hannes-ucsc
commented
2 weeks ago There were two bugs: 1) We specified invalid configuration and 2) the TF provider rejected it with a misleading error message. Spike to add FIXME referring to this issue in any of their PRs, then retriage. I already replied on the upstream issue, suggesting that the error message could be improved. Otherwise, this is low priority since we already use CF stacks elsewhere without issue.
nadove-ucsc
Currently, we use CloudFormation stack to manage the inspector rules that suppress findings for the Kibana, Cerebro, and Signing Proxy images (introduced in https://github.com/DataBiosphere/azul/pull/5758). We initially tried to use the AWS Cloud Control provider plugin, but a confusing error message led us to abandon this approach and file a bug report against the provider.
Now, we've received a reply to the bug report. The proposed solution hasn't been tested yet, but if it works we could replace the CF stack implementation with our original design using CC.