-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(aws-backup): (BackupVault.fromBackupVaultArn fails to parse backup vault ARN) #25212
Comments
Thank you for your detailed insight. I can confirm the ArnFormat is inconsistent. aws-cdk/packages/aws-cdk-lib/aws-backup/lib/vault.ts Lines 227 to 246 in cefbb33
Making this a p2 bug. Any PRs are welcome and appreciated! |
…#25259) `BackupVault.fromBackupVaultArn` parsed ARNs using the `ArnFormat.SLASH_RESOURCE_NAME` format. This fix changes it to the [expected](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsbackup.html#awsbackup-resources-for-iam-policies) `ArnFormat.COLON_RESOURCE_NAME` format. Closes #25212 . ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
Describe the bug
If you try to include a reference to an already defined backup vault through its ARN, and then use the vault in a backup plan rule, you get an error when you try to deploy the stack which uses it.
Error: Failed to create ChangeSet cdk-deploy-change-set on datalake-redshift: FAILED, Template error: Fn::Select cannot select nonexistent value at index 1
Expected Behavior
No error, referencing the backup vault construct in a backup plan should work.
Current Behavior
A stack trace when the change set is about to be created, which includes the error:
Error: Failed to create ChangeSet cdk-deploy-change-set on datalake-redshift: FAILED, Template error: Fn::Select cannot select nonexistent value at index 1
Reproduction Steps
Workaround currently is to change the ARN to use a slash between "backup-vault" and the backup vault name, before calling fromBackupVaultArn().
Possible Solution
Change fromBackupVaultArn to use
ArnFormat.COLON_RESOURCE_NAME
instead ofArnFormat.SLASH_RESOURCE_NAME
.Additional Information/Context
Looking at the generated CloudFormation where it is used, one can see the following below. The problem here is that "Fn::Select" uses index 1, after splitting by "/". However, there is no "/" separator in a backup vault ARN, only ":". So the index does not work.
This is verified by looking at the code for the BackupVault in aws-backup module (below from release 2.76.0), where fromBackupVaultArn() uses
ArnFormat.SLASH_RESOURCE_NAME
instead ofArnFormat.COLON_RESOURCE_NAME
.CDK CLI Version
2.76.0
Framework Version
No response
Node.js Version
16
OS
macOS
Language
Python
Language Version
3.8
Other information
No response
The text was updated successfully, but these errors were encountered: