Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[config] Trying to get arn for service linked role not working

See original GitHub issue

description of the bug:

Trying to get arn for service linked role

Reproduction Steps

minimal amount of code that causes the bug (if possible) or a reference:

        self.config_service_role = iam.CfnServiceLinkedRole(self,
            id='AWS Config Service Linked Role',
            aws_service_name='config.amazonaws.com'
        )

        self.config_recorder = aws_config.CfnConfigurationRecorder(self,
            id='AWS Config Configuration Recorder',
            name='default',
            role_arn=self.config_service_role.get_att('arn') # or ('resource.arn)
        )

What did you expect to happen?

What were you trying to achieve by performing the steps above?

I expected to get the Service Linked Role ARN or reference to it.

What actually happened?

What is the unexpected behavior you were seeing? If you got an error, paste it here.

jsii.errors.JavaScriptError:
  Error: Expected a string, got {"$jsii.byref":"@aws-cdk/core.Reference@10008"}
      at Object.deserialize (C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_embedded\jsii\jsii-runtime.js:6737:23)
      at Kernel._toSandbox (C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_embedded\jsii\jsii-runtime.js:8328:61)
      at C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_embedded\jsii\jsii-runtime.js:6959:29
      at mapValues (C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_embedded\jsii\jsii-runtime.js:7231:27)
      at Object.deserialize (C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_embedded\jsii\jsii-runtime.js:6955:20)
      at Kernel._toSandbox (C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_embedded\jsii\jsii-runtime.js:8328:61)
      at C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_embedded\jsii\jsii-runtime.js:8381:33
      at Array.map (<anonymous>)
      at Kernel._boxUnboxParameters (C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_embedded\jsii\jsii-runtime.js:8381:19)
      at Kernel._wrapSandboxCode (C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_embedded\jsii\jsii-runtime.js:8422:19)
      at Kernel._create (C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_embedded\jsii\jsii-runtime.js:7934:26)
      at Kernel.create (C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_embedded\jsii\jsii-runtime.js:7678:21)
      at KernelHost.processRequest (C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_embedded\jsii\jsii-runtime.js:7458:28)
      at KernelHost.run (C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_embedded\jsii\jsii-runtime.js:7396:14)
      at Immediate._onImmediate (C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_embedded\jsii\jsii-runtime.js:7399:37)
      at processImmediate (internal/timers.js:456:21)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "app.py", line 29, in <module>
    config_stack = ConfigStack(main_stack, 'config-stack')
  File "C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_runtime.py", line 69, in __call__
    inst = super().__call__(*args, **kwargs)
  File "C:\repos\aws\healthcare-hipaa-compliance-ns\healthcare_hipaa_compliance_ns\config_stack.py", line 88, in __init__
    self.config_recorder = aws_config.CfnConfigurationRecorder(self,
  File "C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_runtime.py", line 69, in __call__
    inst = super().__call__(*args, **kwargs)
  File "C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\aws_cdk\aws_config\__init__.py", line 1400, in __init__
    jsii.create(CfnConfigurationRecorder, self, [scope, id, props])
  File "C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_kernel\__init__.py", line 250, in create
    response = self.provider.create(
  File "C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_kernel\providers\process.py", line 336, in create
    return self._process.send(request, CreateResponse)
  File "C:\repos\aws\healthcare-hipaa-compliance-ns\hchcns\lib\site-packages\jsii\_kernel\providers\process.py", line 321, in send
    raise JSIIError(resp.error) from JavaScriptError(resp.stack)
jsii.errors.JSIIError: Expected a string, got {"$jsii.byref":"@aws-cdk/core.Reference@10008"}
Subprocess exited with error 1

Environment

  • **CLI Version 😗*1.69.0 (build 2b474b9)
  • **Framework Version:**1.69.0
  • Node.js Version: v12.18.3
  • OS : Windows 10
  • Language (Version): Python 3.8.5

Other

Some objects come with a property to pull the arn attribute like S3 buckets. Service Linked Roles don’t seem to have this capability. I don’t have a fix for this.

ex: self.config_bucket.attr_arn

This is 🐛 Bug Report

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:7 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
awstomburgecommented, Nov 14, 2020

image

Yes they do have ARNs.

0reactions
github-actions[bot]commented, Jun 18, 2021

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Using Service-Linked Roles for AWS Config
Ensure that you do not have ConfigurationRecorders using the service-linked role. You can use the AWS Config console to stop the configuration recorder....
Read more >
aws_iam_service_linked_role | Resources | hashicorp/aws
To find the full list of services that support service-linked roles, check the docs. ... arn - The Amazon Resource Name (ARN) specifying...
Read more >
Service-Linked Roles - AWS Well-Architected Labs
In this screenshot, the service linked role for AutoScaling exists ( AWSServiceRoleForAutoScaling ), but the roles for Elastic Load Balancing and RDS do...
Read more >
Troubleshooting Errors in Log Hub - Open Source at AWS
Error: Failed to assume service-linked role arn:x:x:x:/AWSServiceRoleForAppSync ... You can get more information from Amazon EKS IAM role configuration ...
Read more >
AWS Config service role is not authorized to perform
According the above message, it looks like the AWS Config service role was trying to create the service linked role for Global Accelerator....
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[aws-cognito] CfnIdentityPool: "Invalid Cognito Identity Provider"

Next page

[elasticsearch] CDK seems not to handle multi-az domains correctly