Cloudformation-coverage-roadmap: [BUG] Resource Type AWS::Event::EventBusPolicy has a Condition property which causes internal failures in change sets

Created on 4 Sep 2019  路  5Comments  路  Source: aws-cloudformation/cloudformation-coverage-roadmap

Summary

In CreateChangeSet, a "Condition" in a resource "Properties" is an invalid behavior currently and will cause an internal failure, looks like it is a long-running issue and been discovered.

Example Template:

Resources:
SampleEventBusPolicy:
Type: AWS::Events::EventBusPolicy
Properties:
Action: "events:PutEvents"
Principal: "*"
StatementId: "DemoStatement2"
Condition:
Type: "true"
Key: "aws:PrincipalOrgID"
Value: "o-1234567890"

There is already a bug reported in internal issues. It would really be the best if the same could be added in the roadmap so that its easy to track.

picture badaldavda
👍20

Most helpful comment

This is blocking my team as well. How has this gone almost a year with no AWS Acknowledgement?

picture dejonghe on 24 Jul 2020
👍6

All 5 comments

Still facing this (using CDK):

{
    "companyeventbuspolicy": {
        "Type": "AWS::Events::EventBusPolicy",
        "Properties": {
            "Action": "events:PutEvents",
            "Principal": "*",
            "StatementId": "company-event-bus-policy-statement",
            "Condition": {
                "Key": "aws:PrincipalOrgID",
                "Type": "StringEquals",
                "Value": "o-123456789"
            },
            "EventBusName": {
                "Ref": "companyeventbus9ABF23AA"
            }
        },
        "Metadata": {
            "aws:cdk:path": "company-events-stack/company-event-bus-policy"
        }
    }
}
lazharichir picture lazharichir on 4 Feb 2020
👍3

Just spent hours troubleshooting this with an open AWS Enterprise Support case.

My template snippet with the offending resource:

Resources:
  rEventBusPolicy:
    Type: 'AWS::Events::EventBusPolicy'
    Properties:
      Action: 'events:PutEvents'
      Principal: '*'
      StatementId: Organization
      Condition:
        Type: StringEquals
        Key: 'aws:PrincipalOrgID'
        Value:
          Fn::FindInMap:
            - OrgMap
            - !Ref AWS::Partition
            - ORG
szotrj picture szotrj on 12 Jun 2020

The problem here occours on using the "Condition" property and problem is with the CreateChangeSet API call.

'aws cloudformation deploy' command creates a changeset before creating or updating the stack as mentioned in the doc[2].

_"Deploys the specified AWS CloudFormation template by creating and then executing a change set"_

The current workaround is to use the 'aws cloudformation create-stack' CLI command instead of '_aws cloudformation deploy_' until this is fixed:

aws cloudformation create-stack --stack-name myBug --template-body file://bug_test.yaml

_[1] deploy
https://docs.aws.amazon.com/cli/latest/reference/cloudformation/deploy/index.html#deploy_

_[2] create-stack:
https://docs.aws.amazon.com/cli/latest/reference/cloudformation/create-stack.html_

ashwanijha04 picture ashwanijha04 on 2 Jul 2020

This is blocking my team as well. How has this gone almost a year with no AWS Acknowledgement?

dejonghe picture dejonghe on 24 Jul 2020
👍6

Dear CFN team, any updates on this? It's been almost a year. This currently blocks CDK issue below.

https://github.com/aws/aws-cdk/issues/1785

jakubgaj-chmoora picture jakubgaj-chmoora on 28 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

luiseduardocolon picture luiseduardocolon  路  4Comments
ghost picture ghost  路  4Comments
johnkoehn picture johnkoehn  路  3Comments
kdgregory picture kdgregory  路  3Comments
hoegertn picture hoegertn  路  4Comments