Closed nitinitare closed 1 year ago
Can anyone help on this issue?
Hi, have you downloaded the release rule sets and used the rule set files in there? Check out the releases and download the aggregated rule set files from there.
Take a look at Using Guard Rules Registry docs for examples.
Hi, have you downloaded the release rule sets and used the rule set files in there? Check out the releases and download the aggregated rule set files from there.
Yes, did the same.
Take a look at Using Guard Rules Registry docs for examples.
yes, followed the same.
@grolston, Any other suggestion. I am not sure if I am the only one facing this issue.
What is appears you are doing is using the cfn-guard command not as documented:
You have cfn-guard validate -v --data cfn-template --rules ./aws-guard-rules-registry-1.0.2/rules/aws
Your rules you are using is the Guard rules directory and not a the compiled rules (it was not tested nor intended to be used like that in the raw form). When you download the release rules from here and unzip the folder you will see files you can use in the output directory. For example, in there is a file named NIST800-53Rev5.guard
if I use the command:
cfn-guard validate -v --data cfn-template --rules ./NIST800-53Rev5.guard
it will test the template against the rules in the NIST800-53Rev5.guard file.
If you are looking for testing against every rule (not recommended as you should have a plan for what your rule set should include), you an use the guard-rules-registry-all-rules.guard
located in the output directory of the release.
Yes, you are right, I was looking for testing against every rule. Will try it using guard-rules-registry-all-rules.guard. Thankyou very much for the response, much appreciated.
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
General Issue
yes
The Question
I am running the cfn-guard validation command to test the cloudformation template but getting the error with multiple rules. Attaching the screenshot with the Parsing error handling rule file error message. Am I doing it in a wrong way or there is any issue with cfn-guard handling these rules files.
using command: cfn-guard validate -v --data cfn-template --rules ./aws-guard-rules-registry-1.0.2/rules/aws where i have my template file in yaml format inside cfn-template folder.
CloudFormation Guard Version
2.1.3
OS
Amazon Linux
OS Version
No response
Other information
Running the command while build in AWS CodeBuild. was testing it for IAM policy and all the rules related to IAM policy were PASS. But not sure why this parsing error with other rule files.