Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[EFS]: default file system policy will be created by file_system_policy=None #30753

Closed
IllarionovDimitri opened this issue Jul 4, 2024 · 3 comments
Closed

[EFS]: default file system policy will be created by file_system_policy=None #30753

IllarionovDimitri opened this issue Jul 4, 2024 · 3 comments
Labels
@aws-cdk/aws-efs Related to Amazon Elastic File System bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.

Comments

@IllarionovDimitri
Copy link

IllarionovDimitri commented Jul 4, 2024
edited
Loading

Describe the bug

During creation of EFS with explicit or implicit setting file_system_policy=None the following policy will be created on a file system.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": [
                "elasticfilesystem:ClientRootAccess",
                "elasticfilesystem:ClientWrite"
            ],
            "Resource": "arn:aws:elasticfilesystem:eu-west-1:<AWS-ACCOUNT>:file-system/<EFS-ID>",
            "Condition": {
                "Bool": {
                    "elasticfilesystem:AccessedViaMountTarget": "true"
                }
            }
        }
    ]
}

This causes an error e.g. on ECS Task to create a volume and mount point on EFS. By removing the policy from EFS the creation of mount point succeeds

Expected Behavior

In case file_system_policy=None or not providing it at all no policy is created on EFS

Current Behavior

Regardless of file_system_policy value the policy on file system is created

Reproduction Steps

create an EFS using efs.FileSystem(...) class without providing any policy to file_system_policy parameter (default is None)

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.147.3 (build 32f0fdb)

Framework Version

No response

Node.js Version

v20.11.1

OS

Ubuntu 20.04

Language

Python

Language Version

No response

Other information

No response
@IllarionovDimitri IllarionovDimitri added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jul 4, 2024
@github-actions github-actions bot added the @aws-cdk/aws-efs Related to Amazon Elastic File System label Jul 4, 2024
@IllarionovDimitri
Copy link
Author

duplicate of aws_efs (Python): Incorrect File System Policy defaults #27374

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 4, 2024

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

This was referenced Jul 8, 2024
Closed
Closed
@aws-cdk-automation
Copy link
Collaborator

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.

@aws aws locked as resolved and limited conversation to collaborators Jul 25, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
@aws-cdk/aws-efs Related to Amazon Elastic File System bug This issue is a bug. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aws-cdk-automation @IllarionovDimitri