cfn-lint icon indicating copy to clipboard operation
cfn-lint copied to clipboard
verified publisher icon aws-cloudformation

Support for Amazon Bedrock APIs Linting

Open omenking opened this issue 1 year ago • 2 comments

Is this feature request related to a new rule or cfn-lint capabilities?

New capability

Describe the feature you'd like to request

When working with Amazon Bedrock API resources in CFN I would like CFN-Lint to be properly updated.

Screenshot 2024-10-10 at 8 17 37 AM

Describe the solution you'd like

When attempting to deploy an agent CFN-Lint is throwing errors even though cross-referencing CFN says my documentation is correct and when I deploy my CFN it works.

Additional context

No response

Is this something that you'd be interested in working on?

  • [ ] 👋 I may be able to implement this feature request

Would this feature include a breaking change?

  • [ ] ⚠️ This feature might incur a breaking change

omenking avatar Oct 10 '24 12:10 omenking

Okay so this is really odd. I'm trying to write CFN for Amazon Bedrock Agent. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-bedrock-agent-apischema.html

The API shows that this is the structure for SchemaAPI

{
  "Payload" : String,
  "S3" : S3Identifier
}

And so in my code I follow that structure:

      ActionGroups:
        # https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-bedrock-agent-agentactiongroup.html
        - ActionGroupName: 'LambdaActionGroup'
          Description: 'Action group for Lambda integration'
          ApiSchema:
            Payload: yaml
            S3: !Sub 's3://${PromptBucket}/api-schema.yaml'
          ActionGroupExecutor:
            CustomControl: RETURN_CONTROL
            LambdaArn: !GetAtt LambdaFunction.Arn

However.... CFN Lint is telling me nope, thats not right

E3002 Additional properties are not allowed ('Payload' was unexpected)
template.yaml:79:13

And If I attempt to deploy CFN says nope this Payload key doesn't exist

Properties validation failed for resource BedrockAgent with message: #/ActionGroups/0/ApiSchema: #: 0 subschemas matched instead of one #/ActionGroups/0/ApiSchema: extraneous key [Payload] is not permitted 
#/ActionGroups/0/ApiSchema/S3: expected type: JSONObject, found: String #/ActionGroups/0/ApiSchema: extraneous key [S3] is not permitted #/ActionGroups/0/ActionGroupExecutor: #: 0 subschemas matched instead of one #/ActionGroups/0/ActionGroupExecutor: required key [Lambda] not found #/ActionGroups/0/ActionGroupExecutor: extraneous key [LambdaArn] is not permitted #/ActionGroups/0/ActionGroupExecutor: extraneous key [CustomControl] is not permitted #/ActionGroups/0/ActionGroupExecutor: extraneous key [LambdaArn] is not permitted

This is confusing because the docs are telling me the expected structure, so I am not to believe the docs and cfn-lint and cfn is correct?

omenking avatar Oct 10 '24 12:10 omenking

service side validation and cfn-lint use the resource schemas.. These schemas are the source of truth for this. A lot of the docs should be autogenerated from these schemas. You can submit feedback and it will get redirected to the correct team for resolution.

I would trust the schema files (so cfn-lint and validation). Those schemas the payloads to the resource handler code.

kddejong avatar Oct 10 '24 18:10 kddejong