cfn-lint icon indicating copy to clipboard operation
cfn-lint copied to clipboard

Published 20 hours ago verified publisher icon aws-cloudformation

E3005/W1001 reported, although the concern is addressed with the Rules/Assertions

Open tekdj7 opened this issue 4 years ago • 3 comments

cfn-lint version: (cfn-lint --version) 0.44.6 (also already ran, cfn-lint -u)

Description of issue. Using the AWS Quick Start aws-vpc.template, cfn-lint is reporting several E3005 & W1001 issues, even though the concern is addressed with the Rules/Assertions in the template. Below is a sample of some of the errors:

  • [cfn-lint] E3005: DependsOn VPCGatewayAttachment may not exist when condition when condition "NATGatewaysCondition" is True and when condition "PublicSubnetsCondition" is False at Resources/NAT1EIP/DependsOn
  • [cfn-lint] W1001: Ref to resource "PrivateSubnet1ARouteTable" that may not be available when condition "NATGatewaysCondition" is True and when condition "PrivateSubnetsCondition" is False at Resources/PrivateSubnet1ARoute/Properties/RouteTableId/Ref

tekdj7 avatar Feb 02 '21 22:02 tekdj7

For now you may want to look at resource based exceptions or template exceptions for this. This change is going to take some work and testing. Right now we resolve condition relationships based on parameter values. Adding in rule logic will take us a little time to resolve.

kddejong avatar Feb 02 '21 22:02 kddejong

wher is the PrivateSubnetsCondition? I dont see it on the internet or any AWS document. Thanks

awsstudygroup2021 avatar Jul 31 '21 07:07 awsstudygroup2021

@awsstudygroup2021

It's not any universal CloudFormation thing. It's a named Condition from the template referenced in the original post:

Conditions:
  PrivateSubnetsCondition: !Equals [!Ref 'CreatePrivateSubnets', 'true']

chrisoverzero avatar Jul 31 '21 16:07 chrisoverzero