cloudformation-coverage-roadmap icon indicating copy to clipboard operation
cloudformation-coverage-roadmap copied to clipboard

Published 20 hours ago verified publisher icon aws-cloudformation

CloudFormation false positive drift bug when S3 ObjectOwnership and/or ReplicationConfiguration properties are used in the AWS::S3::Bucket resource

Open ifeach opened this issue 3 years ago • 2 comments
trafficstars

Name of the resource

AWS::S3::Bucket

Resource Name

No response

Issue Description

CloudFormation falsely reports drift when a bucket is created with ObjectOwnership property. The actual property of the bucket shows the ObjectOwnership property set but CFN drift does not reflect this thereby causing a false positive.

A similar behavior can be seen when a bucket is created with the ReplicationConfiguration V2 (includes "Priority" and "Filter" and "DeleteMarkerReplication" parameters). CloudFormation shows a false positive as it returns the actual properties of the bucket missing some of the S3 bucket properties such as the Filters, DeleteMarkerReplication and Priority. Because of this the stack shows a drift as though these properties have been removed.

Expected Behavior

Accurately return the actual resource properties so that it matches the stack template

Observed Behavior

Inaccurate drift result

Test Cases

Create an S3 bucket with either the ReplicationConfiguration or ObjectOwnership properties or both and after stack creation, run a drift check, CFN returns a false positive

Other Details

No response

ifeach avatar Mar 11 '22 23:03 ifeach