BucketEncryption property not defined

[emillunde]

Adding the property BucketEncryption to a resource of type AWS::S3::Bucket results in the following error when deploying:

Transform AWS::Serverless-2016-10-31 failed with:
Invalid Serverless Application Specification document. Number of errors found: 1.
Resource with id [Bucket] is invalid. property BucketEncryption not defined for resource of type AWS::S3::Bucket

The relevant section of the template file is provided below:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Resources:
  Bucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: Retain
    Properties:
      BucketName: !Ref BucketNameParameter
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256

Is there an error in the template or is this property not supported yet?

[sanathkr]

Hmm, SAM is not supposed to touch any resources that don't start with prefix: "AWS::Serverless::". The following template deployed fine for me.

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Resources:
  Bucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: Retain
    Properties:
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256

Can you give a bit more about the template? Is this the only resource in the template? Are you deploying to existing stack or a new stack? Which region?

[emillunde]

This is the entire template:

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31

Parameters:
  SecurityGroupIdsParameter:
    Type: List<AWS::EC2::SecurityGroup::Id>
  SubnetIdsParameter:
    Type: List<AWS::EC2::Subnet::Id>
  TableNameParameter:
    Type: String
  RoleParameter:
    Type: String
  BucketNameParameter:
    Type: String
  FunctionNameParameter:
    Type: String
  DescriptionParameter:
    Type: String

Resources:
  S3Function:
    Type: AWS::Serverless::Function
    Properties:
      FunctionName: !Ref FunctionNameParameter
      Description: !Ref DescriptionParameter
      VpcConfig:
        SecurityGroupIds: !Ref SecurityGroupIdsParameter
        SubnetIds: !Ref SubnetIdsParameter
      Handler: index.handler
      Environment:
        Variables:
          TABLE_NAME: !Ref TableNameParameter
      Runtime: nodejs6.10
      Role: !Ref RoleParameter
      Events:
        DataUpload:
          Type: S3
          Properties:
            Bucket: !Ref Bucket
            Events: s3:ObjectCreated:*
  Bucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: Retain
    Properties:
      BucketName: !Ref BucketNameParameter
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256

I am deploying to an existing stack in eu-central-1.

[sanathkr]

Ah now I see the problem. Yes, this is a bug in SAM. We will get it fixed as soon as possible.

[sgates]

Glad you spotted it, I thought I was crazy. Looking forward to the patch!

[bgjackma]

+1

[ts33]

+1

[sanathkr]

Oh, this should be fixed now :)

[sanathkr]

See https://github.com/awslabs/serverless-application-model/releases/tag/1.4.0