Skip to content

Commit 558d192

Browse files
fcoelhofcoelho
authored
fix(cloudwatch): remove region from dashboard ARN (#22524)
Dashboards do not contain their region in the ARN, as shown in the Cloudwatch documentation [1]. Using ARNs with the region will cause operations like GetDashboard (used by, for example, the dashboard sharing mechanism) to fail with an AccessDenied. [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudwatch.html#amazoncloudwatch-dashboard I ran into this while deploying resources to share a dashboard using a Cognito user pool. One of the permissions it requires is GetDashboard, and I kept receiving `AccessDenied`s when trying to open a shared dashboard link. I'm currently working around this by building the ARN myself, the same way it's built in this PR, by passing an empty `region` to the `formatArn` function ---- ### All Submissions: * [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) ### Adding new Unconventional Dependencies: * [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies) ### New Features * [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)? * [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)? *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 parent 5ef65e0 commit 558d192

11 files changed

+403
-0
lines changed

Diff for: packages/@aws-cdk/aws-cloudwatch/lib/dashboard.ts

+1
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,7 @@ export class Dashboard extends Resource {
132132
this.dashboardArn = Stack.of(this).formatArn({
133133
service: 'cloudwatch',
134134
resource: 'dashboard',
135+
region: '',
135136
resourceName: this.physicalName,
136137
});
137138
}

Diff for: packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestDefaultTestDeployAssert5BE38902.assets.json

+19
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
{
2+
"version": "21.0.0",
3+
"files": {
4+
"21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
5+
"source": {
6+
"path": "DashboardIntegrationTestDefaultTestDeployAssert5BE38902.template.json",
7+
"packaging": "file"
8+
},
9+
"destinations": {
10+
"current_account-current_region": {
11+
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
12+
"objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
13+
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
14+
}
15+
}
16+
}
17+
},
18+
"dockerImages": {}
19+
}

Diff for: packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestDefaultTestDeployAssert5BE38902.template.json

+36
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
{
2+
"Parameters": {
3+
"BootstrapVersion": {
4+
"Type": "AWS::SSM::Parameter::Value<String>",
5+
"Default": "/cdk-bootstrap/hnb659fds/version",
6+
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
7+
}
8+
},
9+
"Rules": {
10+
"CheckBootstrapVersion": {
11+
"Assertions": [
12+
{
13+
"Assert": {
14+
"Fn::Not": [
15+
{
16+
"Fn::Contains": [
17+
[
18+
"1",
19+
"2",
20+
"3",
21+
"4",
22+
"5"
23+
],
24+
{
25+
"Ref": "BootstrapVersion"
26+
}
27+
]
28+
}
29+
]
30+
},
31+
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
32+
}
33+
]
34+
}
35+
}
36+
}

Diff for: packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestStack.assets.json

+19
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
{
2+
"version": "21.0.0",
3+
"files": {
4+
"b452fe16df3d8f84e50f1907b5f1c4ba0b5fe8de850fbc95a0e752203d6573ae": {
5+
"source": {
6+
"path": "DashboardIntegrationTestStack.template.json",
7+
"packaging": "file"
8+
},
9+
"destinations": {
10+
"current_account-current_region": {
11+
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
12+
"objectKey": "b452fe16df3d8f84e50f1907b5f1c4ba0b5fe8de850fbc95a0e752203d6573ae.json",
13+
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
14+
}
15+
}
16+
}
17+
},
18+
"dockerImages": {}
19+
}

Diff for: packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/DashboardIntegrationTestStack.template.json

+64
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{
2+
"Resources": {
3+
"DashCCD7F836": {
4+
"Type": "AWS::CloudWatch::Dashboard",
5+
"Properties": {
6+
"DashboardBody": "{\"widgets\":[]}"
7+
}
8+
}
9+
},
10+
"Outputs": {
11+
"DashboardArn": {
12+
"Value": {
13+
"Fn::Join": [
14+
"",
15+
[
16+
"arn:",
17+
{
18+
"Ref": "AWS::Partition"
19+
},
20+
":cloudwatch::",
21+
{
22+
"Ref": "AWS::AccountId"
23+
},
24+
":dashboard/"
25+
]
26+
]
27+
}
28+
}
29+
},
30+
"Parameters": {
31+
"BootstrapVersion": {
32+
"Type": "AWS::SSM::Parameter::Value<String>",
33+
"Default": "/cdk-bootstrap/hnb659fds/version",
34+
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
35+
}
36+
},
37+
"Rules": {
38+
"CheckBootstrapVersion": {
39+
"Assertions": [
40+
{
41+
"Assert": {
42+
"Fn::Not": [
43+
{
44+
"Fn::Contains": [
45+
[
46+
"1",
47+
"2",
48+
"3",
49+
"4",
50+
"5"
51+
],
52+
{
53+
"Ref": "BootstrapVersion"
54+
}
55+
]
56+
}
57+
]
58+
},
59+
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
60+
}
61+
]
62+
}
63+
}
64+
}

