I am trying to set up the Inventory configuration for an S3 bucket with CloudFormation. I want to get daily inventories of data in one subfolder, and have the inventories written to a different subfolder in the same bucket. I have defined the bucket as follows:

S3Bucket:
  Type: AWS::S3::Bucket
  Properties:
    # ...other properties...
    InventoryConfigurations:
    - Id: runs
      Enabled: true
      Destination:
        BucketAccountId: !Ref AWS::AccountId
        BucketArn: !GetAtt S3Bucket.Arn
        Format: CSV
        Prefix: inventory/runs/
      IncludedObjectVersions: Current
      OptionalFields: [ETag, Size, BucketKeyStatus]
      Prefix: runs/
      ScheduleFrequency: Daily

Unfortunately, the !GetAtt S3Bucket.Arn line seems to be failing, causing an error message like "Error: Failed to create changeset for the stack: , ex: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state: For expression "Status" we matched expected path: "FAILED" Status: FAILED. Reason: Circular dependency between resource". If I use the actual ARN of the bucket in place of !GetAtt S3Bucket.Arn (it already exists from a previous version of the stack), then the deploy succeeds, so I know buckets can write Inventories to themselves.

So I guess my question is, is there a way to let Cfn resources call !GetAtt on themselves, so I don't have to hard-code the bucket ARN in InventoryConfigurations? Thanks in advance!

CodePudding user response：

Can AWS CloudFormation resources call !GetAtt on themselves?

Unfortunately no, as the !GetAtt is used to reference other resources in the stack as you've experienced.

However, in your case, considering you know the bucket name, you could just construct the bucket ARN yourself directly.

Format:

arn:aws:s3:::bucket_name

e.g. if the name is test, you can use arn:aws:s3:::test

Destination:
    BucketAccountId: !Ref AWS::AccountId
    BucketArn: 'arn:aws:s3:::test'