If you don't have a Redshift destination configured for a Kinesis Firehose, cfn-guard reports a KINESIS_FIREHOSE_REDSHIFT_DESTINATION_CONFIGURATION_USES_SECURE_PARAMETER violation, but to suppress the error you need to use what appears to be the name of a subRule(?). Whatever is going on inside the tool, you need to use KINESIS_FIREHOSE_REDSHIFT_DESTINATION_CONFIGURATION_NO_PLAINTEXT_PASSWORD to suppress the warning if no Redshift destination configuration exists.
BTW - the same incorrect behavior happens for Splunk destinations.
Reproduction Steps
Triggers the KINESIS_FIREHOSE_REDSHIFT_DESTINATION_CONFIGURATION_USES_SECURE_PARAMETER warning despite suppression:
What is the problem?
If you don't have a Redshift destination configured for a Kinesis Firehose, cfn-guard reports a KINESIS_FIREHOSE_REDSHIFT_DESTINATION_CONFIGURATION_USES_SECURE_PARAMETER violation, but to suppress the error you need to use what appears to be the name of a subRule(?). Whatever is going on inside the tool, you need to use KINESIS_FIREHOSE_REDSHIFT_DESTINATION_CONFIGURATION_NO_PLAINTEXT_PASSWORD to suppress the warning if no Redshift destination configuration exists.
BTW - the same incorrect behavior happens for Splunk destinations.
Reproduction Steps
Triggers the KINESIS_FIREHOSE_REDSHIFT_DESTINATION_CONFIGURATION_USES_SECURE_PARAMETER warning despite suppression:
Doing this actually suppresses the KINESIS_FIREHOSE_REDSHIFT_DESTINATION_CONFIGURATION_USES_SECURE_PARAMETER warning:
What did you expect to happen?
The reported error name should be the error that needs to be suppressed - you shouldn't have to go to the github repo to debug the actual name.
What actually happened?
A different error name has to be suppressed.
CloudFormation Guard Version
3.1.1
OS
MacOS
OS Version
No response
Other information
No response