Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KmsKeyId not valid property for AWS::Logs::LogGroup #1763

Closed
vennemp opened this issue Nov 2, 2020 · 5 comments
Closed

KmsKeyId not valid property for AWS::Logs::LogGroup #1763

vennemp opened this issue Nov 2, 2020 · 5 comments
Labels
spec CloudFormation Specification Bug

Comments

@vennemp
Copy link

vennemp commented Nov 2, 2020
edited
Loading

cfn-lint version: (cfn-lint --version)
0.39.0
Description of issue.

  CloudWatchKMS:
    Type: AWS::KMS::Key
    Properties:
      Enabled: true
      EnableKeyRotation: true
      KeyPolicy:
        Version: '2012-10-17'
        Statement:
          - Sid: Enable IAM User Permissions
            Effect: Allow
            Principal:
              AWS: !Sub arn:${AWS::Partition}:iam::${AWS::AccountId}:root
            Action: kms:*
            Resource: '*'
          - Sid: Allow Cloudwatch Access
            Effect: Allow
            Principal:
              Service: logs.region.amazonaws.com
            Action:
              - kms:Encrypt*
              - kms:Decrypt*
              - kms:ReEncrypt*
              - kms:GenerateDataKey*
              - kms:Describe*
            Resource: '*'
  MessagesLogCWGroup:
    Type: AWS::Logs::LogGroup
    Properties: 
      KmsKeyId: !GetAtt CloudWatchKMS.Arn
      LogGroupName: messages
      RetentionInDays: 30

E3002 Invalid Property Resources/MessagesLogCWGroup/Properties/KmsKeyId
template.yaml:627:7
@PatMyron PatMyron mentioned this issue Nov 3, 2020
Merged
@kddejong
Copy link
Contributor

kddejong commented Nov 3, 2020

You can run cfn-lint --update-specs to get the update now or we will have the next release out this week.

@vennemp
Copy link
Author

vennemp commented Nov 3, 2020

ok so i would run:

cfn-lint --template template.yaml --regions us-gov-west-1 --update-specs

@kddejong
Copy link
Contributor

kddejong commented Nov 3, 2020

Just run cfn-lint --update-specs and then run cfn-lint --template template.yaml --regions us-gov-west-1

@PatMyron PatMyron closed this as completed Nov 4, 2020
@PatMyron PatMyron added the spec CloudFormation Specification Bug label Nov 4, 2020
@PatMyron
Copy link
Contributor

PatMyron commented Nov 4, 2020
edited
Loading

don't think AWS::Logs::LogGroup.KmsKeyId has been published to the us-gov-west-1 Resource Specification yet

so another case of Resource Specifications lagging recent releases, but should be present in the us-east-1 default now

@vennemp
Copy link
Author

vennemp commented Nov 4, 2020

Thank you. I appreciate you following up.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
spec CloudFormation Specification Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@PatMyron @vennemp @kddejong