There seems to be a bug when you pass an empty policy to cloudcontrol to update your corenetwork in networkmanager. You can replicate this with the cli.
When you pass in a patch document of "[]" it immediately returns success, then when you query the request, it is stuck in pending. You can replicate this with cli:
aws cloudcontrol update-resource --type-name AWS::NetworkManager::CoreNetwork --identifier core-network-xxxxx --patch-document "[]"
{
"ProgressEvent": {
"TypeName": "AWS::NetworkManager::CoreNetwork",
"Identifier": "core-network-xxxxx",
"RequestToken": "23xxxxx07",
"Operation": "UPDATE",
"OperationStatus": "SUCCESS",
...
aws cloudcontrol get-resource-request-status --request-token 23xxxxx07
{
"ProgressEvent": {
"TypeName": "AWS::NetworkManager::CoreNetwork",
"RequestToken": "23xxxxx07",
"OperationStatus": "PENDING",
"EventTime": "2022-09-07T16:39:46.821000+00:00"
}
}
Its stuck in pending and did not resolve after days. There are no changes/updates reflected in network manager.
EDIT: looks like this issue occurs when "[]" is passed to NetworkManager::VpcAttachment