Open climbertjh2 opened 3 months ago
Looking into this a bit more, it appears that CfnRoleProps
only accepts a PolicyDocument
object as input for the assumeRolePolicyDocument
attribute, while CloudFormation itself is a bit more lenient and will accept a string
as input where the string contains JSON mark-up.
This seems to be complicated by CfnRole
and CfnRoleProps
being in the set of code that is iam_generated
?
Thanks @climbertjh2 for reporting this issue. I am able to reproduce this and facing the same error.
@khushail - Thanks for looking into this. If you need someone to test out your updates, let me know.
I found it a bit strange that creating a string using !Join
in the CloudFormation template seems to work, while just specifying a string (over multiple lines) using |
or >-
does not work. There seem to be some special cases implemented by CloudFormation which are not quite handled by the CfnRoleProps
construct.
Describe the bug
CloudFormation template which specifies a string-concatenation for
AssumeRolePolicyDocument
attribute inAWS::IAM::Role
resource is NOT accepted byCfnInclude()
.cdk synth
fails with a exception:See various permutations for the
AssumeRoelPolicyDocument
attribute in theiam-role.yaml
file attached to this ticket. iam-role.yaml.txtExpected Behavior
CfnInclude()
should accept CloudFormation YAML files that are accepted by CloudFormationCreateStack
.Current Behavior
cdk synth
fails with an exception.Reproduction Steps
Create YAML file as described. Run
cdk synth
using a CDK application which usesCfnInclude()
to include the YAML file.Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.134.0 (build 265d769)
Framework Version
No response
Node.js Version
v20.7.0
OS
MacOS
Language
TypeScript
Language Version
TypeScript (5.1.6)
Other information
No response