Trying to get ephemeral environments to tear down ...
# helpa
Adam Fanello
01/27/2022, 1:55 AMTrying to get ephemeral environments to tear down cleanly and using SST Script to do some work that is outside the purview of CloudFormation. Works for stack creation, but at teardown the dependency isn't being recognized.
Notice that the
ScriptbootstrapThingPolicyBootstrapThingPolicyonDelete Copy code
const bootstrapThingPolicy = new CfnPolicy(this, "BootstrapThingPolicy", {
policyName: scope.logicalPrefixedName("bootstrap-thing-policy"),
policyDocument: bootstrapThingPolicyDocument,
});
const namespace = scope.logicalPrefixedName("").slice(0, -1);
new Script(this, "bootstrap", {
defaultFunctionProps: {
timeout: 60,
memorySize: 128,
permissions: toPermissions(
new statement.Iot()
.allow()
.toAttachPolicy()
.toAttachThingPrincipal()
.toCreateKeysAndCertificate()
.toCreateThing()
.toDeleteCertificate()
.toDeleteThing()
.toDescribeEndpoint()
.toDescribeThing()
.toDetachPolicy()
.toDetachThingPrincipal()
.toListPrincipalPolicies()
.toListThingPrincipals()
.toUpdateCertificate()
.onAllResources(),
new statement.Ssm().allow().toDeleteParameter().toPutParameter().onAllResources()
),
logRetention: RetentionDays.ONE_MONTH,
},
params: {
namespace,
boostrapThingPolicyName: bootstrapThingPolicy.policyName,
},
onCreate: "src/stacks/iot-provisioning/bootstrap-cert-script.onCreate",
onDelete: "src/stacks/iot-provisioning/bootstrap-cert-script.onDelete",
});
}Adam Fanello
01/27/2022, 1:57 AMOh, maybe I just found it. Going to try adding.
Copy code
}).node.addDependency(bootstrapThingPolicy);Adam Fanello
01/27/2022, 2:05 AM🎉 That was it! I'll leave this thread in place for others to reference.
Adam Fanello
01/27/2022, 5:01 PM@thdxr Notice the way I'm doing IAM policy there. Using this cdk-iam-floyd library to do it, but have to convert between policy classes to make it work. Seems to be a conflict with how SST recognizes CDK PolicyStatement class instances. https://github.com/udondan/iam-floyd/issues/107
3 Views