cloudformation-coverage-roadmap icon indicating copy to clipboard operation
cloudformation-coverage-roadmap copied to clipboard

Published 20 hours ago verified publisher icon aws-cloudformation

AWS::AutoScaling::AutoScalingGroup - Return full ARN or GroupId

Open driverpt opened this issue 3 years ago • 2 comments

Name of the resource

AWS::AutoScaling::AutoScalingGroup

Resource name

AWS::AutoScaling::AutoScalingGroup

Description

We are trying to create a Lambda to trigger an instance refresh on an Autoscaling Group.

When creating the Lambda IAM Permissions we noticed that AWS::AutoScaling::AutoScalingGroup does not export full ARN nor GroupId as required for autoscaling:StartInstanceRefresh

ARN Required by autoscaling:StartInstanceRefresh

arn:${Partition}:autoscaling:${Region}:${Account}:autoScalingGroup:${GroupId}:autoScalingGroupName/${GroupFriendlyName}

Ref from AWS::AutoScaling::AutoScalingGroup is Friendly Name.

So currently as workaround we add a * to GroupId, but does not conform against AWS Security Best Practices, namely the Least Privilege Principle.

Is it possible to make AWS::AutoScaling::AutoScalingGroup return the Full ARN or GroupId on CloudFormation?

Thanks

Other Details

No response

driverpt avatar May 19 '22 09:05 driverpt