search

aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap
https://aws.amazon.com/cloudformation/
Creative Commons Attribution Share Alike 4.0 International
1.1k stars 54 forks source link

AWS::ImageBuilder::ImagePipeline WorkflowConfiguration - WorkflowArn validation fails #2016

Closed include closed 5 months ago

include commented 5 months ago

Name of the resource

AWS::ImageBuilder::Workflow

Resource Name

No response

Issue Description

The validation of WorkflowArn seems to have an issue. In the begining I though it was my code but after confirming with CDK team, looks like there is some regexp problem.

(the BUG I've open on aws-cdk: https://github.com/aws/aws-cdk/issues/29910)

Expected Behavior

Deploy this snippet of code:

  Pipeline:
    Type: AWS::ImageBuilder::ImagePipeline
    Properties:
      Description: Image pipeline
      DistributionConfigurationArn:
        Fn::GetAtt:
          - euAllDistribution
          - Arn
      EnhancedImageMetadataEnabled: true
      ExecutionRole:
        Fn::GetAtt:
          - EC2InstanceProfileForImageBuilderA043DE9F
          - Arn
      ImageRecipeArn:
        Fn::GetAtt:
          - BaseRecipe
          - Arn
      ImageScanningConfiguration:
        ImageScanningEnabled: false
      ImageTestsConfiguration:
        ImageTestsEnabled: false
        TimeoutMinutes: 60
      InfrastructureConfigurationArn:
        Fn::GetAtt:
          - infraConfig
          - Arn
      Name: tars-img-builder-pipeline
      Schedule:
        PipelineExecutionStartCondition: EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE
        ScheduleExpression: cron(0 0 * * ? *)
      Status: ENABLED
      Tags:
        Name: tars-img-builder-pipeline
        Release: live
        Version: 0.1.0
      Workflows:
        - OnFailure: ABORT
          WorkflowArn: arn:aws:imagebuilder:eu-west-1:aws:workflow/build/build-image/1.0.1

Observed Behavior

12:40:45 AM | CREATE_FAILED | AWS::ImageBuilder::ImagePipeline | Pipeline Resource handler returned message: "The value supplied for parameter 'workflows' is not valid. AWS managed workflows must have latest version 'x.x.x' for '{workflow_arn_str}' (Service: Imagebuilder, Status Code: 400, Request ID: c02cd8e3-1ecd-4ddf-ae0a-3c3ca29ee39a)" (RequestToken: e006e4e0-8450-41c7-93ed-5fb154cb1950, HandlerErrorCode: InvalidRequest)

Test Cases

cdk synth runs without problems. the cloudformation deployment fails.

Other Details

Please real the original thread here: https://github.com/aws/aws-cdk/issues/29910 - I will link both.

thanks in advance, F

include commented 5 months ago

I've opened a case to AWS and looks like the documentation is kind of giving wrong directions.

Removed the - OnFailure: ABORT, OnFailure parameter is only allowed for test workflows and not in this case; which I don't find in the documentation. And, I've changed the snippet to: (note the "x.x.x" Vs "1.0.1")

      workflows: [
        {
          workflowArn: "arn:aws:imagebuilder:eu-west-1:aws:workflow/build/build-image/x.x.x",
        },
      ],

Again, didn't find this clear in the documentation:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-imagebuilder-imagepipeline-workflowconfiguration.html#cfn-imagebuilder-imagepipeline-workflowconfiguration-workflowarn

Maybe someone can address this issue to the documentation team.

kind regards, F