Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sam Package strips quotes from account Ids #867

Closed
rhboyd opened this issue Dec 18, 2018 · 4 comments
Closed

Sam Package strips quotes from account Ids #867

rhboyd opened this issue Dec 18, 2018 · 4 comments

Comments

@rhboyd
Copy link

rhboyd commented Dec 18, 2018

Description

When I use the following mapping to provide configurations based on the AWS::AccountId

Mappings:
  "FOO":
    "0123456789":
      KEY: VALUE

after running sam package --template-file /PATH/TO/template.yaml --s3-bucket, the quotes are stripped from the account ID in the cfn template that is generated. This only happens when the accountID starts with a 0 and does not contain any "8"s or "9"s

Steps to reproduce

-create a mapping that has keys which start with a 0 and also contain an 8 or 9 (i.e. not valid Octal)
-execute sam package
-inspect output template

Observed result

2018-12-18 09:14:09 package command is called
... cfn template ...
2018-12-18 09:14:11 package command successful

Expected result

I expected the quotes around string literals to remain in place

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

  1. OS: Mac Mojave
  2. sam --version: SAM CLI, version 0.8.1
@rhboyd rhboyd closed this as completed Dec 18, 2018
@rhboyd rhboyd reopened this Dec 18, 2018
@rhboyd
Copy link
Author

rhboyd commented Dec 18, 2018

Sorry for the spam. I misread the results when I tried it in 0.9.0, the problem exists in the new release as well.

@jfuss
Copy link
Contributor

jfuss commented Dec 18, 2018

This is an issue with PyYaml: yaml/pyyaml#98 only supporting 1.1.

Note: AWS CloudFormation only supports YAML 1.1. We need to remain compatible with what AWS CloudFormation supports and therefore their isn't much we can do here.

Closing

@jfuss jfuss closed this as completed Dec 18, 2018
@idm-ryou idm-ryou mentioned this issue May 13, 2019
Open
@ecmonsen
Copy link

ecmonsen commented Feb 3, 2020

So is this saying that AWS SAM is producing templates that are incompatible with CloudFormation, and this won't be fixed?

My issue is that aws cloudformation create-stack succeeds with the following template, but sam deploy fails because it strips the quotes from "011111111118" (but not the other keys in the mapping) before feeding it to CloudFormation.

AWSTemplateFormatVersion: "2010-09-09"

Mappings:
  AdminRoleArns:
    "111111111118":
      Arn: arn:aws:iam::111111111111:role/accounts-AWSIAMAdminRole-1111111111118
    "011111111111":
      Arn: arn:aws:iam::111111111111:role/accounts-AWSIAMAdminRole-1111111111111
    "011111111118":
      Arn: arn:aws:iam::011111111118:role/accounts-AWSIAMAdminRole-0111111111118

Resources:
  KmsKey:
    Type: "AWS::KMS::Key"
    Properties:
      KeyPolicy:
        Version: "2012-10-17"
        Statement:
          - Sid: "Allow use of the key for encryption"
            Effect: "Allow"
            Principal:
              AWS:
                - !FindInMap [AdminRoleArns, !Ref "AWS::AccountId", Arn]
            Action:
              - "kms:GenerateDataKey"
              - "kms:Decrypt"
            Resource: "*"

@lmayorga1980
Copy link

@ecmonsen is there a workaround for this issue?

@jfuss jfuss mentioned this issue May 6, 2020
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ecmonsen @lmayorga1980 @rhboyd @jfuss