Bug in CloudFormation regarding AWS EventBridge InputTransformer

0

In the following CloudFormation template, with the string "<userIdentity> tried to change a networkinterface. Probably the security group." on the same line as InputTemplate, the deployment will fail with the error "Invalid InputTemplate for target Ab1c2345d6-789e-0f1g-h234-ij5678k90l12 : [Source: (String)"null tried to change a networkinterface. Probably the security group."; line: 1, column: 11]. (Service: AmazonCloudWatchEvents; Status Code: 400; Error Code: ValidationException; Request ID: a1234b56-789c-0123-4d56-78901e234567; Proxy: null)".

When I change the code into:

[...]
            InputTemplate: >-
               "<userIdentity> tried to change a networkinterface. Probably the security group."

it works. This seems a bug to me, can you please look into this?

Thank you in advance!

Frederique

---
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  EventRule0:
    Type: AWS::Events::Rule
    Properties:
      EventBusName: default
      EventPattern:
        source:
          - aws.ec2
        detail-type:
          - AWS API Call via CloudTrail
        detail:
          eventSource:
            - ec2.amazonaws.com
          eventName:
            - ModifyNetworkInterfaceAttribute
      Name: Test
      State: ENABLED
      Targets:
        - Id: MyId
          Arn: >-
            arn:aws:sns:eu-west-1:040909972200:bitwarden-AlarmTopicMail-ELLBXyn1jv3z
          InputTransformer:
            InputPathsMap:
              userIdentity: $.detail.userIdentity.principalId
            InputTemplate: "<userIdentity> tried to change a networkinterface. Probably the security group."
1 Answer
0

I think it's a fault in the documentation (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-inputtransformer.html) rather than a bug. Looks like when specifying a String (rather than JSON) for InputTemplate it must internally contain quotes. Even though this isn't described in the doco, the YAML example they provide shows it:

  InputTemplate: |
    "instance <instance> is in <state>"

This will produce JSON with embedded quotes:

{'InputTemplate': '"instance <instance> is in <state>"\n'}

whereas these two forms (like your original attempt that fails) don't produce JSON with embedded quotes:

  InputTemplate: |
    instance <instance> is in <state>
  InputTemplate: "instance <instance> is in <state>"
EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions