search

aws-cloudformation / aws-cloudformation-resource-providers-cloudformation

The CloudFormation Resource Provider Package For AWS CloudFormation
https://aws.amazon.com/cloudformation/
Apache License 2.0
47 stars 35 forks source link

[HookVersion|HookDefaultVersion] ListHandlers failing #113

Closed MalikAtalla-AWS closed 1 year ago

MalikAtalla-AWS commented 1 year ago

Trying to invoke the ListHandler for the HookVersion resource fails for me with an error saying AccessDenied (even though I have pasted my credentials in to the terminal)

$ export AWS_ACCESS_KEY_ID=<redacted>
$ export AWS_SECRET_ACCESS_KEY=<redacted>
$ export AWS_SESSION_TOKEN=<redacted>
$ aws cloudcontrol list-resources --type-name AWS::CloudFormation::HookVersion --region us-west-2

An error occurred (AccessDeniedException) when calling the ListResources operation: AWS::CloudFormation::HookVersion Handler returned status FAILED: The security token included in the request is invalid (Service: CloudFormation, Status Code: 403, Request ID: 0fce0fb9-3d12-4448-b759-28b31b5416c9) (HandlerErrorCode: AccessDenied, RequestToken: 1ad82714-85a2-4c5c-9191-3b5f34ff713e)

The HookDefaultVersion ListHandler also fails, but with a different error:

$ aws cloudcontrol list-resources --type-name AWS::CloudFormation::HookDefaultVersion --region us-west-2

An error occurred (HandlerInternalFailureException) when calling the ListResources operation (reached max retries: 4): AWS::CloudFormation::HookDefaultVersion Handler returned status FAILED: The input should contain either ARN or Type Name (Service: CloudFormation, Status Code: 400, Request ID: a48a9a30-03e1-46e3-a585-c27e63784f61) (HandlerErrorCode: InternalFailure, RequestToken: 7a8bf00d-d723-4d8f-b91b-c01762e6b71b)
wkexiang commented 1 year ago

For HookVersion, I don't think the cause is with the handler itself since the same issue happens to other resources too according to #82.

For HookDefaultVersion and HookTypeConfig, those are basically configuration associated with each individual Hook. They cannot be created from the create handler either since they exists for all Hook once the Hook is created. The list handler works to list all versions and type configurations for a single Hook, so in your example, you need to specify ARN or TypeName of that Hook.

MalikAtalla-AWS commented 1 year ago

Oh you're right, the second one is a BadRequest, which is the correct behaviour. My bad. Regarding the first resource, let's either investigate or identify the right team to own it.

Neel-Renavikar commented 1 year ago

I think #82 has a context to the issue and also lists the number of other resources that face similar issue. We can close this ticket and handle the investigation in #82 .