-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
servicecatalog.PrincipalARN contains principal's unique ID, not ARN #3920
Comments
Hi @YakDriver , I've tested associating the arn through the SDK and through CLI, and tested the list Principal api call on both as well, both giving the correct and expected behavior of printing the correct arn value. |
The issue may be with newly created roles. If you create a role in code, and the code immediatley associates the role with a portfolio, and then immediately attempts to list the principals for the Portfolio, a unique ID comes back. With longer delays between these steps, the IAM service seems to catch up and ARNs are returned. |
I have been able to workaround this by retrying |
oh... there is no real pragmatic way to determine how long the role will take to propagate within the region. It should just take a few seconds, but honestly your workaround of retrying is as good as anything I can think of. |
Sounds good. I've learned something and hopefully future travelers can find a solution here if they see the issue. |
|
Confirm by changing [ ] to [x] below to ensure that it's a bug:
Describe the bug
The API returns an IAM principal unique ID rather than an ARN in a field called
PrincipalARN
.Version of AWS SDK for Go?
v1.38.43
Version of Go (
go version
)?v1.16.3
To Reproduce (observed behavior)
Steps to reproduce the behavior (please share code or minimal repo)
(You'll need a pre-existing Service Catalog portfolio with an associated IAM principal.)
Expected behavior
This should output something like:
This is NOT an ARN: arn:aws:iam::123456789012:user/Eleanor
Additional context
The input for the association (AssociatePrincipalWithPortfolioInput.PrincipalARN) requires an actual ARN and will give the following error if you attempt to pass a unique ID in.
The text was updated successfully, but these errors were encountered: