Open plinioh opened 10 months ago
@plinioh I also encountered the same issue. I believe the problem has been resolved since the conditions have been fixed in the main branch.
Conditions for SupressedRules
are added in main as follows
let dynamodb_pitr_enabled = Resources.*[ Type == "AWS::DynamoDB::Table"
Metadata.guard.SuppressedRules not exists or
Metadata.guard.SuppressedRules.* != "DYNAMODB_PITR_ENABLED"
]
What is the problem?
The suppression rule for
DYNAMODB_PITR_ENABLED
is not working as expected.Reproduction Steps
template.yaml
Rule Set: Currently using
wa-Reliability-Pillar.guard
from Release v1.0.2Command:
Result:
What did you expect to happen?
I expected the that
cfn-guard validate
exited cleanly since the rule forDYNAMODB_PITR_ENABLED
is Supressed.What actually happened?
cfn-guard validate
evaluated the template as non-compliantCloudFormation Guard Version
cfn-guard 3.0.1
OS
MacOS
OS Version
Sonoma 14.1.1
Other information
N/A