Comments (3)
Digging into this deeper with the cloudcontrol API
Create resource with CC API
aws cloudcontrol create-resource \
--region us-east-1 \
--type-name "AWS::SecurityHub::FindingAggregator" \
--desired-state '{"RegionLinkingMode":"ALL_REGIONS_EXCEPT_SPECIFIED","Regions":["ap-southeast-1","ap-southeast-2","ap-southeast-3","ap-southeast-4"]}'
{
"ProgressEvent": {
"TypeName": "AWS::SecurityHub::FindingAggregator",
"RequestToken": "9df3b4bb-c886-4533-9f31-fcde5eff6ae8",
"Operation": "CREATE",
"OperationStatus": "IN_PROGRESS",
"EventTime": "2024-07-22T16:05:36.300000-04:00"
}
}
Get resource call
aws cloudcontrol get-resource --type-name AWS::SecurityHub::FindingAggregator --identifier "arn:aws:securityhub:us-east-1:############:finding-aggregator/7cc86e06-5666-6589-402c-ea91d370d796"
{
"TypeName": "AWS::SecurityHub::FindingAggregator",
"ResourceDescription": {
"Identifier": "arn:aws:securityhub:us-east-1:############:finding-aggregator/7cc86e06-5666-6589-402c-ea91d370d796",
"Properties": "{\"RegionLinkingMode\":\"ALL_REGIONS_EXCEPT_SPECIFIED\",\"FindingAggregationRegion\":\"us-east-1\",\"FindingAggregatorArn\":\"arn:aws:securityhub:us-east-1:############:finding-aggregator/7cc86e06-5666-6589-402c-ea91d370d796\",\"Regions\":[\"ap-southeast-1\",\"ap-southeast-2\",\"ap-southeast-3\",\"ap-southeast-4\"]}"
}
}
Update resource with the patch document
aws cloudcontrol update-resource --type-name "AWS::SecurityHub::FindingAggregator" \
--identifier "arn:aws:securityhub:us-east-1:############:finding-aggregator/7cc86e06-5666-6589-402c-ea91d370d796" \
--patch-document "[{\"op\":\"replace\",\"path\":\"/RegionLinkingMode\",\"value\":\"ALL_REGIONS\"}]"
{
"ProgressEvent": {
"TypeName": "AWS::SecurityHub::FindingAggregator",
"Identifier": "arn:aws:securityhub:us-east-1:############:finding-aggregator/7cc86e06-5666-6589-402c-ea91d370d796",
"RequestToken": "f77cf32a-c6e8-4f74-8f94-266532656d90",
"Operation": "UPDATE",
"OperationStatus": "IN_PROGRESS",
"EventTime": "2024-07-22T16:09:47.740000-04:00",
"ResourceModel": "{\"RegionLinkingMode\":\"ALL_REGIONS\",\"FindingAggregatorArn\":\"arn:aws:securityhub:us-east-1:############:finding-aggregator/7cc86e06-5666-6589-402c-ea91d370d796\",\"Regions\":[\"ap-southeast-1\",\"ap-southeast-2\",\"ap-southeast-3\",\"ap-southeast-4\"]}"
}
}
Status of the request
aws cloudcontrol get-resource-request-status --request-token "f77cf32a-c6e8-4f74-8f94-266532656d90"
{
"ProgressEvent": {
"TypeName": "AWS::SecurityHub::FindingAggregator",
"Identifier": "arn:aws:securityhub:us-east-1:############:finding-aggregator/7cc86e06-5666-6589-402c-ea91d370d796",
"RequestToken": "f77cf32a-c6e8-4f74-8f94-266532656d90",
"Operation": "UPDATE",
"OperationStatus": "FAILED",
"EventTime": "2024-07-22T16:09:48.240000-04:00",
"StatusMessage": "Regions cannot be passed as input if RegionLinkingMode is set to 'ALL_REGIONS' or 'NO_REGIONS'. (Service: AWSSecurityHub; Status Code: 400; Error Code: InvalidInputException; Request ID: e22a59a0-c17b-47a9-8d86-395604b93ef9; Proxy: null)",
"ErrorCode": "InvalidRequest"
}
}
from terraform-provider-awscc.
Opened an internal ticket to Cloud Control API to review if the patch document is expecting the empty regions list for updating RegionLinkingMode.
from terraform-provider-awscc.
- Working patch document in this scenario
aws cloudcontrol update-resource --type-name "AWS::SecurityHub::FindingAggregator" \
--identifier "arn:aws:securityhub:us-east-1:############:finding-aggregator/7cc86e06-5666-6589-402c-ea91d370d796" \
--patch-document "[{\"op\":\"replace\",\"path\":\"/RegionLinkingMode\",\"value\":\"ALL_REGIONS\"},{\"op\":\"remove\",\"path\":\"Regions\"}]"
{
"ProgressEvent": {
"TypeName": "AWS::SecurityHub::FindingAggregator",
"Identifier": "arn:aws:securityhub:us-east-1:############:finding-aggregator/7cc86e06-5666-6589-402c-ea91d370d796",
"RequestToken": "cbdd01c6-dbf5-4507-bf3d-7e4eed2a6648",
"Operation": "UPDATE",
"OperationStatus": "IN_PROGRESS",
"EventTime": "2024-07-22T16:53:42.198000-04:00",
"ResourceModel": "{\"RegionLinkingMode\":\"ALL_REGIONS\",\"FindingAggregatorArn\":\"arn:aws:securityhub:us-east-1:############:finding-aggregator/7cc86e06-5666-6589-402c-ea91d370d796\"}"
}
}
aws cloudcontrol get-resource-request-status --request-token "cbdd01c6-dbf5-4507-bf3d-7e4eed2a6648"
{
"ProgressEvent": {
"TypeName": "AWS::SecurityHub::FindingAggregator",
"Identifier": "arn:aws:securityhub:us-east-1:############:finding-aggregator/7cc86e06-5666-6589-402c-ea91d370d796",
"RequestToken": "cbdd01c6-dbf5-4507-bf3d-7e4eed2a6648",
"Operation": "UPDATE",
"OperationStatus": "SUCCESS",
"EventTime": "2024-07-22T16:53:42.794000-04:00"
}
}
from terraform-provider-awscc.
Related Issues (20)
- awscc_billingconductor_custom_line_item: End billing period not recognized HOT 6
- awscc_lightsail_disk: subsequent applies without change leads to plan/apply stuck on modification HOT 2
- The terraform-provider-awscc_v1.4.0_x5.exe plugin crashed! HOT 3
- DataZone environment stays in DELETED state and cannot be recreated
- awscc_datazone_environment resource attempting to add null description and glossary_terms when undefined HOT 5
- awscc_cleanrooms_configured_table_association import fails at validation stage
- Upgrading awscc provider to anything more than 1.0.0 creates a new change in awscc_chatbot_slack_channel_configuration and times out on apply HOT 2
- awscc_rds_db_cluster: monitoring interval default value in schema prevents deployment HOT 4
- Build with Go 1.22.5
- awscc_datasync_location_s3: tag update fails deployment
- awscc_iam_role : drift with no changes when policy document is aws datasource HOT 2
- Delete operation on awscc_ec2_transit_gateway fails with generalserviceexception
- awscc_cleanrooms_collaboration: drift detected between subsequent terraform applies HOT 1
- awscc_cleanrooms_membership: optional result configuration is marked required HOT 3
- awscc_bedrock_guardrail PROMPT ATTACK content filter strength for response must be NONE HOT 1
- awscc_connect_instance support for admin user HOT 1
- Resource Suppression: `awscc_bedrock_flow`
- awscc_mediaconnect_flow_source: Provider returned invalid result object after apply HOT 3
- awscc_robomaker_fleet/awscc_robomaker_robot : deprecated in favor of IoT GreenGrass resources
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-awscc.