Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS::AutoScaling::AutoScalingGroup !GetAtt Arn #548

Closed
dsapab opened this issue Jul 3, 2020 · 6 comments
Closed

AWS::AutoScaling::AutoScalingGroup !GetAtt Arn #548

dsapab opened this issue Jul 3, 2020 · 6 comments

Comments

@dsapab
Copy link

dsapab commented Jul 3, 2020
edited
Loading

1. Scope of request

The return values for the Auto Scaling group resource today only support Ref, which returns the Auto Scaling Group Name.

2. Expected behaviour

Be able to retrieve the Auto Scaling ARN without having to deal with Custom Resources logic.

3. Any additional context (optional)

This is an important limitation when the ARN property is required. A clear example is while working with AWS::ECS::CapacityProvider resources. The arn is required and there is no way to directly obtain if from an Auto Scaling Resource. This prevents creating an Auto Scaling Group and the associated capacity provider within the same Stack.

This issue may be also relevant
@dsapab
Copy link
Author

dsapab commented Jul 3, 2020
edited
Loading

I just found AWS team is currently working on the ability to reference the Auto Scaling Group by name, as can be seen here. Closing this for now, as the main goal for this request is being able to use the ASG with Capacity Providers.

@dsapab dsapab closed this as completed Jul 3, 2020
@fitzoh
Copy link

fitzoh commented Aug 21, 2020

This would still be useful, for instance for referencing in an IAM policy

@guss77
Copy link

guss77 commented Oct 16, 2020

I would also like to see this implemented so we can write IAM policies that limit access to a specific autoscaling group - otherwise, there is no way to target a specific group (as far as I can tell there is no way to get the UUID part of the group ARN and IAM won't take a * there).

@guss77
Copy link

guss77 commented Oct 16, 2020

Correction - Targetting specific autoscaling groups by their "friendly name" can work if we use wildcards in place of the region and account id (instead of just leaving these empty - like we do with other resources such as S3 objects). To this does work: !Sub arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/${LogicalGroupName}

@yob yob mentioned this issue Oct 22, 2020
Merged
@javabrett
Copy link

Is there a way to ask for this request to be reopened, or should another issue be opened linking to this?

Comment from @fitzoh

This would still be useful, for instance for referencing in an IAM policy

... is spot-on. In order to narrowly and precisely refer to the ASG in a policy, why would we want to force it to be referred to by the group name and have to manually construct a resource path from that (as kindly offered by @guss77 ).

Not having access to the ASG Arn is a bug.

@ohshazbot
Copy link

#1175 seems to be tracking this now

@ohshazbot ohshazbot mentioned this issue Jul 28, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ohshazbot @fitzoh @guss77 @javabrett @dsapab