Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CfnInclude: fails to parse/load a CloudFormation template which is acceptable to CloudFormation CreateStack #29642

Open
climbertjh2 opened this issue Mar 28, 2024 · 3 comments
Open

CfnInclude: fails to parse/load a CloudFormation template which is acceptable to CloudFormation CreateStack #29642

climbertjh2 opened this issue Mar 28, 2024 · 3 comments
Labels
@aws-cdk/cloudformation-include Issues related to the "CFN include v.20" package @aws-cdk/core Related to core CDK functionality bug This issue is a bug. effort/small Small work item – less than a day of effort p2

Comments

@climbertjh2
Copy link

Describe the bug

CloudFormation template which specifies a string-concatenation for AssumeRolePolicyDocument attribute in AWS::IAM::Role resource is NOT accepted by CfnInclude(). cdk synth fails with a exception:

CfnSynthesisError: Resolution error: Supplied properties not correct for "CfnRoleProps"
  assumeRolePolicyDocument: "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Principal\": {\n        \"Service\": \"ec2.amazonaws.com\"\n      },\n      \"Action\": \"sts:AssumeRole\"\n    }\n  ]\n}" should be an 'object'.

See various permutations for the AssumeRoelPolicyDocument attribute in the iam-role.yaml file attached to this ticket.
iam-role.yaml.txt

Expected Behavior

CfnInclude() should accept CloudFormation YAML files that are accepted by CloudFormation CreateStack.

Current Behavior

cdk synth fails with an exception.

Reproduction Steps

Create YAML file as described.
Run cdk synth using a CDK application which uses CfnInclude() to include the YAML file.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.134.0 (build 265d769)

Framework Version

No response

Node.js Version

v20.7.0

OS

MacOS

Language

TypeScript

Language Version

TypeScript (5.1.6)

Other information

No response
@climbertjh2 climbertjh2 added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Mar 28, 2024
@github-actions github-actions bot added the @aws-cdk/cloudformation-include Issues related to the "CFN include v.20" package label Mar 28, 2024
@climbertjh2
Copy link
Author

Looking into this a bit more, it appears that CfnRoleProps only accepts a PolicyDocument object as input for the assumeRolePolicyDocument attribute, while CloudFormation itself is a bit more lenient and will accept a string as input where the string contains JSON mark-up.

This seems to be complicated by CfnRole and CfnRoleProps being in the set of code that is iam_generated?

This was referenced Apr 1, 2024
Closed
Closed
Closed
@khushail khushail added investigating This issue is being investigated and/or work is in progress to resolve the issue. and removed needs-triage This issue or PR still needs to be triaged. labels Apr 2, 2024
@khushail khushail self-assigned this Apr 2, 2024
@khushail
Copy link
Contributor

khushail commented Apr 4, 2024

Thanks @climbertjh2 for reporting this issue. I am able to reproduce this and facing the same error.

@khushail khushail added effort/small Small work item – less than a day of effort p2 and removed investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Apr 4, 2024
@khushail khushail removed their assignment Apr 4, 2024
@climbertjh2
Copy link
Author

@khushail - Thanks for looking into this. If you need someone to test out your updates, let me know.

I found it a bit strange that creating a string using !Join in the CloudFormation template seems to work, while just specifying a string (over multiple lines) using | or >- does not work. There seem to be some special cases implemented by CloudFormation which are not quite handled by the CfnRoleProps construct.

@pahud pahud added the @aws-cdk/core Related to core CDK functionality label Jun 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/cloudformation-include Issues related to the "CFN include v.20" package @aws-cdk/core Related to core CDK functionality bug This issue is a bug. effort/small Small work item – less than a day of effort p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pahud @climbertjh2 @khushail