Reputation: 1928
CDK Unable to Add CodeStarNotification to CodePipeline
I use CDK to deploy a codepipeline. It works fine until I try to add notification for codepipeline success/fail events. It gives CREATE_FAILED error with message Resource handler returned message: "Invalid request provided: AWS::CodeStarNotifications::NotificationRule" (RequestToken: bb566fd0-1ac9-5d61-03fe-f9c27b4196fa, HandlerErrorCode: InvalidRequest). What could be the reason? Thanks.
import * as codepipeline from "@aws-cdk/aws-codepipeline";
import * as codepipeline_actions from "@aws-cdk/aws-codepipeline-actions";
import * as codestar_noti from "@aws-cdk/aws-codestarnotifications";
import * as sns from "@aws-cdk/aws-sns";
const pipeline = new codepipeline.Pipeline(...);
const topicArn = props.sns_arn_for_developer;
const targetTopic = sns.Topic.fromTopicArn(
this,
"sns-notification-topic",
topicArn
);
new codestar_noti.NotificationRule(this, "Notification", {
detailType: codestar_noti.DetailType.BASIC,
events: [
"codepipeline-pipeline-pipeline-execution-started",
"codepipeline-pipeline-pipeline-execution-failed",
"codepipeline-pipeline-pipeline-execution-succeeded",
"codepipeline-pipeline-pipeline-execution-canceled",
],
source: pipeline,
targets: [targetTopic],
});
Here is the snippet of generated cloudformation tempalte.
"Notification2267453E": {
"Type": "AWS::CodeStarNotifications::NotificationRule",
"Properties": {
"DetailType": "BASIC",
"EventTypeIds": [
"codepipeline-pipeline-pipeline-execution-started",
"codepipeline-pipeline-pipeline-execution-failed",
"codepipeline-pipeline-pipeline-execution-succeeded",
"codepipeline-pipeline-pipeline-execution-canceled"
],
"Name": "sagemakerbringyourownNotification36194CEC",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":codepipeline:ap-southeast-1:305326993135:",
{
"Ref": "sagemakerbringyourownpipeline0A8C43B1"
}
]
]
},
"Targets": [
{
"TargetAddress": "arn:aws:sns:ap-southeast-1:305326993135:whitespace_alerts",
"TargetType": "SNS"
}
]
},
"Metadata": {
"aws:cdk:path": "sagemaker-bring-your-own/Notification/Resource"
}
},
Upvotes: 6
Views: 3580
Answers (5)
Reputation: 11
The real problem seems to be the service linked role for codestar notifications "AWSServiceRoleForCodeStarNotifications" which gets created by Codestar the first time you enable notifications in Code Pipeline or Codebuild.
What I've done is create this resource if it doesn't exist yet using something like this:
codestar_role = aws_iam.CfnServiceLinkedRole(
self, 'codestar-service-role',
aws_service_name='codestar-notifications.amazonaws.com'
)
Unfortunately this also needs a few minutes to build even in teh background when cloudformation returns the successful build. Real annoying but I can't see how to get around this otherwise.
Upvotes: 0
Reputation: 1
This is not fully on topic, but I have experienced the same error message even with the Topic being created in the same stack and this question showed up on google.
The issue in my case was probably a missing dependency: https://github.com/aws/aws-cdk/issues/29484
Until CDK implements that there is a simple workaround to explicitly add the dependency yourself:
const topic = new Topic(...);
const rule = new NotificationRule(..., ..., {
...,
targets: [topic]
});
rule.node.addDependency(topic.node.findChild('Policy'));
Upvotes: 0
Reputation: 654
FWIW, I got the exact same error "Invalid request provided: AWS::CodeStarNotifications::NotificationRule" from a CDK app where the Topic was created (not imported). It turned out to be a transient issue, because it succeeded the second time without any changes. I suspect it was due to a very large ECR image which was build the first time as part of the deploy and which took quite some time. My speculation is that the Topic timed out and got into some kind of weird state waiting for the NotificationRule to be created.
Upvotes: 7
Reputation: 835
I was able to solve this by doing the following in that order:
- First removing the below statement from the resource policy of the SNS topic.
- Then deploying the stack(which interestingly doesn't add anything to the resource policy)
- Once the stack deployment finishes, update the resource policy manually to add the below statement.
{
"Sid": "AWSCodeStarNotifications_publish",
"Effect": "Allow",
"Principal": {
"Service": "codestar-notifications.amazonaws.com"
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:ap-south-1:xxxxxxxxx:test"
}
Upvotes: 0
Reputation: 11522
This is because imported resources cannot be modified. As you pointed out in the comments, setting up the notification involves modifying the Topic resource, specifically its access policy.
Reference: https://docs.aws.amazon.com/cdk/v2/guide/resources.html#resources_importing
Upvotes: 1
Related Questions
- 'cdk' is not recognized as an internal or external command
- Why Won't My AWS CDK Code Build in AWS Code Pipelines?
- aws_codepipeline inside cdk-pipelines, how?
- AWS CDK - Vague error while creating an AWS ECS service
- aws_cdk events rule target for cdk pipelines fails
- When I add this BucketDeployment to my CDK CodePipeline, cdk synth never finishes
- In AWS CDK, how should CodeStarConnectionsSourceAction be used as input to a CodePipeline?
- AWS CDK Pipeline Construct: Codebuild error 254
- AWS CDK Creating an aws_codestarnotifications.CfnNotificationRule and setting the targets
- AWS CodeBuild Webhook in aws-cdk