search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.68k stars 3.93k forks source link

(aws-ram): Malformed Principal ID when sharing resource with Organization #14131

Closed adriantaut closed 3 years ago

adriantaut commented 3 years ago

Hello. I am trying to share an AWS EC2 PrefixList within our AWS Organization. It works just fine when sharing with a single AWS Account, but no luck when attempting to share with the entire organization, although I can do this via AWS Console.

Reproduction Steps

  1. Define the Prefix List:
    const prefixList = new ec2.CfnPrefixList(this, 'artifactoryPL', {
      addressFamily: 'IPv4',
      maxEntries: 2,
      prefixListName: 'pl',
      entries: [
        { cidr: '10.x.x.x/27', description: 'CIDR1' },
        { cidr: '10.y.y.y/27', description: 'CIDR2' }
      ]
    });
  1. Share the newly created PL using RAM:
    const ramShare = new ram.CfnResourceShare(this, 'ram-share', {
      name: 'prefix-list-share',
      resourceArns: [prefixList.attrArn],
      allowExternalPrincipals: false,
      principals: ['o-123random']
    })

and I get the following CF error:

11:17:35 | UPDATE_FAILED        | AWS::RAM::ResourceShare | artifactoryramshare
Principal ID o-123random is malformed. Verify the ID and try again. (Service: AWSRAM; Status Code: 400; Error Code: Inval
idParameterException; Request ID: 091ad30b-fd0d-4c8a-82ad-3c833fb22c63; Proxy: null)

Note1: The above RAM share works if I replace the Organization ID with a list of AWS Account IDs. Note2: I can share the PL with the entire organization directly from the AWS Console

Environment

Other

This is :bug: Bug Report

adriantaut commented 3 years ago

nvm, get it fixed with the Organization ARN which I had no visibility before.

github-actions[bot] commented 3 years ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.