I′m search for an option to also validate referenced values using cfn-guard in my pipeline, but haven′t found anything.
Basically, the example validation rule looks like this:
#Database
AWS::RDS::DBInstance StorageEncrypted == true
The Database template:
Parameters:
StorageEncrypted:
Default: true
Description: Should the database storage be encrypted?
Type: String
Resources:
AuroraDBFirstInstance:
Type: AWS::RDS::DBInstance
Properties:
CopyTagsToSnapshot: true
DBInstanceClass:
Ref: DBInstanceClass
DBClusterIdentifier: !Ref AuroraDBCluster
Engine: aurora-postgresql
EngineVersion: !Ref EngineVersion
DBSubnetGroupName: !Ref DBSubnetGroup
PubliclyAccessible: false
StorageEncrypted: false #1
StorageEncrypted: !Ref StorageEncrypted #2
EnablePerformanceInsights: true
#1 This would work
#2 This will fail with the following message: failed because [StorageEncrypted] is [StorageEncrypted] and the permitted value is [true]
Does anyone know if it is possible to also validate referenced values as we′re using the throughout our templates?
EDIT: Found an open feature request: Feature request , but I leave this question open in case someone knows a workaround.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
