search

dflook / cloudformation-dns-certificate

Cloudformation DNS Validated Certificate Resource
MIT License
48 stars 13 forks source link

Fix linting warnings relating to AWS partitions #18

Closed CurryEleison closed 1 year ago

CurryEleison commented 1 year ago

The CloudFormation stacks currently generate a cfn-lint warning "[cfn-lint] I3042: ARN in Resource CustomAcmCertificateLambdaExecutionRole contains hardcoded Partition in ARN or incorrectly placed Pseudo Parameters".

This comes from constructs like

!Sub 'arn:aws:acm:*:${AWS::AccountId}:certificate/*'

where the :aws: in principle could be :aws-cn: or :aws-us-gov:. The fix is to insert the pseudo parameter ${AWS::Partition} like so:

!Sub 'arn:${AWS::Partition}:acm:*:${AWS::AccountId}:certificate/*'

I have made this substitution where it seemed reasonable, but was not able to run the tests. This PR doesn't fix anything functional -- it's only intended to get rid of the warnings.

Also, thanks for making this! This resource genuinely is a blessing.

dflook commented 1 year ago

Thanks @CurryEleison, I've run the tests and everything looks good