Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
bug: CdkNagValidationFailure when adding interface endpoints
See original GitHub issueWhat is the problem?
I get a CdkNagValidationFailure for all interfaceEndpoints added to a VPC:
Reproduction Steps
Using CDK Nag and adding an interface endpoint to a VPC eg:
vpc.addInterfaceEndpoint('KMS', { service: ec2.InterfaceVpcEndpointAwsService.KMS, });
What did you expect to happen?
Not getting a CdkNagValidationFailure but at worst a AwsSolutions-EC23 warning (cdk creates wildcard security groups for interfaceEndpoints)
What actually happened?
When adding CDK Nag to a stack with interface endpoints following entry is contained in the warnings:
CdkNagValidationFailure: 'AwsSolutions-EC23' threw an error during validation. This is generally caused by a parameter referencing an intrinsic function. For more details enable verbose logging.' The parameter resolved to to a non-primitive value "{"Fn::GetAtt":["VPCB9E5F0B4","CidrBlock"]}", therefore the rule could not be validated.
cdk-nag version
1.12.38
Language
Typescript
Other information
The stack uses cdk 1.153.1
Issue Analytics
- State:
- Created a year ago
- Comments:10
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@dontirun I totally get why the system cannot resolve intrinsic functions but on the other hand the concrete rule could understand
GetAtt CidrBlockand know that the CIDR range of a VPC is not/0What do you think?
@dontirun Just clearer instructions on what is available to be used as an ID, my understanding is it was only the id of the rule.