Open
Description
- Title -> AWS::S3::BucketNotification
- Scope of request -> Allow bucket notifications to be managed separate from the bucket resource itself, resolving a longstanding circular reference problem
- Expected behavior -> I should be able to create auto-named buckets with notifications that invoke Lambda/SNS/SQS
- Links to existing API doc -> see below
- Category tag -> Compute, Storage
- Additional context:
The problem:
- Image thumbnailing is serverless 101. It involves setting up bucket notifications to invoke a Lambda function on file upload to a bucket (then generate the thumbnails and write them back to the bucket).
- A best practice for CloudFormation is to let CloudFormation name your resources wherever possible, and only deal with logical ids, not physical resource ids.
- These two things cannot currently be accomplished simultaneously. There needs to be a Lambda permission or SNS/SQS topic/queue policy, which needs to reference the bucket name, but the permission is checked for at notification configuration creation, before the bucket name could be provided to the permission resource.
Fundamentally, this is because there is not a separation between the the creation of a bucket (and its name) and the settings on that bucket. There are at least three separate places on AWS that say 🤷 to customers and tell them to manually create a bucket name in two separate places, which is brittle both in terms of multiple deployments of the template and in terms of updating that bucket name in the future.
This could instead be solved with a separate BucketNotification resource. The bucket resource would be created first, the name !Ref'd to the relevant places, and then the BucketNotification resource would install the notification configuration onto the bucket.