fix(eks): cluster cannot be created in opt-in regions (#20009)

rix0rrr · web-flow · commit ec06f4893d62 · 2022-04-22T08:50:13.000Z
The default STS endpoint of the v2 JS SDK is the global endpoint, which does not work in opt-in regions: it has to be the regional endpoint. Fix this by setting a global environment variable for the custom resource Lambdas. Fixes #13748, fixes #15579. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/@aws-cdk/aws-eks/lib/cluster-resource-provider.ts b/packages/@aws-cdk/aws-eks/lib/cluster-resource-provider.ts
@@ -80,7 +80,10 @@ export class ClusterResourceProvider extends NestedStack {
       code: lambda.Code.fromAsset(HANDLER_DIR),
       description: 'onEvent handler for EKS cluster resource provider',
       runtime: HANDLER_RUNTIME,
-      environment: props.environment,
+      environment: {
+        AWS_STS_REGIONAL_ENDPOINTS: 'regional',
+        ...props.environment,
+      },
       handler: 'index.onEvent',
       timeout: Duration.minutes(1),
       vpc: props.subnets ? props.vpc : undefined,
@@ -94,7 +97,10 @@ export class ClusterResourceProvider extends NestedStack {
       code: lambda.Code.fromAsset(HANDLER_DIR),
       description: 'isComplete handler for EKS cluster resource provider',
       runtime: HANDLER_RUNTIME,
-      environment: props.environment,
+      environment: {
+        AWS_STS_REGIONAL_ENDPOINTS: 'regional',
+        ...props.environment,
+      },
       handler: 'index.isComplete',
       timeout: Duration.minutes(1),
       vpc: props.subnets ? props.vpc : undefined,
diff --git a/packages/@aws-cdk/aws-eks/test/cluster.test.ts b/packages/@aws-cdk/aws-eks/test/cluster.test.ts
@@ -709,8 +709,26 @@ describe('cluster', () => {
         },
       },
     });
+  });
+
+  test('cluster handler gets created with STS regional endpoint configuration', () => {
+    // This is necessary to make aws-sdk-jsv2 work in opt-in regions
+
+    // GIVEN
+    const { stack, vpc } = testFixture();
 
+    // WHEN
+    new eks.Cluster(stack, 'Cluster', { vpc, defaultCapacity: 0, version: CLUSTER_VERSION, prune: false });
 
+    // THEN
+    const nested = stack.node.tryFindChild('@aws-cdk/aws-eks.ClusterResourceProvider') as cdk.NestedStack;
+    Template.fromStack(nested).hasResourceProperties('AWS::Lambda::Function', {
+      Environment: {
+        Variables: {
+          AWS_STS_REGIONAL_ENDPOINTS: 'regional',
+        },
+      },
+    });
   });
 
   test('if "vpc" is not specified, vpc with default configuration will be created', () => {
