Invalid PhysicalResourceId when creating AccessKeys
Closed this issue · 3 comments
For some reason I am not able to use this to create access keys. I think I am following the documentation but I always end up getting the error 'Invalid PhysicalResourceId' when trying to create the keys. I have used the RSAKey, KeyPair and Secrets just fine so I believe the custom resource has been deployed properly.
Here is the relevant section from my cfn template:
JenkinsAccessKeys:
Type: Custom::AccessKey
DependsOn: CFNSecretProvider
Properties:
Description: 'jenkins-deployer user credential'
UserName: 'jenkins-deployer'
ParameterPath: 'jenkins.access.keys'
Serial: 0
Status: Active
ReturnSecret: true
ReturnPassword: true
NoEcho: true
ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:binxio-cfn-secret-provider'
Any advice here?
Hi @jksnetwork, your ParameterPath should start with a /. I have released 0.12.1 with (hopefully) a better error message.
PS: I would recommend running Jenkins on an ec2 instance with an appropriate IAM instance profile so that you do not have to use hardcoded/everlasting AWS keys..
Thanks. That did the trick. Also a valid point about the instance profiles. Its a bit tricky with that as the jenkins server is in one account and the CFN stacks are all being created in separate accounts. I will automate the this using cross-account roles or stack sets at some point but haven't gotten there yet.