Limit of 10 on input_paths in "aws_cloudwatch_event_target" is incorrect

[kevindixon]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v0.15.3
provider registry.terraform.io/hashicorp/aws v3.39.0

Affected Resource(s)

• aws_cloudwatch_event_target

Terraform Configuration Files

resource "aws_cloudwatch_event_target" "guardduty_cloudwatch_event_target" {
  provider  = "aws.guardduty_dynamic_region"
  count     = var.is_master == true ? 1 : 0
  rule      = aws_cloudwatch_event_rule.guardduty_cloudwatch_event_rule.0.name
  target_id = "guardduty-sns-topic"
  arn       = aws_cloudformation_stack.guardduty_sns_topic.0.outputs["ARN"]
  input_transformer {
    input_paths = {
      "account" : "$.account",
      "severity" : "$.detail.severity",
      "Finding_ID" : "$.detail.id",
      "instanceId" : "$.detail.resource.instanceDetails.instanceId",
      "port" : "$.detail.service.action.networkConnectionAction.localPortDetails.port",
      "eventFirstSeen" : "$.detail.service.eventFirstSeen",
      "eventLastSeen" : "$.detail.service.eventLastSeen",
      "count" : "$.detail.service.count",
      "Finding_Type" : "$.detail.type",
      "region" : "$.region",
      "Finding_description" : "$.detail.description"
    }

    input_template = "\"You have a severity <severity> GuardDuty finding type <Finding_Type> in the account <account> for the EC2 instance <instanceId> in the region <region> as the <Finding_description>. The first attempt was on <eventFirstSeen> and the most recent attempt on <eventLastSeen> . The total occurrence is <count>. For more details:  https://console.aws.amazon.com/guardduty/home?region=<region>#/findings?search=id%3D<Finding_ID>\""
  }
}

Debug Output

https://gist.github.com/raolivei/402f2da632be426fe93019d68fdbc5ca

Panic Output

None

Expected Behavior

aws_cloudwatch_event_target resource created with 11 items in InputPathsMap.

Actual Behavior

Error: expected number of items in input_transformer.0.input_paths to be less than or equal to 10, got 11

Steps to Reproduce

Add more than 10 input_paths to the resource
terraform apply

Important Factoids

#15653 refers to this documentation: https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_InputTransformer.html#API_InputTransformer_Contents

At the time #15653 was fixed, it did indeed claim a limit of 10. Now, however, the limit is 100.
(I strongly suspect it has always been 100, and someone at AWS missed out a zero....)

References

• Can't apply more than 10 input_paths for "aws_cloudwatch_event_target": Member must have length less than or equal to 10 #10912
• Add validator for aws_cloudwatch_event_target input_transformer.input_paths maximum size #15653

[anGie44]

Hi @kevindixon , thank you for raising this issue. You're in luck because a very similar issue was raised this week #19698 😉 The fix has been merged and will be released later today, so please lookout for v3.45.0 of the AWS provider and reach out if you encounter any issues !

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.