140, #10722 and #10878 in our repo.

I would recommend picking something else up, if you're looking to contribute to the CDK. On the other hand, the workaround I've provided above should work if you're looking to fix this specific issue.

@github-actions
Copy link

This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Jun 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-apigateway Related to Amazon API Gateway closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@excavador @nija-at @alvyn279