(aws-cdk-lib/aws-s3): Too many BucketPolicy resources defined when defining/attaching BucketPolicy constructs to Buckets #30148
Labels
@aws-cdk/aws-s3
Related to Amazon S3
bug
This issue is a bug.
needs-reproduction
This issue needs reproduction.
Describe the bug
Situation:
Bucket
constructs in aStack
BucketPolicy
constructs in the sameStack
Result:
AWS::S3::BucketPolicy
CloudFormation resources are synthesizedStack
is deployedBucketPolicy
(not the UNION of theBucketPolicy
constructs) "wins"BucketPolicy
does not match what is defined in the CDK application.Expected Behavior
Expected Behavior is either:
BucketPolicy
is createdBucketPolicy
and the explicitly createdBucketPolicy
is what is synthesized/deployedBucketPolicy
would NOT be appropriate if it lacks the necessary permissions (in this case, allowing the AWS logging service to be able to write to the identified access logging bucket)Current Behavior
Result:
AWS::S3::BucketPolicy
CloudFormation resources are synthesizedStack
is deployedBucketPolicy
(not the UNION of theBucketPolicy
constructs) "wins"BucketPolicy
does not match what is defined in the CDK application.Reproduction Steps
See above.
Possible Solution
Suggested Behavior:
BucketPolicy
is NOT appropriate since it lacks the necessary permissions (in this case, allowing the AWS logging service to be able to write to the identified access logging bucket)Or a recommendation to use
.addToResourcePolicy()
rather than creating explicitBucketPolicy
constructs.Additional Information/Context
Sample code can be provided on request.
CDK CLI Version
2.141.0
Framework Version
aws-cdk-lib@2.138.0
Node.js Version
v20.12.2
OS
MacOS
Language
TypeScript
Language Version
typescript@5.3.3
Other information
No response
The text was updated successfully, but these errors were encountered: