cloudformation-resource-schema icon indicating copy to clipboard operation
cloudformation-resource-schema copied to clipboard

Published 20 hours ago verified publisher icon aws-cloudformation

Inconsistent pattern for AWS::Backup::BackupSelection BackupSelection.SelectionName property in eu-central-1

Open calebplum opened this issue 4 years ago • 3 comments

Hi,

I noticed the pattern requirement for the BackupSelection.SelectionName property of the AWS::Backup::BackupSelection resource in eu-central-1 is different to other regions.

The schema definitions for this property are as follows:

eu-central-1

"SelectionName" : {
  "type" : "string",
  "pattern" : "^[a-zA-Z0-9\\-\\_\\.]{1,50}$"
}

us-west-1

"SelectionName" : {
  "type" : "string"
}

ap-southeast-2

"SelectionName" : {
  "type" : "string"
}

Other regions appear to be consistent with us-west-1 and ap-southeast-2, having no pattern requirement.

The impact of this is that we cannot deploy BackupSelection resources in eu-central-1 with the same SelectionName as those in other regions. I think the schema in eu-central-1 must have been changed recently because we still have stacks deployed there which violate the pattern, we're unable to update those stacks without modifying the SelectionName.

calebplum avatar Mar 11 '21 03:03 calebplum

@calebplum Currently backup service is using that pattern for selection name https://docs.aws.amazon.com/aws-backup/latest/devguide/API_BackupSelection.html . Could you please provide the SelectionName used for updating. Could you please provide the backup plan arn, stack arn as well. Based on the details provided we will look into it and get back

pavbollu avatar Mar 11 '21 20:03 pavbollu

The resource schema for eu-central-1 has been updated and no longer contains the pattern requirement.

calebplum avatar Mar 16 '21 04:03 calebplum

I believe the documentation at https://docs.aws.amazon.com/aws-backup/latest/devguide/API_BackupSelection.html is incorrect because Cloudformation will successfully create a AWS::Backup::BackupSelection resource with a whitespace character in the SelectionName field, which violates its regex pattern according to the documentation.

For example, this template will deploy without issues:

AWSTemplateFormatVersion: '2010-09-09'
Resources:

  IamRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - backup.amazonaws.com
            Action:
              - 'sts:AssumeRole'
      ManagedPolicyArns: 
        - arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup

  BackupVault:
    Type: AWS::Backup::BackupVault
    Properties:
      BackupVaultName: test-vault

  BackupPlan:
    Type: AWS::Backup::BackupPlan
    Properties:
      BackupPlan:
        BackupPlanName: test-plan
        BackupPlanRule:
          - RuleName: test-plan-rule
            TargetBackupVault: !Ref BackupVault

  BackupSelection:
    Type: AWS::Backup::BackupSelection
    Properties:
      BackupPlanId: !GetAtt BackupPlan.BackupPlanId
      BackupSelection:
        IamRoleArn: !GetAtt IamRole.Arn
        SelectionName: 'Test Selection'
        ListOfTags:
          - ConditionKey: test-key
            ConditionType: STRINGEQUALS
            ConditionValue: test-value

calebplum avatar Mar 16 '21 05:03 calebplum