By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Bug? CloudFromation AWS::ServiceCatalog::PortfolioPrincipalAssociation does not delete IAM_PATTERN principals

0

Bug: CloudFormation resource AWS::ServiceCatalog::PortfolioPrincipalAssociation allows for creating resources with type IAM_PATTERN, even though the documentation does not allow the. Those resources always fail to be deleted.

Excepted behavior:

  • Resource fails validation during creation, or
  • Resource can be deleted

To replicate: Deploy this template. Delete it.

{
 "Resources": {
  "Portfolio": {
   "Type": "AWS::ServiceCatalog::Portfolio",
   "Properties": {
    "DisplayName": "test",
    "ProviderName": "test",
    "Description": "test"
   },
   "PrincipalAssoc": {
    "Type": "AWS::ServiceCatalog::PortfolioPrincipalAssociation",
    "Properties": {
     "PortfolioId": {
      "Ref": "Portfolio"
     },
     "PrincipalARN": "arn:aws:iam:::role/SomeRolePattern*",
     "PrincipalType": "IAM_PATTERN"
    }
   }
  }
 }
}
Topics
Management & Governance
Tags
AWS CloudFormation
Language
English
f0ff
asked 7 months ago161 views
1 Answer
0

Hi,

this same ticket has been previously raised; https://github.com/aws/aws-cdk/issues/24370

You can probably weigh on it or open a Support ticket in your AWS console (service teams like CFN are not supposed to monitor re:Post for bug reports)

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content