By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

update glue trigger via CDK code

0

Hi team,

I'm trying to use CDK customResource to update EventBatchingCondition for a glue trigger( as this is not supported natively by cloudFormation)

this my code :

    new AwsCustomResource(this, "updateEventBatching", {
      policy: AwsCustomResourcePolicy.fromSdkCalls({
        resources: AwsCustomResourcePolicy.ANY_RESOURCE,
      }),
      onCreate: {
        service: "Glue",
        action: "updateTrigger",
        parameters: {
          Name: myGlueTrigger.name, //The name of the trigger to update.
          TriggerUpdate: {
            EventBatchingCondition: {
              BatchSize: "20",
              BatchWindow: "900",
            },
          },
        },

        physicalResourceId: PhysicalResourceId.of(
          "updateEventBatching_id"
        ),
      },
      onUpdate: {
        service: "Glue",
        action: "updateTrigger ",
        parameters: {
          Name: myGlueTrigger.name, //The name of the trigger to update.
          TriggerUpdate: {
            EventBatchingCondition: {
              BatchSize: "20" ,
              BatchWindow: "300",
            },
          },
        },
        physicalResourceId: PhysicalResourceId.of("updateEventBatching_id"),
      },
    });

I followed this article to grabe the service name, action, and parameters :

https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Glue.html#updateTrigger-property

when I try to deploy I have this error :

not sure what if it's about the service action is not correct ?

also I'm not sure what I should put in physicalResourceId parameter in this case, I just put a static string

node_modules\aws-cdk-lib\aws-iam\lib\policy-statement.js:1
"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.Effect=exports.PolicyStatement=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),cdk=require("../../core"),group_1=require("./group"),principals_1=require("./principals"),postprocess_policy_document_1=require("./private/postprocess-policy-document"),util_1=require("./util"),ensureArrayOrUndefined=field=>{if(field!==void 0){if(typeof field!="string"&&!Array.isArray(field))throw new Error("Fields must be either a string or an array of strings");if(Array.isArray(field)&&!!field.find(f=>typeof f!="string"))throw new Error("Fields must be either a string or an array of strings");return Array.isArray(field)?field:[field]}};class PolicyStatement{constructor(props={}){this.action=new Array,this.notAction=new Array,this.principal={},this.notPrincipal={},this.resource=new Array,this.notResource=new Array,this.condition={},this._principals=new Array;try{jsiiDeprecationWarnings.aws_cdk_lib_aws_iam_PolicyStatementProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.constructor),error}for(const action of[...props.actions||[],...props.notActions||[]])if(!/^(\*|[a-zA-Z0-9-]+:[a-zA-Z0-9*]+)$/.test(action)&&!cdk.Token.isUnresolved(action))throw new Error(`Action '${action}' is invalid. An action string consists of a service namespace, a colon, and the name of an action. Action names can include wildcards.`);this.sid=props.sid,this.effect=props.effect||Effect.ALLOW,this.addActions(...props.actions||[]),this.addNotActions(...props.notActions||[]),this.addPrincipals(...props.principals||[]),this.addNotPrincipals(...props.notPrincipals||[]),this.addResources(...props.resources||[]),this.addNotResources(...props.notResources||[]),props.conditions!==void 0&&this.addConditions(props.conditions)}static fromJson(obj){const ret=new PolicyStatement({sid:obj.Sid,actions:ensureArrayOrUndefined(obj.Action),resources:ensureArrayOrUndefined(obj.Resource),conditions:obj.Condition,effect:obj.Effect,notActions:ensureArrayOrUndefined(obj.NotAction),notResources:ensureArrayOrUndefined(obj.NotResource),principals:obj.Principal?[new JsonPrincipal(obj.Principal)]:void 0,notPrincipals:obj.NotPrincipal?[new JsonPrincipal(obj.NotPrincipal)]:void 0}),errors=ret.validateForAnyPolicy();if(errors.length>0)throw new Error("Incorrect Policy Statement: "+errors.join(`





                                                                                                                                                                                    ^
Error: Action 'glue:UpdateTrigger ' is invalid. An action string consists of a service namespace, a colon, and the name of an action. Action names can include wildcards.
    at new PolicyStatement (C:\xxxx\node_modules\aws-cdk-lib\aws-iam\lib\policy-statement.js:1:1371)
    at new AwsCustomResource (C:\xxxx\node_modules\aws-cdk-lib\custom-resources\lib\aws-custom-resource\aws-custom-resource.js:1:4109)
    at new CdkGlueEdwLoadStack (C:\xxxxxx\lib\cdk-glue-edw-load-stack.ts:634:5)
    at Object.<anonymous> (C:\xxxxx\bin\index.ts:115:1)
    at Module._compile (node:internal/modules/cjs/loader:1105:14)
    at Module.m._compile (C:\xxxxx\node_modules\ts-node\src\index.ts:1056:23)
    at Module._extensions..js (node:internal/modules/cjs/loader:1159:10)
    at Object.require.extensions.<computed> [as .ts] (C:\xxxxx\node_modules\ts-node\src\index.ts:1059:12)
    at Module.load (node:internal/modules/cjs/loader:981:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
Topics
Management & GovernanceAnalyticsDevOpsMicroservices
Tags
AWS CloudFormationAWS GlueDevOpsMicroservices
Language
English
Jess
asked 2 years ago330 views
2 Answers
0
Accepted Answer

I ended up by adding explicitly an I am policy :

used AwsCustomResourcePolicy.fromStatements instead of AwsCustomResourcePolicy.fromSdkCalls

new AwsCustomResource(this, "resourceId", {
      policy: AwsCustomResourcePolicy.fromStatements([
        new iam.PolicyStatement({
          effect: iam.Effect.ALLOW,
          actions: ["glue:UpdateTrigger"],
          resources: [
            `myGlueTrigger_ARN`,
          ], 
        }),
      ]),
      onCreate: {
           ......
           ......

but if someone has any idea why the following doesn't work thanks for sharing :

policy: AwsCustomResourcePolicy.fromSdkCalls({
        resources: AwsCustomResourcePolicy.ANY_RESOURCE,
      }
Jess
answered 2 years ago
0

I tested the below policy in a Custom Resource sample:

policy: AwsCustomResourcePolicy.fromSdkCalls({
        resources: AwsCustomResourcePolicy.ANY_RESOURCE,
      }

The policy worked on my end without any issue.

The below error which you were seeing

Error: Action 'glue:UpdateTrigger ' is invalid. An action string consists of a service namespace, a colon, and the name of an action. Action names can include wildcards.

was due to an extra space after 'glue:UpdateTrigger '. We can see this extra space in the error message as well.

I was getting the same error on my end when I added that extra space.

policy: cr.AwsCustomResourcePolicy.fromStatements([
        new iam.PolicyStatement({
          effect: iam.Effect.ALLOW,
          actions: ["glue:UpdateTrigger "],
......
......

Removing the space should fix the error.

AWS
SUPPORT ENGINEER
Ruchir_S
answered 2 years ago
AWS
EXPERT
Fabrizio@AWS
reviewed 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content