Aws-cdk: (elbv2): Cross stack references missing from BaseLoadBalancer

I _believe_ the change required here is to replace how all of the attrs are set in the constructor to be wrapped by getResourceNameAttribute:

Needs to be updated:
https://github.com/aws/aws-cdk/blob/1fdd549af6372a7b639e9db5435f755e5a2515ad/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts#L221-L226

To match this:
https://github.com/aws/aws-cdk/blob/1fdd549af6372a7b639e9db5435f755e5a2515ad/packages/@aws-cdk/aws-s3/lib/bucket.ts#L1289

Hello @njlynch,

Same pb here with ec2.VpcEndpointService :
Error: Stack "B" cannot consume a cross reference from stack "A". Cross stack references are only supported for stacks deployed to the same environment or between nested stacks and their parent stack

When creating a _VpcEndpointService_ in Account A (Stack A) :

export class StackA extends cdk.Stack {
  public readonly VpcePrd: ec2.VpcEndpointService;
[...]
const VpcEndpointServicePrd = new ec2.VpcEndpointService(this, 'VpcEndpointServicePrd', {....}); 
this.VpcePrd = VpcEndpointServicePrd;
[...]

& a _InterfaceVpcEndpoint_ in Account B (Stack B) :

interface StackBProps extends cdk.StackProps { readonly VpcePrd: ec2.VpcEndpointService}
[...]
const Vpce = new ec2.InterfaceVpcEndpoint(this, 'Vpce', {
      service: new ec2.InterfaceVpcEndpointService(props.VpcePrd.vpcEndpointServiceName),
[...]

Again, as a workaround I have to use --outputs-file to get Cfn outputs locally...
I insist (aws/aws-cdk-rfcs#226), to use a native mecanism with CDK to easily do that.
As AWS Best Practices, we use multiple accounts and we have here an AWS Tool that can't do the Job natively cross accounts -_-'

@njlynch you nailed it 🙂

And also getResourceArnAttribute() for the ARN, in addition to getResourceNameAttribute() 🙂

@skinny85 - Looking at it in more detail, I'm not sure this will work.

My understanding is that this allows for cross-environment usage strictly for the ARN and name, and assembles both via means of PhysicalName.GENERATE_IF_NEEDED. So... a couple points where this breaks down for the above example.

1. For ALBs, the ARN format is something like arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188, where my-load-balancer is the provided name, and 50dc6c495c0c9188 is a randomly-generated suffix. At least via the ELBv2 API, you can't use the ARN without the suffix.
2. For this particular case -- using the ALB with Route53, which seems like a fairly common use case -- this won't work anyway, as the properties Route53 needs here are loadBalancerCanonicalHostedZoneId and loadBalancerDnsName, neither of which are deterministic.

I _think_ this is going to have to be resolved as not possible (without a specialized custom resource), with the standard advice of using something like SSM to store ARNs/HostedZones/DomainNames cross-environment.

@njlynch :

I think this is going to have to be resolved as not possible (without a specialized custom resource), with the standard advice of using something like SSM to store ARNs/HostedZones/DomainNames cross-environment.

Unfortunatly, I abuse of that workaround; but when you're in the same account.
How to easily retrieve an SSM Parameter created on another account ?
Since few month, I do not have found a good solution.

Talking about that, how do you make that working :

import data from '../../_dev/outputs/frontend.json';
[...]
let AppEnv = props?.AppEnv as string;
var ApplicationLoadBalancerPrivateDnsName = data['mystack-' + AppEnv + '-frontend'].ApplicationLoadBalancerPrivateDnsName;

I can't find a way to make it works :
Element implicitly has an 'any' type because expression of type 'string' can't be used to index type

I want to use only 1 stack for each env and not 3 dedicated like that :
var ApplicationLoadBalancerPrivateDnsName = data['mystack-dev-frontend'].ApplicationLoadBalancerPrivateDnsName;

@njlynch yes, you're right, and that's probably why we didn't add it originally 😕. If the ARN cannot be derived from the name in a stable way, we can't use these facilities for cross-environments references.

Sorry @Cloudrage . Looks like your feature request is still needed then.

Have 2 questions remaining from my 2 last posts please :

• How to easily retrieve an SSM Parameter created on another account ?
• Using "data" with variables (or maybe you can update the option "--output-file" to give the possibility to change the output and not begin with the Stack Name in the JSON)

How to easily retrieve an SSM Parameter created on another account ?

"Easily" is subjective. :) You would like want to create a role in the account with the SSM Parameter that trusts (a role in) the other account. Then the latter role can be used by a custom resource to request the parameter.

Given the conclusion above -- this can't be satisfied without a custom-resource based approach -- I'm going to close this out in favor of https://github.com/aws/aws-cdk-rfcs/issues/226;

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@njlynch , not really integrated and native :/
That's why the Feature Request is very important in a multi-account strategy.