search

KablamoOSS / kombustion

Extend CloudFormation with plugins
https://kombustion.io
MIT License
25 stars 12 forks source link

VpcEndpointType of AWS::EC2::VPCEndpoint is removed after processing #121

Open neoghostz opened 6 years ago

neoghostz commented 6 years ago

Any key:value pair that has a value of "Interface" will be stripped and removed from the CFN definition

  VPCEndpoint:
    Type: AWS::EC2::VPCEndpoint
    Properties:
      VpcId:
        Fn::ImportValue: !Sub "${VPCStack}-VPCid"
      ServiceName: !Ref ServiceEndpoint
      VpcEndpointType: Interface
      SubnetIds:
        - Fn::ImportValue: !Sub "${VPCStack}-Subnet-PerimeterInternal1"
        - Fn::ImportValue: !Sub "${VPCStack}-Subnet-PerimeterInternal2"
        - Fn::ImportValue: !Sub "${VPCStack}-Subnet-PerimeterInternal3"
      SecurityGroupIds:
        - Fn::ImportValue: !Sub "${SecurityStack}-SecGroup-${SecurityGroup}"

If you run through generate or upsert the key is removed from properties.

Currently effects 0.3.7 and 0.3.8, it could effect earlier releases.

ojkelly commented 6 years ago

So this isn't working because the definition for that property is set as (in ./pkg/parsers/resources/EC2-VPCEndpoint.go):

    VPCEndpointType     interface{} `yaml:"VPCEndpointType,omitempty"`

The cloudformation docs define it as (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpcendpoint.html#cfn-ec2-vpcendpoint-vpcendpointtype):

VpcEndpointType
    The type of endpoint. Valid values are Interface and Gateway.
    Required: No
    Type: String
    Update requires: No interruption

The difference being VPC vs Vpc.

Curiously, it's defined with uppercase in the Cloudformation JSON spec. So I'm inclined to think the actual docs are out of sync with the implementation.

iann0036 commented 6 years ago

The CloudFormation team has confirmed the spec is incorrect and will work to amend.

iann0036 commented 6 years ago

Workaround in place. Will resolve this when AWS team fixes and we remove the workaround.

iann0036 commented 5 years ago

Also defined at https://github.com/awslabs/aws-cdk/issues/765 and https://github.com/awslabs/goformation/issues/105

henrysachs commented 5 years ago

hey is there any workaround i can use? i still get this issue with the latest aws-cdk

ojkelly commented 5 years ago

Can you try the latest version of kombustion, it was updated recently to pass through everything without doing validation locally. Because, the cfn service is always going to be the source of truth on that, and to better work with macros.