cloudformation-guard
cloudformation-guard copied to clipboard
aws-cloudformation
Support request
After the release version v2.1.0 of Cfn-guard we are noticing difference in the Json response;
https://raw.githubusercontent.com/aws-cloudformation/cloudformation-guard/main/install-guard.sh
previous version response
b'{"data_from":"s3valid.yml","rules_from":"backup.guard","not_compliant":{},"not_applicable":["Backup_BackupVault_AccessPolicy"],"compliant":[]}
Latest Version response (v2.1.0)
CFN\n{\n "name": "",\n "metadata": {},\n "status": "SKIP",\n "not_compliant": [],\n "not_applicable": [\n "CodeArtifact_Domain_PermissionsPolicyDocument",\n "CodeArtifact_Repository_PermissionsPolicyDocument"\n ],\n "compliant": []\n}
As we can see difference in the json element ( data_from,rules_from are missing in the latest version) and json format from the above two responses. It would be helpful if you provide the API documentation or the sample JSON response in case of any not_compliant exist in the template and if it doesn't exist.
Hi @skumarm0205,
Can you please provide more details regarding the issue you are facing. The API you provided is hosted by Cloud One Conformity by Trend Micro; therefore, I don't see how this correlates to cfn-guard.
Hi @razcloud ,
Apologize for the wrong API end point. Other than that As I have mentioned above the response structure for the cfn-guard validation had been changed after the recent release for eg: data_from, rules_from element are missing in the response. So,if we get the documentation along with sample responses for not_compliant scenario as well as normal scenario.
Hi @razcloudhttps://github.com/razcloud ,
I have updated the end point details with subprocess command used for cfn-guard validation in the support ticket;
There is a difference in the response structure between the cfn-guard releases (2.0.4 and Latest version )
Version 2.0.4 Release:
b'{"data_from":"s3valid.yml","rules_from":"backup.guard","not_compliant":{},"not_applicable":["Backup_BackupVault_AccessPolicy"],"compliant":[]}
Recent Release:
CFN\n{\n "name": "",\n "metadata": {},\n "status": "SKIP",\n "not_compliant": [],\n "not_applicable": [\n "CodeArtifact_Domain_PermissionsPolicyDocument",\n "CodeArtifact_Repository_PermissionsPolicyDocument"\n ],\n "compliant": []\n}
As you can see in the above response the highlighted elements in version 2.0.4 are missing in the recent release.
So we need a sample response from cfn-guard in case of if there are any not_complaint exist in the provided template as well as the successful response for complaint template.
Thanks, Sathish
From: razcloud @.> Sent: 25 July 2022 07:48 To: aws-cloudformation/cloudformation-guard @.> Cc: Sathish Kumar Malaichamy, (External) @.>; Mention @.> Subject: Re: [aws-cloudformation/cloudformation-guard] Support request (Issue #260)
ALERT: This email originated outside TPG Telecom’s network. If you do not recognise the sender or did not expect this email then please do not open any attachments or click any links.
Can you please provide more details regarding the issue you are facing. The API you provided is hosted by Cloud One Conformity by Trend Micro; therefore, I don't see how this correlates to cfn-guard.
— Reply to this email directly, view it on GitHubhttps://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Faws-cloudformation%2Fcloudformation-guard%2Fissues%2F260%23issuecomment-1193481873&data=05%7C01%7CSathishKumar.Malaichamy%40vodafone.com.au%7C7559df48cb854674460508da6de40023%7Cfea0285207b74096b653e04de6e2466c%7C1%7C0%7C637943123268203101%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=vbRmgnyH2BsjIIsPFBGKMFFnZitgqls3zw7J2DTue7k%3D&reserved=0, or unsubscribehttps://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAYU7AJN4TKFBBEOST2R4KILVVX2O7ANCNFSM54P5FNYQ&data=05%7C01%7CSathishKumar.Malaichamy%40vodafone.com.au%7C7559df48cb854674460508da6de40023%7Cfea0285207b74096b653e04de6e2466c%7C1%7C0%7C637943123268203101%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=LVmbXzcaycQjDX1T%2Bp3VQco1SyM9KnrUL0WZCptZ%2BL0%3D&reserved=0. You are receiving this because you were mentioned.Message ID: @.***>
Hi @skumarm0205
Need more details to reproduce the error at our end. Are you trying to run validation in a Lambda?
If yes, we have recently pushed a code change (#262) that may have already fixed this issue. Can you recheck?
If the issue still persists, we need the following information from you: the payload i.e data and rules that you are using, the command you are running (verbatim along with all the options and flags) and details regarding the environment you are running Guard in.
Thanks, Akshay
@skumarm0205
We are going to close this ticket at this point in time. If you have additional details, please feel free to re-open.
Thanks.