resource/aws_cloudwatch_event_permission: arn: invalid prefix Error

[bflad]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform CLI v0.12.29

Terraform AWS Provider main branch

Affected Resource(s)

• aws_cloudwatch_event_permission

Terraform Configuration Files

resource "aws_cloudwatch_event_permission" "test" {
  principal    = "111111111111"
  statement_id = "tf-acc-test-8464970479615465340"
}

Debug Output

-----------------------------------------------------
2020/11/19 11:05:57 [DEBUG] [aws-sdk-go] DEBUG: Response events/DescribeEventBus Details:
...
2020/11/19 11:05:57 [DEBUG] [aws-sdk-go] {"Arn":"arn:aws:events:us-west-2:--OMITTED--:event-bus/tf-acc-test-bus-4411535373795943779","Name":"tf-acc-test-bus-4411535373795943779","Policy":"{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"tf-acc-test-8464970479615465340\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"111111111111\"},\"Action\":\"events:PutEvents\",\"Resource\":\"arn:aws:events:us-west-2:--OMITTED--:event-bus/tf-acc-test-bus-4411535373795943779\"}]}"}
2020/11/19 11:05:57 [DEBUG] Finding statement (tf-acc-test-8464970479615465340) in CloudWatch Events permission policy: {
  Version: "2012-10-17",
  ID: "",
  Statements: [{
      Sid: "tf-acc-test-8464970479615465340",
      Effect: "Allow",
      Action: "events:PutEvents",
      Principal: map[AWS:111111111111],
      Resource: "arn:aws:events:us-west-2:--OMITTED--:event-bus/tf-acc-test-bus-4411535373795943779"
    }]
}
2020/11/19 11:05:57 [WARN] Got error running Terraform: 2020/11/19 11:05:55 [DEBUG] Using modified User-Agent: Terraform/0.12.29 HashiCorp-terraform-exec/0.10.0

Error: error reading CloudWatch Events permission (tf-acc-test-bus-4411535373795943779/tf-acc-test-8464970479615465340): arn: invalid prefix

Expected Behavior

Terraform resources reads policy without error.

Actual Behavior

Starting earlier this week, the EventBridge API is returning the policy principal with just an account ID, rather than the root account ARN as has done for the last 3 years. This generates an error in our read logic for the resource, since it is assuming that it will receive an ARN:

Error: error reading CloudWatch Events permission (tf-acc-test-bus-4411535373795943779/tf-acc-test-8464970479615465340): arn: invalid prefix

In addition to supporting both field values in the read logic, the error message there should be clarified to denote what principal value is trying to parse as an ARN.

Steps to Reproduce

1. TF_ACC=1 go test -parallel=20 -run='TestAccAWSCloudWatchEventPermission_' -timeout=4h -v

References

• EventBridge DescribeEventBus API Reference

[ghost]

This has been released in version 3.18.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!