AWS CDK Creating RAM Resource Share with Python CfnResourceShare results in Template format error: JSON not well-formed

Question

We run a CodePipline synthesizing python CDK Code version 1.91.0 to Cloudformation templates and executing them.

Currently I am trying to setup a Transit Gateway and sharing it with the organization and some account. Creating the basic share is no problem but as soon as I add a resource_arn of a transit gateway (note I am doing it statically for test purposes), the Cloudformation Template validation fails claiming that the synthesized Json Template is not well formed. at the before last } I validated the comlete json template with pure Json validator, the cloud formation builder and the CLI aws cloudformation validator and it is absolutely fine.

So I might be running into an edge case here or doing something fundamentelly wrong with the Transit Gateway Arn.

from aws_cdk import (
    aws_ram as ram,
)
ram.CfnResourceShare(
            self,
            id="TransitGWRessourceShare",
            name="TransitGWRessourceShare",
            allow_external_principals=False,
            principals=[
                "arn:aws:organizations::1234567890:ou/o-123456asdf/ou-123-asbasdf",
                "1234567890",
            ],
            resource_arns=[
                "arn:aws:ec2:eu-central-1:​​1234567890:transit-gateway/tgw-XXXX",
            ],
        )

After a lot of trial an error I found at that the resource arn is causing the problem and with a cat of the synthesized json template, i was able to reveal that some mysterious dots ·· are added while synthesizing

Cat output of Codepipline Step

 "TransitGW": {
      "Type": "AWS::EC2::TransitGateway",
      "Properties": {
        "AmazonSideAsn": XXXX,
        "AutoAcceptSharedAttachments": "enable",
        "DefaultRouteTableAssociation": "disable",
        "DefaultRouteTablePropagation": "disable",
        "DnsSupport": "enable",
        "MulticastSupport": "disable",
        ],
        "VpnEcmpSupport": "enable"
      },
    },
    "TransitGWRessourceShare": {
      "Type": "AWS::RAM::ResourceShare",
      "Properties": {
        "Name": "TransitGWRessourceShare",
        "AllowExternalPrincipals": false,
        "Principals": [
          "arn:aws:organizations::123456789:ou/o-xxxx/ou-xxxx-xxxx",
          "123456789"
        ],
        "ResourceArns": [
          "arn:aws:ec2:eu-central-1:··1234567890:transit-gateway/tgw-XXXX"
        ]
      },
      "Metadata": {
        "aws:cdk:path": "automation-cicd/dev/InfraBase/TransitGWRessourceShare"
      }
    },

Any help appreciated

Answer 1

Since it might help somebody in the future - I will out myself ;)

I found out that I had due to copy of the arn had some Zero-width space characters in the line of the transit gateway arn.

https://en.wikipedia.org/wiki/Zero-width_space

I never encountered it before it is invisible in a lot of editors, i was able to see it in vi.

"arn:aws:ec2:eu-central-1:<200b><200b>1234567890:transit-gateway/tgw-XXXX"

Which results into a synthetisized template

 "arn:aws:ec2:eu-central-1:··1234567890:transit-gateway/tgw-XXXX"