Diff for: packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/cdk.out

+1
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
{"version":"21.0.0"}

Diff for: packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/integ.json

+12
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
{
2+
"version": "21.0.0",
3+
"testCases": {
4+
"DashboardIntegrationTest/DefaultTest": {
5+
"stacks": [
6+
"DashboardIntegrationTestStack"
7+
],
8+
"assertionStack": "DashboardIntegrationTest/DefaultTest/DeployAssert",
9+
"assertionStackName": "DashboardIntegrationTestDefaultTestDeployAssert5BE38902"
10+
}
11+
}
12+
}

Diff for: packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/manifest.json

+117
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,117 @@
1+
{
2+
"version": "21.0.0",
3+
"artifacts": {
4+
"Tree": {
5+
"type": "cdk:tree",
6+
"properties": {
7+
"file": "tree.json"
8+
}
9+
},
10+
"DashboardIntegrationTestStack.assets": {
11+
"type": "cdk:asset-manifest",
12+
"properties": {
13+
"file": "DashboardIntegrationTestStack.assets.json",
14+
"requiresBootstrapStackVersion": 6,
15+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
16+
}
17+
},
18+
"DashboardIntegrationTestStack": {
19+
"type": "aws:cloudformation:stack",
20+
"environment": "aws://unknown-account/unknown-region",
21+
"properties": {
22+
"templateFile": "DashboardIntegrationTestStack.template.json",
23+
"validateOnSynth": false,
24+
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
25+
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
26+
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b452fe16df3d8f84e50f1907b5f1c4ba0b5fe8de850fbc95a0e752203d6573ae.json",
27+
"requiresBootstrapStackVersion": 6,
28+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
29+
"additionalDependencies": [
30+
"DashboardIntegrationTestStack.assets"
31+
],
32+
"lookupRole": {
33+
"arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}",
34+
"requiresBootstrapStackVersion": 8,
35+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
36+
}
37+
},
38+
"dependencies": [
39+
"DashboardIntegrationTestStack.assets"
40+
],
41+
"metadata": {
42+
"/DashboardIntegrationTestStack/Dash/Resource": [
43+
{
44+
"type": "aws:cdk:logicalId",
45+
"data": "DashCCD7F836"
46+
}
47+
],
48+
"/DashboardIntegrationTestStack/DashboardArn": [
49+
{
50+
"type": "aws:cdk:logicalId",
51+
"data": "DashboardArn"
52+
}
53+
],
54+
"/DashboardIntegrationTestStack/BootstrapVersion": [
55+
{
56+
"type": "aws:cdk:logicalId",
57+
"data": "BootstrapVersion"
58+
}
59+
],
60+
"/DashboardIntegrationTestStack/CheckBootstrapVersion": [
61+
{
62+
"type": "aws:cdk:logicalId",
63+
"data": "CheckBootstrapVersion"
64+
}
65+
]
66+
},
67+
"displayName": "DashboardIntegrationTestStack"
68+
},
69+
"DashboardIntegrationTestDefaultTestDeployAssert5BE38902.assets": {
70+
"type": "cdk:asset-manifest",
71+
"properties": {
72+
"file": "DashboardIntegrationTestDefaultTestDeployAssert5BE38902.assets.json",
73+
"requiresBootstrapStackVersion": 6,
74+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
75+
}
76+
},
77+
"DashboardIntegrationTestDefaultTestDeployAssert5BE38902": {
78+
"type": "aws:cloudformation:stack",
79+
"environment": "aws://unknown-account/unknown-region",
80+
"properties": {
81+
"templateFile": "DashboardIntegrationTestDefaultTestDeployAssert5BE38902.template.json",
82+
"validateOnSynth": false,
83+
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
84+
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
85+
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json",
86+
"requiresBootstrapStackVersion": 6,
87+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
88+
"additionalDependencies": [
89+
"DashboardIntegrationTestDefaultTestDeployAssert5BE38902.assets"
90+
],
91+
"lookupRole": {
92+
"arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}",
93+
"requiresBootstrapStackVersion": 8,
94+
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
95+
}
96+
},
97+
"dependencies": [
98+
"DashboardIntegrationTestDefaultTestDeployAssert5BE38902.assets"
99+
],
100+
"metadata": {
101+
"/DashboardIntegrationTest/DefaultTest/DeployAssert/BootstrapVersion": [
102+
{
103+
"type": "aws:cdk:logicalId",
104+
"data": "BootstrapVersion"
105+
}
106+
],
107+
"/DashboardIntegrationTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [
108+
{
109+
"type": "aws:cdk:logicalId",
110+
"data": "CheckBootstrapVersion"
111+
}
112+
]
113+
},
114+
"displayName": "DashboardIntegrationTest/DefaultTest/DeployAssert"
115+
}
116+
}
117+
}

