This project doesn't work

[donfirst]

Unfortunately, this project is broken

This is just a warning to everyone who wants to play around with this PLUGIN

using this command cfn submit --set-default

You can't build the Lambda So you can build and deploy two stack CloudFormationManagedUploadInfrastructure styra-opa-hook-role-stack

You can build and upload one zip file to the S3 (styra-opa-hook-{date}.zip)

But there is a missing step. to deploy lambda and connect that lambda to the hook

So the effect is that after. hook activation ALWAYS you will get an error message during CF deployment that it's impossible to connect to your opa server- hook is not able to connect to lambda ( lambda doesn't exist)

[anderseknert]

Hi @donfirst!

And thanks for filing this issue. I'm aware of this issue from before, but unfortunately I haven't had the time to get around to it yet. Planning to set aside some time for this next week, and hopefully we can get things back to a working state then. Could you describe the steps you take and where exactly things break and how?

I'll make sure to keep you in the loop as I try to find out what's changed here since I worked on this the last time.

[donfirst]

Hi @anderseknert

Wanted to say that you are doing an awesome job !!!

I have found a couple of issues I'm using Mac Sonoma 14..5 and Python 3.12.3

1) It would be good to put into README that you have to update .rdpk-config "language": "python{your_python_version}", "runtime": "python{your_python_version}", 2) File validate.py in folder test -> line 109

should be ¯\(ツ)/¯

3)Following instruction from https://www.openpolicyagent.org/docs/latest/aws-cloudformation-hooks/

a) git clone https://github.com/StyraInc/opa-aws-cloudformation-hook.git cd opa-aws-cloudformation-hook b)Change the file

c)cd hooks cfn submit --set-default

c1)

d) So far so good :-) e) Doing all exports f)Activate the hook

Now I'm going to lambda -> no function has been created CFstack hook is activated

Deploying any cf

Check lambda and there is no lambda

Seems that this CF file has not been deployed

[anderseknert]

Thank you @donfirst! That's really helpful 👍 I'll use your findings as my starting point when I get to this. In the meantime, don't hesitate to submit corrections for any of the issues you've found here or in the OPA docs. Given that this used to work, it's likely "just" some change AWS did that we need to account for. The problem is of course identifying what that change might be :)

[donfirst]

@anderseknert I spent some time to discover how that project work - so now I know . You can close that topic I managed everything to work

If you. are interested I can participate in that project - fix documentation and explain. how does it work Let me know if you are interested in Best Regards Pete

[anderseknert]

That's great! Yes, I'd be very happy for any help I can get here, as it's been quite a while since I worked on this 😃