search

stelligent / cfn_nag

Linting tool for CloudFormation templates
MIT License
1.25k stars 209 forks source link

cfn_nag does not deploy via Serverless Application Repository: Ruby runtime version #588

Open snowake4me opened 2 years ago

snowake4me commented 2 years ago

Team Stelligent-

First and foremost - thanks for an awesome tool. I've used it locally, and am currently trying to incorporate it into our pipeline (CodePipeline, CodeBuild, CodeDeploy) where we manage several large, complex CloudFormation templates which deploy our Transit infrastructure and configurations.

I tried to go the easy route, and just deploy via the AWS Serverless Application Repository -- but when I do, the stack that is created fails and does a rollback, indicating:

Resource handler returned message: "The runtime parameter of ruby2.5 is no longer supported for creating or updating AWS Lambda functions. We recommend you use the new runtime (ruby2.7) while creating or updating functions.

Of course, I could go into the code and update the Ruby runtime, as suggested - just wondering if this SAR entry is being actively maintained? When this didn't work, I went "old school" and just created a pipeline build stage for the checks, install Ruby, install cfn_nag and run the scan - but that's the subject of a different issue. :)

Just curious if I'm missing something obvious, 'doing it wrong', or failing to realize this is no longer a recommended deployment technique. In my current implementation, I'm basically replicating what was documented in this 2019 blog post:

https://aws.amazon.com/blogs/opensource/using-aws-codepipeline-and-open-source-tools-for-at-scale-infrastructure-deployment/

Thanks in advance for any pointers or guidance - and thanks again for a really helpful tool!

mebrahimi13 commented 2 years ago

The issue is actually due to the Ruby environment version. AWS Lambda no longer supports Ruby 2.5. When updating runtime version to Ruby 2.7, (which is the only support version according to AWS Documentation), I get the following error. I believe a new version of cfn-nag supporting Ruby 2.7 would fix the issue. 


    "errorMessage": "cannot load such file -- cfn-nag",
    "errorType": "Init<LoadError>",
    "stackTrace": [
        "/var/lang/lib/ruby/site_ruby/2.7.0/rubygems/core_ext/kernel_require.rb:85:in `require'",
        "/var/lang/lib/ruby/site_ruby/2.7.0/rubygems/core_ext/kernel_require.rb:85:in `require'",
        "/var/task/code_pipeline_invoker.rb:1:in `<top (required)>'",
        "/var/task/handler.rb:1:in `require_relative'",
        "/var/task/handler.rb:1:in `<top (required)>'",
        "/var/lang/lib/ruby/site_ruby/2.7.0/rubygems/core_ext/kernel_require.rb:85:in `require'",
        "/var/lang/lib/ruby/site_ruby/2.7.0/rubygems/core_ext/kernel_require.rb:85:in `require'"
    ]
}```