cfn-lint is failing with E1150 '' is not a 'AWS::EC2::SecurityGroup.GroupId' when 'Ref' is resolved.
Expected behavior
Creating a LoadBalancer without necessarily attaching a security group should be allowed as it is also allowed when creating such a resource from the AWS console. E1150 should not be raised when using AWS::NoValue
Reproduction template
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
SubnetIds:
Type: List<AWS::EC2::Subnet::Id>
SecurityGroups:
Default: ""
Type: CommaDelimitedList
Scheme:
Type: String
Description: >
Specifies if the load balancer will be internal or internet facing
Default: internal
AllowedValues:
- internal
- internet-facing
AllocationIds:
Type: String
Default: ""
Description: >
Specifies the Comma separated list of existing allocation
Ids of the Elastic IP address for an internet-facing load balancer.
Conditions:
CreateSubnetMappings:
!Not [ !Equals [ !Ref AllocationIds, ''] ]
HasSecurityGroups: !And
- !Not [ !Equals [ !Join [ '', !Ref SecurityGroups ], ''] ]
- !Not [ !Condition CreateSubnetMappings ]
Resources:
LoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
SecurityGroups: !If [ HasSecurityGroups, !Ref SecurityGroups, !Ref "AWS::NoValue"]
Scheme: !Ref Scheme
Subnets: !If [CreateSubnetMappings, !Ref "AWS::NoValue", !Ref SubnetIds]
Type: network
LoadBalancerAttributes:
-
Key: load_balancing.cross_zone.enabled
Value: false
CloudFormation Lint Version
1.3.0
What operating system are you using?
Mac
Describe the bug
In a CloudFormation template snippet like this:
cfn-lint is failing with
E1150 '' is not a 'AWS::EC2::SecurityGroup.GroupId' when 'Ref' is resolved
.Expected behavior
Creating a LoadBalancer without necessarily attaching a security group should be allowed as it is also allowed when creating such a resource from the AWS console. E1150 should not be raised when using
AWS::NoValue
Reproduction template