By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Circular dependency error in CDK setting EFS policy referencing access point

0

I have a CDK script where I want to have one click set up and destruction of the following:

  • Create an EFS
  • Create access points on that EFS
  • Create a file system policy that assigns rules about those access points to specific IAM roles

Problem:

  • Setting the policy, I run into circular dependency errors as soon as I attempt to reference an access point ID.

Things I have tried:

  • Splitting out the EFS/access point creation into a different stack from policy creation
    • While passing the objects from stack to stack
    • Without passing the objects required, I need to either:
      • know the ID (would require human intervention)
      • or use a lambda to look things up (this should be a within CDK thing without invoking extra cost)
  • Running the EFS/access point creation separately first so the EFS exists, then running the policy creation
  • Lazy loading the actions lines in policy where the access point ID is referenced

Similar questions:

1 Answer
0
Accepted Answer

After talking to an AWS rep, it turns out the lambda jank is the currently intended path unless I can convince CloudFormation to split out the EFS policy from the EFS object.

Here's the request on the CloudFormation GitHub: https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/900

answered a year ago
profile pictureAWS
EXPERT
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions