aws-control-tower-customizations icon indicating copy to clipboard operation
aws-control-tower-customizations copied to clipboard

Published 20 hours ago verified publisher icon aws-solutions

New CloudFormation features fail to deploy because cfn_nag is not longer maintained

Open word opened this issue 1 year ago • 1 comments
trafficstars

Describe the bug

cfn_nag is no longer maintained (last update over two years ago) and is missing support for recent CloudFormation features such as Fn::ForEach:

  • https://github.com/stelligent/cfn_nag/issues/621

It's not possible to work around this using the usual rule suppression mechanisms because cfn_nag itself is failing.

I would propose either removing cfn_nag or adding a parameter to disable it in the CfCT CloudFormation template.

To Reproduce Use CloudFormation features released in the last two years such as Fn::ForEach

Expected behavior CfCT should support all modern CloudFormation features.

Please complete the following information about the solution:

  • [x] Version: 2.7.1
  • [x] Region: all
  • [x] Was the solution modified from the version published on this repository? No

Additional context

Related issue: https://github.com/aws-solutions/aws-control-tower-customizations/issues/119

word avatar Jun 24 '24 16:06 word

Another related issue: https://github.com/aws-solutions/aws-control-tower-customizations/issues/115

word avatar Jun 24 '24 16:06 word

Can anything be done about this? I'd really like to be able to use Fn::ForEach for things like Identity Center assignments and anything else that now makes me create 100kB+ templates.

Cihl28 avatar Apr 25 '25 06:04 Cihl28