By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS::Events::Connection 'GeneralServiceException' encountered when creating via CloudFormation

1

I am trying to create a new stack for some EventBridge resources. I'm setting up an API destination with a Connection using OAuth credentials which will be invoked by a rule watching S3 object creations.

However, I keep getting an error on the creation of the Connection construct (AWS::Events::Connection).

Resource handler returned message: "Error occurred during operation 'AWS::Events::Connection'." (RequestToken: [REDACTED], HandlerErrorCode: GeneralServiceException)

The code below was deployed successfully only after I manually created a Connection in AWS Console and then imported it in my stack. Ideally, I would manage this Connection through the stack.

Edit: To clarify, I altered the code below to import the manually created Connection and that worked as expected.

What might I be missing? How can I investigate the root cause of the GeneralServiceException? I believe I am deploying the stack with a role that has access to all actions on all resources.

const connection = new Connection(this, 'Connection', {
  authorization: Authorization.oauth({
    httpMethod: HttpMethod.POST,
    clientId: props.clientId,
    clientSecret: props.clientSecret,
    authorizationEndpoint: props.authorizationEndpoint,
  }),
});

const destination = new ApiDestination(this, 'ApiDestination', {
  httpMethod: HttpMethod.POST,
  endpoint: props.endpoint,
  connection,
});

const rule = new Rule(this, 'Rule', {
  eventPattern: {
    source: ['aws.s3'],
    detailType: ['Object Created'],
    detail: {
      bucket: {
        name: [props.bucketName],
      },
    },
  },
  targets: [new targets.ApiDestination(destination)],
});
Topics
Management & GovernanceServerlessApplication IntegrationSecurity, Identity, & Compliance
Tags
AWS CloudFormationAmazon EventBridgeAWS Secrets Manager
Language
English
rePost-User-3284214
asked 10 months ago1131 views
2 Answers
1

Hi, Have a look at this question and its answer: https://stackoverflow.com/questions/74177675/aws-cloudformation-events-api-connection

It looks quite similar to your problem. The proposed solution is:

I solved this by adding full API permissions to the role creating the stack but of course I scoped the permissions by the resource to avoid security issues, something like:

effects: "Allow"
actions: [
        "events:*",
        "secretsmanager:*"
      ]
resources: [
        "arn:aws:secretsmanager:<your region>:<your-account-id>:secret:events!connection/<yoursecretnameprefix>-*"
      ]
profile pictureAWS
EXPERT
Didier_Durand
answered 10 months ago
  • Shiva
    4 months ago

    This answer helped me to partially solve my situation. I was having another issue with providing correct resource name on the policy and to track down correct error I needed to check actual errors in Cloud Trail.

    Cloud Trail will help you get to the actual root cause instead of just guessing what the issue might be with GeneralServiceException. On Cloud Trail Event History - I had luck with filtering by User Name and choosing appropriate time frame the error occurred. Also, make sure to enable "Error code" as visible column on the results so you can easily see which event failed.

  • Didier_Durand EXPERT
    4 months ago

    Hi, thanks for your feedback with additional info. Glad that you solved your problem. If you're now happy with your situation. You can close this question by accepting the answer completed by your own details.

0

Hi, I had a similar issue and found the root cause by following Shiva's recommendation and looking into the Cloud Trail logs.

I'm posting this as an answer as I believe it may help anyone having issues with the too general 'GeneralServiceException', no matter which resource one is trying to deploy by using CloudFormation.

Go to CloudTrail -> "Event History" and go to "Preferences" -> "Select visible columns" -> enable "Error code". Then filter the list to find the relevant event. If you enter the event and look at the JSON view, you should be able to find a field called "errorMessage", which holds more detailed information as to what have gone wrong.

rePost-User-2620528
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content