Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Wrong ARN for AWS Amplify Webhooks #39407

Open
AriannaLanz opened this issue Sep 19, 2024 · 7 comments
Open

[Bug]: Wrong ARN for AWS Amplify Webhooks #39407

AriannaLanz opened this issue Sep 19, 2024 · 7 comments
Labels
bug Addresses a defect in current functionality. service/amplify Issues and PRs that pertain to the amplify service.

Comments

@AriannaLanz
Copy link

Terraform Core Version

1.9.0

AWS Provider Version

5.67.0

Affected Resource(s)

aws_amplify_webhook

Expected Behavior

The output of aws_amplify_webhook.example_webhook.arn should be arn:aws:amplify:<region>:<account-id>:webhooks/<webhook-id>.

Actual Behavior

The actual output of aws_amplify_webhook.example_webhook.arn is arn:aws:amplify:<region>:<account-id>:apps/<app-id>/webhooks/<webhook-id>

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "> 5.0"
}
}
required_version = "> 1.9.0"
}

Steps to Reproduce

resource "aws_amplify_app" "example" {
  name = "app"
}

resource "aws_amplify_branch" "master" {
  app_id      = aws_amplify_app.example.id
  branch_name = "master"
}

resource "aws_amplify_webhook" "master" {
  app_id      = aws_amplify_app.example.id
  branch_name = aws_amplify_branch.master.branch_name
  description = "triggermaster"
}
  1. terraform apply
  2. terraform state show aws_amplify_webhook.master

Debug Output

No response

Panic Output

No response

Important Factoids

I need to add an amplify:GetWebhook IAM permission for this specific webhook, but I was getting the error:

Error: reading Amplify Webhook (<webhook-id>): operation error Amplify: GetWebhook, https response error StatusCode: 403, RequestID: <request-id id>, api error AccessDeniedException: User: arn:aws:sts::<account-id>:assumed-role/<role> is not authorized to perform: amplify:GetWebhook on resource: arn:aws:amplify:<region>:<account-id>:webhooks/<webhook-id>

and I noticed the discrepancy in that Terraform outputs the ARN as arn:aws:amplify:<region>:<account-id>:apps/<app-id>/webhooks/<webhook-id> when AWS expects arn:aws:amplify:<region>:<account-id>:webhooks/<webhook-id> (without the apps/<app-id> part).

When I fixed this manually in the IAM console, I no longer saw the 403 error.

References

No response

Would you like to implement a fix?

None
@AriannaLanz AriannaLanz added the bug Addresses a defect in current functionality. label Sep 19, 2024
@github-actions GitHub Actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added service/amplify Issues and PRs that pertain to the amplify service. needs-triage Waiting for first response or review from a maintainer. labels Sep 19, 2024
@breathingdust breathingdust removed the needs-triage Waiting for first response or review from a maintainer. label Sep 19, 2024
@RomanGonzalezEA
Copy link

This issue has now become critical as it's actively blocking the creation of an Amplify webhook with the error:
Error: unexpected format for ARN resource (webhooks/webhook_id)

The root cause appears to stem from the ARN format discrepancy described earlier. Terraform's generated ARN (...:apps/<app-id>/webhooks/<webhook-id>) conflicts with AWS's expected format (...:webhooks/<webhook-id>), which is now causing resource creation failures in addition to the original IAM permission issues.

Additionally, I confirm that I am using version 5.86.0 of the AWS Terraform provider.

@brunokloss
Copy link

+1. It isn't working here as well.
Terraform creates the webhook, but then shows the message Error: unexpected format for ARN resource (webhooks/webhook_id)

@Yuan-Verity
Copy link

Probably AWS changed the webhook URL structure yesterday. Now all projects with amplify webhook are failing.

@brunordias
Copy link

+1
Error: unexpected format for ARN resource (webhooks/<id>)
My plan failed with this error. I deleted the webhook to proceed, then re-ran the plan, and it successfully recreated the webhook. However, I still got the same error at the end of the apply.

@mhd-rawashdah
Copy link

We are experiencing the same issue where all our pipelines have failed any suggested solution?

@carvantes
Copy link

Hi, I'm from AWS Amplify.

There was a change in the ARN format on the API responses for webhooks. The change has been reverted.

You should not experience the Error: unexpected format for ARN resource (webhooks/webhook_id) anymore. We apologize for the inconvenience

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/amplify Issues and PRs that pertain to the amplify service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@breathingdust @carvantes @AriannaLanz @brunokloss @brunordias @mhd-rawashdah @RomanGonzalezEA @Yuan-Verity