aws_s3: cannot use noncurrent lifecycle rules on a version-suspended bucket

[rittneje]

Describe the bug

If I disable versioning on an S3 bucket, CDK does not allow me to create any lifecycle rules against non-current versions (e.g., noncurrent_version_expiration).

Expected Behavior

CDK must allow creating such lifecycle rules against versioning-suspended buckets. Note that S3 itself has not problem with this - it allows creating such rules against both versioning-suspended and versioning-disabled buckets.

Current Behavior

jsii.errors.JavaScriptError: 
  Error: Cannot use 'noncurrent' rules on a nonversioned bucket
      at Bucket.addLifecycleRule (/tmp/jsii-kernel-dcACjj/node_modules/aws-cdk-lib/aws-s3/lib/bucket.js:1:20681)
      at Array.forEach (<anonymous>)
      at new Bucket (/tmp/jsii-kernel-dcACjj/node_modules/aws-cdk-lib/aws-s3/lib/bucket.js:1:14963)
      at exports.Kernel._create (/tmp/tmpi6v6bnni/lib/program.js:5181:179)
      at exports.Kernel.create (/tmp/tmpi6v6bnni/lib/program.js:4989:29)
      at exports.KernelHost.processRequest (/tmp/tmpi6v6bnni/lib/program.js:6083:36)
      at exports.KernelHost.run (/tmp/tmpi6v6bnni/lib/program.js:6057:48)
      at Immediate._onImmediate (/tmp/tmpi6v6bnni/lib/program.js:6058:46)
      at processImmediate (node:internal/timers:466:21)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/Users/rittneje/s3-version-test/cdk.py", line 32, in <module>
    main()
  File "/Users/rittneje/s3-version-test/cdk.py", line 16, in main
    aws_s3.Bucket(
  File "/opt/.venv/lib/python3.10/site-packages/jsii/_runtime.py", line 86, in __call__
    inst = super().__call__(*args, **kwargs)
  File "/opt/.venv/lib/python3.10/site-packages/aws_cdk/aws_s3/__init__.py", line 16089, in __init__
    jsii.create(self.__class__, self, [scope, id, props])
  File "/opt/.venv/lib/python3.10/site-packages/jsii/_kernel/__init__.py", line 321, in create
    response = self.provider.create(
  File "/opt/.venv/lib/python3.10/site-packages/jsii/_kernel/providers/process.py", line 347, in create
    return self._process.send(request, CreateResponse)
  File "/opt/.venv/lib/python3.10/site-packages/jsii/_kernel/providers/process.py", line 329, in send
    raise JSIIError(resp.error) from JavaScriptError(resp.stack)
jsii.errors.JSIIError: Cannot use 'noncurrent' rules on a nonversioned bucket

Reproduction Steps

First deploy a bucket like so:

aws_s3.Bucket(
        stack,
        "test-bucket",
        block_public_access=aws_s3.BlockPublicAccess.BLOCK_ALL,
        versioned=True,
        enforce_ssl=True,
        removal_policy=aws_cdk.RemovalPolicy.DESTROY,
        auto_delete_objects=True,
)

Then disable versioning and add a lifecycle rule like so:

aws_s3.Bucket(
        stack,
        "test-bucket",
        block_public_access=aws_s3.BlockPublicAccess.BLOCK_ALL,
        versioned=False,
        lifecycle_rules=[
            aws_s3.LifecycleRule(noncurrent_version_expiration=aws_cdk.Duration.days(1)),
        ],
        enforce_ssl=True,
        removal_policy=aws_cdk.RemovalPolicy.DESTROY,
        auto_delete_objects=True,
    )

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.39.1 (build f188fac)

Framework Version

No response

Node.js Version

v16.17.0

OS

Alpine 3.16

Language

Python

Language Version

3.10.6

Other information

No response

[rittneje]

@otaviomacedo Any update on this? I would think the fix is just to remove the invalid restriction.

[vwfs-sasmoe]

@otaviomacedo We stumbled upon the same issue. When already having versioned buckets for which you want to suspend versioning, it would make sense to set lifecycle rules for noncurrent objects in order to get rid of the existing ones from the previous "versioning times".

[rittneje]

cc @peterwoodworth

[peterwoodworth]

Interesting bug, thanks for reporting!

We make the check here:

aws-cdk/packages/@aws-cdk/aws-s3/lib/bucket.ts

Lines 1874 to 1879 in 793dd76

	public addLifecycleRule(rule: LifecycleRule) {
	if ((rule.noncurrentVersionExpiration !== undefined
	|| (rule.noncurrentVersionTransitions && rule.noncurrentVersionTransitions.length > 0))
	&& !this.versioned) {
	throw new Error("Cannot use 'noncurrent' rules on a nonversioned bucket");
	}

If S3 doesn't reject these rules then we shouldn't be throwing this error, especially since there's a valid case which you've described in which these settings would make sense.

We accept contributions! Check out our contributing guide if you're interested - there's a low chance the team will be able to address this soon but we'd be happy to review a PR 🙂

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

[bibhu107]

We are using "monocdk": "^1.152.0" but still getting this error. Can someone help me with what is the release of this PR