Closed tcheksa62 closed 3 years ago
The param himself if ambiguous "KmsKeyId" but in reality is KmsKeyArn
Agreed, this problem stems from CreateLogGroup
API naming itself. Unfortunately, we have to continue supporting that naming at this point, but the reference documentation for AWS::Logs::LogGroup.KmsKeyId
has a note on this as well
The API has the same problem, so the person who wrote the implementation copied that instead of thinking about how to make it better for CloudFormation users (and they will try to do better next time).
I know that "it's frustrating for everyone" doesn't really solve the issue.
Hello,
I got problem when I use this template to deploy KMSKey, KMSAlias and CW LogGroup :
Error message :
Model validation failed (#/KmsKeyId: failed validation constraint for keyword [pattern])
In the doc of "AWS::KMS::Key" resource, return value is key ID. But "AWS::Logs::LogGroup" wait an ARN not a KeyID. The param himself if ambiguous "KmsKeyId" but in reality is KmsKeyArn
My workaround is to use "Fn::GetAtt" instead of Ref :
KmsKeyId: !GetAtt KMSKey.Arn
Regards, Tcheksa