The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
Apache License 2.0
725
stars
233
forks
source link
[BUG][Functional] ACM Import Custom Lambda references Physical ID instead of Secret Value causing lookup failure. #1152
Bug reports which fail to provide the required information will be closed without action.
Required Basic Info
Accelerator Version: v1.5.6-a
Install Type: Upgrade
Upgrade from version: v1.5.5
Describe the bug
The ACM Custom CFN Resource uses its PhysicalResourceId to determine if there is an existing ACM Cert or not. On CFN resource creation, the PhysicalId would be undefined (expected) and a new ACM cert gets created. The created cert's ARN is returned as the PhysicalResourceId. When this custom CFN Resources is updated, the Lambda uses the PhysicalResourceId as the lookup value to the ACM Cert. This fails as the cert isn't created. Note that a Secret is created to contain the ACM ARN.
Failure Info
What error messages have you identified, if any: Phase1 fails - "The certification ARN ... is not an imported certificate ARN"
What symptoms have you identified, if any:
Required files
Please provide a copy of your config.json file (sanitize if required)
Steps To Reproduce
Unknown at this time
Expected behavior
A clear and concise description of what you expected to happen.
The ACM Custom CFN Resource (i.e. Lambda) should use the ARN value stored in the related Secret, and not use the unchangeable PhysicalResourceId.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
Bug reports which fail to provide the required information will be closed without action.
Required Basic Info
Describe the bug
The ACM Custom CFN Resource uses its PhysicalResourceId to determine if there is an existing ACM Cert or not. On CFN resource creation, the PhysicalId would be undefined (expected) and a new ACM cert gets created. The created cert's ARN is returned as the PhysicalResourceId. When this custom CFN Resources is updated, the Lambda uses the PhysicalResourceId as the lookup value to the ACM Cert. This fails as the cert isn't created. Note that a Secret is created to contain the ACM ARN.
Failure Info
Required files
Steps To Reproduce
Unknown at this time
Expected behavior A clear and concise description of what you expected to happen.
The ACM Custom CFN Resource (i.e. Lambda) should use the ARN value stored in the related Secret, and not use the unchangeable PhysicalResourceId.
Screenshots If applicable, add screenshots to help explain your problem.
Additional context Add any other context about the problem here.