Serverless-application-model: BucketEncryption property not defined

Created on 30 Jan 2018  路  8Comments  路  Source: aws/serverless-application-model

Adding the property BucketEncryption to a resource of type AWS::S3::Bucket results in the following error when deploying:

Transform AWS::Serverless-2016-10-31 failed with:
Invalid Serverless Application Specification document. Number of errors found: 1.
Resource with id [Bucket] is invalid. property BucketEncryption not defined for resource of type AWS::S3::Bucket

The relevant section of the template file is provided below:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Resources:
  Bucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: Retain
    Properties:
      BucketName: !Ref BucketNameParameter
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256

Is there an error in the template or is this property not supported yet?

areevent-source priorit1-critical typbug
Source
picture emillunde

Most helpful comment

Oh, this should be fixed now :)

picture sanathkr on 13 Mar 2018
🎉2

All 8 comments

Hmm, SAM is not supposed to touch any resources that don't start with prefix: "AWS::Serverless::". The following template deployed fine for me. 

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Resources:
  Bucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: Retain
    Properties:
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256

Can you give a bit more about the template? Is this the only resource in the template? Are you deploying to existing stack or a new stack? Which region?

sanathkr picture sanathkr on 30 Jan 2018

This is the entire template:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31

Parameters:
  SecurityGroupIdsParameter:
    Type: List<AWS::EC2::SecurityGroup::Id>
  SubnetIdsParameter:
    Type: List<AWS::EC2::Subnet::Id>
  TableNameParameter:
    Type: String
  RoleParameter:
    Type: String
  BucketNameParameter:
    Type: String
  FunctionNameParameter:
    Type: String
  DescriptionParameter:
    Type: String

Resources:
  S3Function:
    Type: AWS::Serverless::Function
    Properties:
      FunctionName: !Ref FunctionNameParameter
      Description: !Ref DescriptionParameter
      VpcConfig:
        SecurityGroupIds: !Ref SecurityGroupIdsParameter
        SubnetIds: !Ref SubnetIdsParameter
      Handler: index.handler
      Environment:
        Variables:
          TABLE_NAME: !Ref TableNameParameter
      Runtime: nodejs6.10
      Role: !Ref RoleParameter
      Events:
        DataUpload:
          Type: S3
          Properties:
            Bucket: !Ref Bucket
            Events: s3:ObjectCreated:*
  Bucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: Retain
    Properties:
      BucketName: !Ref BucketNameParameter
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256

I am deploying to an existing stack in eu-central-1.

emillunde picture emillunde on 31 Jan 2018

Ah now I see the problem. Yes, this is a bug in SAM. We will get it fixed as soon as possible.

sanathkr picture sanathkr on 31 Jan 2018
👍2

Glad you spotted it, I thought I was crazy. Looking forward to the patch!

sgates picture sgates on 6 Feb 2018

+1

bgjackma picture bgjackma on 6 Feb 2018

+1

ts33 picture ts33 on 23 Feb 2018

Oh, this should be fixed now :)

sanathkr picture sanathkr on 13 Mar 2018
🎉2

See https://github.com/awslabs/serverless-application-model/releases/tag/1.4.0

sanathkr picture sanathkr on 13 Mar 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

patrickli picture patrickli  路  4Comments
syang picture syang  路  3Comments
polovi picture polovi  路  3Comments
PMudra picture PMudra  路  4Comments
angustohrallegrinski picture angustohrallegrinski  路  3Comments