Bug? CloudFromation AWS::ServiceCatalog::PortfolioPrincipalAssociation does not delete IAM_PATTERN principals

Question

Bug:
CloudFormation resource `AWS::ServiceCatalog::PortfolioPrincipalAssociation` allows for creating resources with type IAM_PATTERN, even though the documentation does not allow the. Those resources always fail to be deleted.

Excepted behavior:
- Resource fails validation during creation, or
- Resource can be deleted

To replicate:
Deploy this template. Delete it.
```
{
 "Resources": {
  "Portfolio": {
   "Type": "AWS::ServiceCatalog::Portfolio",
   "Properties": {
    "DisplayName": "test",
    "ProviderName": "test",
    "Description": "test"
   },
   "PrincipalAssoc": {
    "Type": "AWS::ServiceCatalog::PortfolioPrincipalAssociation",
    "Properties": {
     "PortfolioId": {
      "Ref": "Portfolio"
     },
     "PrincipalARN": "arn:aws:iam:::role/SomeRolePattern*",
     "PrincipalType": "IAM_PATTERN"
    }
   }
  }
 }
}

```

Answer

Hi,

this same ticket has been previously raised; https://github.com/aws/aws-cdk/issues/24370

You can probably weigh on it or open a Support ticket in your AWS console (service teams like CFN are not supposed to monitor re:Post for bug reports)

Best,

Didier

Bug? CloudFromation AWS::ServiceCatalog::PortfolioPrincipalAssociation does not delete IAM_PATTERN principals

관련 콘텐츠