Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Module template passes `cfn validate` and `aws cloudformation create-stack` but fails `cfn submit`
See original GitHub issueThis fragment passes cfn validate and cfn submit --dry-run under cfn 0.2.7, and creates a CloudFormation stack with an IAM role when passed to aws cloudformation create-stack under aws-cli 2.1.33, Python 3.9.2.
---
Description: A failing example
Resources:
Role:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal: { Service: [ ec2.amazonaws.com ] }
Action: [ sts:AssumeRole ]
However, cfn submit returns the following from us-west-2 after about 30 seconds.
Module fragment is valid.
Successfully submitted type. Waiting for registration with token '9f3912ab-f02b-4191-a4c2-fe81cc6f6351' to complete.
Failed to register the type with registration token '9f3912ab-f02b-4191-a4c2-fe81cc6f6351'.
Please see response for additional information: '{'ProgressStatus': 'FAILED', 'Description': 'Deployment is currently in VALIDATION_STAGE of status FAILED; Next is DEPLOY_STAGE with status CANCELLED\nDeployment failed with error. Error message: [9f3912ab-f02b-4191-a4c2-fe81cc6f6351] Error validating module fragment and schema definition: malformed module fragment found ---\nDescription: A failing example\nResources:\n Role:\n Type: AWS::IAM::Role\n Properties:\n AssumeRolePolicyDocument:\n Version: 2012-10-17\n Statement:\n - Effect: Allow\n Principal: { Service: [ ec2.amazonaws.com ] }\n Action: [ sts:AssumeRole ]\n', 'TypeArn': 'arn:aws:cloudformation:us-west-2:248094688382:type/module/Hiya-Basic-Example-MODULE', 'TypeVersionArn': 'arn:aws:cloudformation:us-west-2:248094688382:type/module/Hiya-Basic-Example-MODULE/00000006', 'ResponseMetadata': {'RequestId': '6f244e4d-6b15-4adf-b633-d825b1e5525b', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': '6f244e4d-6b15-4adf-b633-d825b1e5525b', 'content-type': 'text/xml', 'content-length': '1204', 'date': 'Fri, 02 Apr 2021 22:24:18 GMT'}, 'RetryAttempts': 0}}'
=== Caught downstream error ===
Waiter TypeRegistrationComplete failed: Waiter encountered a terminal failure state: For expression "ProgressStatus" we matched expected path: "FAILED"
---
If debugging indicates this is a possible error with this program,
please report the issue to the team and include the log file 'rpdk.log'.
Issue tracker: https://github.com/aws-cloudformation/aws-cloudformation-rpdk/issues
It succeeds if we quote the Action value of the policy.
---
Description: A passing example
Resources:
Role:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal: { Service: [ ec2.amazonaws.com ] }
Action: [ "sts:AssumeRole" ]
There’s no hint about what’s wrong from the service error. This is presumably an implementation difference between the parsers used by the command-line tool, the CloudFormation stack API, and the type registry API. It would save a lot of investigation time if we could get the same strictness out of all of these interfaces, or at least get a descriptive error out of the type registry API about what part of the input isn’t well-formed.
Issue Analytics
- State:
- Created 2 years ago
- Reactions:2
- Comments:7 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Thank you for raising this issue @jfoy and the detailed explanation. I’m able to reproduce the problem and will take up an internal action item to investigate (internal ticket id: P47032269)
Hi @jfoy, Thanks for checking back. Yes, this change is rolled out to all production regions.
cc @MatteoGioioso