(iam): CDK always detecting a change when there is none #27721

gaetansnl · 2023-10-27T16:00:30Z

Describe the bug

I have two account with trust.

I have one stack called stackA with a property role of type iam.Role
Then in a second stack in another account i reference stackA.role.roleArn

Everything works fine, but everytime I do cdk diff I have this diff

           [-]     "Resource": "arn:aws:iam::1234:role/test"
            [+]     "Resource": {
            [+]       "Fn::Join": [
            [+]         "",
            [+]         [
            [+]           "arn:",
            [+]           {
            [+]             "Ref": "AWS::Partition"
            [+]           },
            [+]           ":iam::1234:role/test"
            [+]         ]
            [+]       ]
            [+]     }

So it seems that it needs a function to get the string aws

Expected Behavior

No diff

Current Behavior

A diff

Reproduction Steps

export class StackA extends cdk.Stack {
  public role: iam.Role;
  constructor(
    scope: Construct,
    id: string,
    props: SackAProps,
  ) {
    super(scope, id, props);
    this.role= new iam.Role(this, "user-role", {
      roleName: props.exportedResourcesPrefix + props.userRoleName,
      assumedBy: new iam.ArnPrincipal(props.userArn),
    });
  }
}
const isntanceA = new StackA() ....
  new StackA(app, `xxxxx`, {
    allowedRolesArn: [
     isntanceA.role.roleArn
    ],
    env: {
      account: "otherAccount",
      region: "eu-west-1",
    },
  });

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.103.1

Framework Version

No response

Node.js Version

v18.1.0

OS

ubuntu

Language

TypeScript

Language Version

No response

Other information

No response

The text was updated successfully, but these errors were encountered:

pahud · 2023-10-31T19:23:16Z

Can you share a complete minimal sample code that we can reproduce in our environment?

e.g. SackAProps is not defined in your provided code.

github-actions · 2023-11-02T20:04:26Z

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

gaetansnl · 2023-11-02T20:06:11Z

I will post better reproduction soon

gaetansnl · 2024-02-22T13:39:38Z

seems to work in latest version

github-actions · 2024-02-22T13:39:53Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

gaetansnl added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Oct 27, 2023

github-actions bot added the @aws-cdk/aws-iam Related to AWS Identity and Access Management label Oct 27, 2023

pahud added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Oct 31, 2023

github-actions bot mentioned this issue Nov 1, 2023

Monthly issue metrics report - October 2023 #27785

Closed

github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Nov 2, 2023

github-actions bot removed closing-soon This issue will automatically close in 4 days unless further comments are made. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. labels Nov 3, 2023

gaetansnl closed this as completed Feb 22, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

(iam): CDK always detecting a change when there is none #27721

(iam): CDK always detecting a change when there is none #27721

gaetansnl commented Oct 27, 2023

pahud commented Oct 31, 2023

github-actions bot commented Nov 2, 2023

gaetansnl commented Nov 2, 2023

gaetansnl commented Feb 22, 2024

github-actions bot commented Feb 22, 2024