cfn_nag icon indicating copy to clipboard operation
cfn_nag copied to clipboard
verified publisher icon stelligent

LambdaFunctionInsideVPCRule incorrectly failing for SAM template

Open ConorScullion opened this issue 3 years ago • 1 comments

I have a SAM template for a lambda (AWS::Serverless::Lambda) that has a VpcConfig declared, however cfn-nag is highlighting it as a warning with LambdaFunctionInsideVPCRule. If I change the lambda to be a plain cft lambda AWS::Lambda::Function, the warning is removed.

Thinking there may be an issue with mapping the SAM template properties?

Attached the partial template below:

  Lambda:
    Type: AWS::Serverless::Function
    Properties:
      Description: Lambda to consume events
      FunctionName: !Sub ${Environment}-lambdaTopicConsumer
      CodeUri: src/handlers/consumers/consumer
      Handler: index.handler
      MemorySize: 512
      Policies:
        - Version: '2012-10-17'
          Statement:
            - Effect: Allow
              Action:
                - sqs:ReceiveMessage
                - sqs:DeleteMessage
                - sqs:GetQueueAttributes
              Resource:
                - !Sub '{{resolve:ssm:/${Environment}/${ServiceName}/middleware'
            - Effect: Allow
              Action:
                - dynamodb:PutItem
                - dynamodb:DeleteItem
              Resource: !Sub '{{resolve:ssm:/${Environment}/${ServiceName}/dynamo}}'
      Timeout: 30
      Tracing: Active
      VpcConfig:
        SubnetIds: !Ref VpcSubnetIds
        SecurityGroupIds:
          - !Sub '{{resolve:ssm:/${Environment}/vpc/default_sg}}'

ConorScullion avatar Jun 30 '22 09:06 ConorScullion

Duplicates #594.

phansys avatar Oct 22 '24 13:10 phansys