Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS::Cloud9::EnvironmentEC2 validation logic for ImageId does not align with CloudFormation documentation #3678

Closed
ithinkisam opened this issue Sep 9, 2024 · 0 comments · Fixed by #3679
Closed

AWS::Cloud9::EnvironmentEC2 validation logic for ImageId does not align with CloudFormation documentation #3678

ithinkisam opened this issue Sep 9, 2024 · 0 comments · Fixed by #3679
Assignees
@kddejong
Labels
bug Something isn't working

Comments

@ithinkisam
Copy link

CloudFormation Lint Version

1.12.4

What operating system are you using?

Amazon Linux 2023

Describe the bug

The AWS::Cloud9::EnvironmentEC2 resource type has an ImageId property that is unique from other ImageId properties in AWS in that it only allows AMI aliases or AWS Systems Manager paths (see CloudFormation docs).

The validation performed by cfn-lint lumps EnvironmentEC2 validation with the more standard uses of ImageId and requires a value that is either an AWS::EC2::Image::Id or AWS::SSM::Parameter::Value<AWS::EC2::Image::Id> (per this).

So the issue here is two-fold:

  1. Current validation does not support one of the valid property values (AMI alias), and
  2. Current validation allows an unsupported property value (image ID)

While some of these are only warnings, you do get an error when trying to use an AMI alias for the ImageId property. Here is the output run against the included reproduction template.

test/cloud9.yaml:5:5:5:9:W2506:'String' is not one of ['AWS::EC2::Image::Id', 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>']
test/cloud9.yaml:21:7:21:14:W1030:{'Ref': 'AMIAlias'} is not a 'AWS::EC2::Image.Id' when 'Ref' is resolved
test/cloud9.yaml:39:7:39:14:E1152:'amazonlinux-2023-x86_64' is not a 'AWS::EC2::Image.Id'

Expected behavior

Linting of a resource of type AWS::Cloud9::EnvironmentEC2 using an AMI alias for the ImageId property should succeed. Validation for this resource property requires custom logic.

Reproduction template

AWSTemplateFormatVersion: 2010-09-09
Description: Test linting of Cloud9 resources
Parameters:
AMIAlias:
Type: String
Description: AMI alias
Default: amazonlinux-2023-x86_64
SSMPath:
Type: AWS::SSM::Parameter::Name
Description: AWS Systems Manager path
Default: /aws/service/cloud9/amis/amazonlinux-2023-x86_64
ImageId:
Type: AWS::SSM::Parameter::ValueAWS::EC2::Image::Id
Description: Image ID
Default: resolve:ssm:/aws/service/cloud9/amis/amazonlinux-2023-x86_64

Resources:
Cloud9EnvironmentAlias:
Type: AWS::Cloud9::EnvironmentEC2
Properties:
ImageId: !Ref AMIAlias
InstanceType: "t2.micro"

Cloud9EnvironmentSSMParam:
Type: AWS::Cloud9::EnvironmentEC2
Properties:
ImageId: !Sub "resolve:ssm:${SSMPath}"
InstanceType: "t2.micro"

Cloud9EnvironmentImageId:
Type: AWS::Cloud9::EnvironmentEC2
Properties:
ImageId: !Ref ImageId
InstanceType: "t2.micro"

Cloud9EnvironmentAliasNoParameter:
Type: AWS::Cloud9::EnvironmentEC2
Properties:
ImageId: amazonlinux-2023-x86_64
InstanceType: "t2.micro"
@kddejong kddejong added the bug Something isn't working label Sep 9, 2024
@kddejong kddejong self-assigned this Sep 9, 2024
@kddejong kddejong mentioned this issue Sep 9, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kddejong kddejong

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Cloud9 ImageIds can be an alias kddejong/cfn-python-lint
2 participants
@ithinkisam @kddejong