Closed isuftin closed 5 days ago
We resolved this is in a new version. Going forward we are just looking just for Ref and not a Ref inside another function.
Why we fixed the issue.... we are trying to push towards the recommendation of using secrets manager. You are which is why we resolved that issue.
Technically we will now allow !Sub "${MyDbPassword}"
but we can try to address that going forward.
Parameters:
MyDbPassword:
Type: String
Conditions:
IsDefaultRegion: !Equals [!Ref AWS::Region, us-east-1]
Resources:
RDS:
Type: AWS::RDS::DBInstance
Condition: IsDefaultRegionOrIsDisasterRecovery
Properties:
CutOutABunchOf: Properties
MasterUserPassword: !If
- IsDefaultRegion
- !Ref MyDbPassword
- !Sub '{{resolve:secretsmanager:/${AWS::AccountId}/${Environment}/rds/master_user_password}}'
cfn-lint Version - 1.3.4
Provide additional details e.g. code snippets. Be sure to remove any sensitive data.
This has cfn-lint returning:
W1011 - Use dynamic references over parameters for secrets
This seems to be a newer error showing up but I'm wondering what the best way to deal with this is or why it's triggering on the
MasterUserPassword
param here.