search

awslabs / aws-serverless-data-lake-framework

Enterprise-grade, production-hardened, serverless data lake on AWS
https://sdlf.workshop.aws/
MIT No Attribution
419 stars 139 forks source link

Unsupported resource ARN Format message while deploying a new installation of SDLF #76

Closed murgua closed 2 years ago

murgua commented 2 years ago

Describe the bug Get error Unsupported resource ARN Format (Service:Lake formation; status code:400 ; Error Code: InvalidInputException) on rXXBucketLakeFormationS3Registration resources

File sdlf-foundations/nested-stacks/template-s3.yaml

To Reproduce Steps to reproduce the behavior:

  1. Go to deploy a new instance of SDLF deploy a new instance of SDLF

  2. Deploy the foundations

  3. Open Cloud Formation stacks and look for the following errors: The following resource(s) failed to create: [rS3Stack]. Rollback requested by user.

    Embedded stack arn:aws:cloudformation:us-east-2:399927441213:stack/sdlf-foundations-rS3Stack-1NFGOHVHPW9ZT/0cfc1b40-5edf-11ed-8833-0650d337b4a4 was not successfully created: The following resource(s) failed to create: [rStageBucketLakeFormationS3Registration, rAnalyticsBucketLakeFormationS3Registration, rRawBucketLakeFormationS3Registration, rDataQualityBucketLakeFormationS3Registration].

  4. Validate Cloud trail API errors and found this

    {
"eventVersion": "1.08",
"userIdentity": {
    "type": "AssumedRole",
    "principalId": "AROAX6QYNKD72VMXTK3BU:AWSCodeBuild-ec1ae13d-f7cb-4721-942b-aa0745dfe84d",
    "arn": "arn:aws:sts::xxxxxxxxx:assumed-role/sdlf-cicd-codebuild/AWSCodeBuild-ec1ae13d-f7cb-4721-942b-aa0745dfe84d",
    "accountId": "xxxxxxxxx",
    "accessKeyId": "XXXXXXPUHRFBDQP3YQ",
    "sessionContext": {
        "sessionIssuer": {
            "type": "Role",
            "principalId": "XXXXYNKD72VMXTK3BU",
            "arn": "arn:aws:iam::xxxxxxxxx:role/sdlf-cicd-codebuild",
            "accountId": "xxxxxxxxx",
            "userName": "sdlf-cicd-codebuild"
        },
        "attributes": {
            "creationDate": "2022-11-07T18:38:16Z",
            "mfaAuthenticated": "false"
        }
    },
    "invokedBy": "cloudformation.amazonaws.com"
},
"eventTime": "2022-11-07T18:42:54Z",
"eventSource": "lakeformation.amazonaws.com",
"eventName": "RegisterResource",
"awsRegion": "us-east-1",
"sourceIPAddress": "cloudformation.amazonaws.com",
"userAgent": "cloudformation.amazonaws.com",
"errorCode": "InvalidInputException",
"errorMessage": "Un-supported resource arn format",
"requestParameters": {
    "resourceArn": "arn:aws:::s3:cwc-tf-dev-xxxxxx67-dataquality/",
    "useServiceLinkedRole": true
},
"responseElements": null,
"requestID": "f0e61a89-8488-4a64-a480-8a327942a2f7",
"eventID": "76bfb825-7b54-40f2-9c65-5eeb9f50a847",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "XXXX792767",
"eventCategory": "Management"
}

Reproduce the same error on a CX Account and on a new Isengard Account

Expected behavior After creating the buckets it should register them on Lake Formation.

Screenshots If applicable, add screenshots to help explain your problem. image

SDLF release (if known): Latest

Additional context Review the code for past releases and is the same code, I'm supposing this error is related with Lake formation update on their API

murgua commented 2 years ago

Fix available on https://github.com/awslabs/aws-serverless-data-lake-framework/pull/77 pull request,

kukushking commented 2 years ago

Thank you @murgua look like it was a typo in ARNs for LF reistration