Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Bug? CloudFromation AWS::ServiceCatalog::PortfolioPrincipalAssociation does not delete IAM_PATTERN principals

0

Bug: CloudFormation resource AWS::ServiceCatalog::PortfolioPrincipalAssociation allows for creating resources with type IAM_PATTERN, even though the documentation does not allow the. Those resources always fail to be deleted.

Excepted behavior:

  • Resource fails validation during creation, or
  • Resource can be deleted

To replicate: Deploy this template. Delete it.

{
 "Resources": {
  "Portfolio": {
   "Type": "AWS::ServiceCatalog::Portfolio",
   "Properties": {
    "DisplayName": "test",
    "ProviderName": "test",
    "Description": "test"
   },
   "PrincipalAssoc": {
    "Type": "AWS::ServiceCatalog::PortfolioPrincipalAssociation",
    "Properties": {
     "PortfolioId": {
      "Ref": "Portfolio"
     },
     "PrincipalARN": "arn:aws:iam:::role/SomeRolePattern*",
     "PrincipalType": "IAM_PATTERN"
    }
   }
  }
 }
}
Tópicos
Gestão e governança
Tags
AWS CloudFormation
Idioma
English
f0ff
feita há 8 meses174 visualizações
1 Resposta
0

Hi,

this same ticket has been previously raised; https://github.com/aws/aws-cdk/issues/24370

You can probably weigh on it or open a Support ticket in your AWS console (service teams like CFN are not supposed to monitor re:Post for bug reports)

Best,

Didier

profile pictureAWS
ESPECIALISTA
Didier_Durand
respondido há 8 meses

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante