cloudformation-coverage-roadmap icon indicating copy to clipboard operation
cloudformation-coverage-roadmap copied to clipboard

Published 20 hours ago verified publisher icon aws-cloudformation

Drift detection: inline policy for a AWS::SSO::PermissionSet causes false positive

Open avandyke opened this issue 3 years ago • 1 comments
trafficstars

Name of the resource

AWS::SSO::PermissionSet

Resource Name

No response

Issue Description

When creating a AWS::SSO::PermissionSet with inline policies and then running Drift detection on the stack, resource gets flagged as Drifted because the presence of inline policy is being ignored. When reviewing Drift details, only managed policies are present in the "Actual" field, while "Expected" field shows inline policies.

Expected Behavior

CF correctly identifies presence of inline policies and doesn't mark them as removed when running Drift detection.

Observed Behavior

Inline policies are being flagged as "Removed" by Drift detection even though they are still there and can be seen in SSO dashboard.

Test Cases

Create a AWS::SSO::PermissionSet resource with both Managed and Inline policies assigned. Run Drift detection on the resource. Inline policy would be marked are "Removed" and stack will be flagged as Drifted.

Other Details

No response

avandyke avatar Jan 28 '22 18:01 avandyke