https://pulumi.com logo
Title
g

gifted-city-99717

06/10/2020, 7:09 PM
Hi all. I’m experiencing a problem trying to set up a bucket notification but am seeing the following:
[ ts/ci-telemetry/notifying-sink ] Updating (p-it-loptaploca-notifying--d6912a43):
[ ts/ci-telemetry/notifying-sink ]
[ ts/ci-telemetry/notifying-sink ]     pulumi:pulumi:Stack corelight-notifying-sink-p-it-loptaploca-notifying--d6912a43 running
[ ts/ci-telemetry/notifying-sink ]     citelemetry:notifyingsink:S3SinkBucket ci-telemetry-test
[ ts/ci-telemetry/notifying-sink ]     aws:iam:Role task-exec-role
[ ts/ci-telemetry/notifying-sink ]     aws:s3:Bucket ci-telemetry-test
[ ts/ci-telemetry/notifying-sink ]     aws:lambda:Function s3Handler
[ ts/ci-telemetry/notifying-sink ]     aws:sns:Topic ci-telemetry-test-sns-topic
[ ts/ci-telemetry/notifying-sink ]     aws:lambda:Permission lambda-permission
[ ts/ci-telemetry/notifying-sink ]  +  aws:s3:BucketNotification ci-telemetry-test-notification creating
[ ts/ci-telemetry/notifying-sink ]     aws:sns:TopicSubscription topic-subscription
[ ts/ci-telemetry/notifying-sink ]  +  aws:s3:BucketNotification ci-telemetry-test-notification creating error: Error putting S3 notification configuration: InvalidARNError: invalid ARN
[ ts/ci-telemetry/notifying-sink ]  +  aws:s3:BucketNotification ci-telemetry-test-notification **creating failed** error: Error putting S3 notification configuration: InvalidARNError: invalid ARN
[ ts/ci-telemetry/notifying-sink ]     pulumi:pulumi:Stack corelight-notifying-sink-p-it-loptaploca-notifying--d6912a43 running error: update failed
[ ts/ci-telemetry/notifying-sink ]     pulumi:pulumi:Stack corelight-notifying-sink-p-it-loptaploca-notifying--d6912a43 **failed** 1 error
[ ts/ci-telemetry/notifying-sink ]     citelemetry:notifyingsink:S3SinkBucket ci-telemetry-test
[ ts/ci-telemetry/notifying-sink ]
the code looks like
resource.Bucket, err = s3.NewBucket(ctx, name, &s3.BucketArgs{
		Bucket: pulumi.String(name),
	}, pulumi.Parent(&resource))
	if err != nil {
		return nil, err
	}

	resource.Topic, err = sns.NewTopic(ctx, name+"-sns-topic", &sns.TopicArgs{
		Policy: pulumi.Sprintf(`{
			"Version":"2012-10-17",
			"Statement":[{
				"Effect": "Allow",
				"Principal": { "AWS": "*" },
				"Action": "SNS:Publish",
				"Resource": "arn:aws:sns:*:*:s3-event-notification-topic",
				"Condition":{
					"ArnLike":{"aws:SourceArn": "%s"}
				}
			}]
		}`, resource.Bucket.Arn),
	}, pulumi.Parent(&resource))
	if err != nil {
		return nil, err
	}

	// I think this is causing the 'Invalid ARN'
	resource.S3Notification, err = s3.NewBucketNotification(ctx, name+"-notification", &s3.BucketNotificationArgs{
		Bucket: resource.Bucket.Arn,
		Topics: s3.BucketNotificationTopicArray{
			s3.BucketNotificationTopicArgs{
				Events:   toPulumiStringArray("s3:ObjectCreated:*"),
				TopicArn: resource.Topic.Arn,
			},
		},
	}, pulumi.Parent(&resource), pulumi.DependsOn([]pulumi.Resource{resource.Bucket, resource.Topic}))
	if err != nil {
		return nil, err
	}
Has anyone seen anything like this before? Or maybe there’s an example of a bucketnotification?
a

able-beard-29160

06/10/2020, 7:12 PM
Went over my TypeScript code that tries to define a notification for a bucket and I've been using
bucket.id
instead of
bucket.arn
. Here:
Bucket: resource.Bucket.Arn,
g

gifted-city-99717

06/10/2020, 7:15 PM
ahh. nice! I tried .Name… I’ll give ID() a try. thanks!
interesting. i commented out the Topics attribute in
BucketNotifciationArgs
and integration tests are passing now (with just bucket.ID()) … I guess I’ll keep poking
👍🏻 1