kteague
commented
4 years ago If you leave az's blank in the segments with a EC2 NAT Gateway you get:
File "/Users/kteague/water/paco/src/paco/stack/stack_group.py", line 86, in add_new_stack
stack.template = template_class(stack, self.paco_ctx, **extra_context)
File "/Users/kteague/water/paco/src/paco/cftemplates/security_groups.py", line 59, in __init__
self.create_group_rules(sg_group_id, sg_name, sg_config, template)
File "/Users/kteague/water/paco/src/paco/cftemplates/security_groups.py", line 166, in create_group_rules
rule_res = tropo_rule_method.from_dict(rule_name, rule_dict)
File "/Users/kteague/water/troposphere/build/lib/troposphere/__init__.py", line 302, in from_dict
return cls._from_dict(title, **d)
File "/Users/kteague/water/troposphere/build/lib/troposphere/__init__.py", line 297, in _from_dict
return cls(title, **props)
File "/Users/kteague/water/troposphere/build/lib/troposphere/__init__.py", line 127, in __init__
self.__setattr__(k, v)
File "/Users/kteague/water/troposphere/build/lib/troposphere/__init__.py", line 214, in __setattr__
self._raise_type(name, value, expected_type)
File "/Users/kteague/water/troposphere/build/lib/troposphere/__init__.py", line 228, in _raise_type
raise TypeError('%s: %s.%s is %s, expected %s' % (self.__class__,
TypeError: <class 'troposphere.ec2.SecurityGroupIngress'>: ec2az1B9F2B38CIngressSubnetAZ.SourceSecurityGroupId is <class 'NoneType'>, expected <class 'str'>
What problems do you have? There are a number of ways to configure segments that can't be provisioned.
What solutions could solve that problem? Validate the configuration and raise an error if it's invalid.
If you have 2 AZs, you can leave az1_cidr or az2_cidr blank and then the Segments stack fails with an error: