mobri2a
commented
3 years ago Thanks, @bkedryna....it's a bug. What's happening is the EncryptResourceData condition turns off creation of the KMS key, but there are a number of resources that need the KMS key in things like IAM policies when the encryption is enabled. Without the key these resources fail. I'll add issue this to the backlog for the solution.
The quickest fix will be to enable encryption and fix your KMS key issue.
A fix that disables encryption but works around the issue is to remove the Condition on the KMS key - the key will still be created, but encryption will not be used (but you are still blocked by the KMS key creation problem you mentioned).
I had problems with the template trying to create the KMS key (I'll create a separate issue for that), so I tried to turn off encryption in the template. I see this in it: "Resources": { "ResourceToS3SizeKB": 16, "EncryptResourceData": "True" }, But if I set "True" to "False" and try to create a stack, I'm getting this error: Template format error: Unresolved resource dependencies [ResourceEncryptionKey] in the Resources block of the template
I'm new to CloudFormation so not sure what the issue is, but I think there should be an easy way to turn off encryption - maybe it should be a parameter, if possible.