Diff for: packages/@aws-cdk/aws-cloudwatch/test/dashboard.integ.snapshot/tree.json

+99
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,99 @@
1+
{
2+
"version": "tree-0.1",
3+
"tree": {
4+
"id": "App",
5+
"path": "",
6+
"children": {
7+
"Tree": {
8+
"id": "Tree",
9+
"path": "Tree",
10+
"constructInfo": {
11+
"fqn": "constructs.Construct",
12+
"version": "10.1.129"
13+
}
14+
},
15+
"DashboardIntegrationTestStack": {
16+
"id": "DashboardIntegrationTestStack",
17+
"path": "DashboardIntegrationTestStack",
18+
"children": {
19+
"Dash": {
20+
"id": "Dash",
21+
"path": "DashboardIntegrationTestStack/Dash",
22+
"children": {
23+
"Resource": {
24+
"id": "Resource",
25+
"path": "DashboardIntegrationTestStack/Dash/Resource",
26+
"attributes": {
27+
"aws:cdk:cloudformation:type": "AWS::CloudWatch::Dashboard",
28+
"aws:cdk:cloudformation:props": {
29+
"dashboardBody": "{\"widgets\":[]}"
30+
}
31+
},
32+
"constructInfo": {
33+
"fqn": "@aws-cdk/aws-cloudwatch.CfnDashboard",
34+
"version": "0.0.0"
35+
}
36+
}
37+
},
38+
"constructInfo": {
39+
"fqn": "@aws-cdk/aws-cloudwatch.Dashboard",
40+
"version": "0.0.0"
41+
}
42+
},
43+
"DashboardArn": {
44+
"id": "DashboardArn",
45+
"path": "DashboardIntegrationTestStack/DashboardArn",
46+
"constructInfo": {
47+
"fqn": "@aws-cdk/core.CfnOutput",
48+
"version": "0.0.0"
49+
}
50+
}
51+
},
52+
"constructInfo": {
53+
"fqn": "@aws-cdk/core.Stack",
54+
"version": "0.0.0"
55+
}
56+
},
57+
"DashboardIntegrationTest": {
58+
"id": "DashboardIntegrationTest",
59+
"path": "DashboardIntegrationTest",
60+
"children": {
61+
"DefaultTest": {
62+
"id": "DefaultTest",
63+
"path": "DashboardIntegrationTest/DefaultTest",
64+
"children": {
65+
"Default": {
66+
"id": "Default",
67+
"path": "DashboardIntegrationTest/DefaultTest/Default",
68+
"constructInfo": {
69+
"fqn": "constructs.Construct",
70+
"version": "10.1.129"
71+
}
72+
},
73+
"DeployAssert": {
74+
"id": "DeployAssert",
75+
"path": "DashboardIntegrationTest/DefaultTest/DeployAssert",
76+
"constructInfo": {
77+
"fqn": "@aws-cdk/core.Stack",
78+
"version": "0.0.0"
79+
}
80+
}
81+
},
82+
"constructInfo": {
83+
"fqn": "@aws-cdk/integ-tests.IntegTestCase",
84+
"version": "0.0.0"
85+
}
86+
}
87+
},
88+
"constructInfo": {
89+
"fqn": "@aws-cdk/integ-tests.IntegTest",
90+
"version": "0.0.0"
91+
}
92+
}
93+
},
94+
"constructInfo": {
95+
"fqn": "@aws-cdk/core.App",
96+
"version": "0.0.0"
97+
}
98+
}
99+
}

0 commit comments

Comments
 (0)