CFN nag error when running it on a template that contains intrinsic function Fn::ForEach #621
Description
We have a template that based on hostnames as identifier creates resources leveraging the Fn::ForEach Intrinsic function , sample example of the template
AWSTemplateFormatVersion: 2010-09-09
Transform: "AWS::LanguageExtensions"
Mappings:
Instances:
InstanceType:
B: m5.4xlarge
C: c5.2xlarge
ImageId:
A: ami-id1
Resources:
"Fn::ForEach::Instances":
- Identifier
- [A, B, C]
- "Instance${Identifier}":
Type: "AWS::EC2::Instance"
Properties:
InstanceType:
!FindInMap [
Instances,
InstanceType,
!Ref "Identifier",
{ DefaultValue: m5.xlarge },
]
ImageId:
!FindInMap [
Instances,
ImageId,
!Ref "Identifier",
{ DefaultValue: ami-id-default },
]
Outputs:
SecondInstanceId:
Description: Instance Id for InstanceB
Value: !Ref "InstanceB"
SecondPrivateIp:
Description: Private IP for InstanceB
Value: !GetAtt [InstanceB, PrivateIp]
When I run cfn nag scan on the template with the command cfn_nag_scan --input-path <> getting an error
opt/homebrew/Cellar/gem-cfn-nag/0.8.10/gems/cfn-model-0.6.6/lib/cfn-model/validator/resource_type_validator.rb:20:in `block in validate': no implicit conversion of String into Integer (TypeError)
from /opt/homebrew/Cellar/gem-cfn-nag/0.8.10/gems/cfn-model-0.6.6/lib/cfn-model/validator/resource_type_validator.rb:19:in `each'
from /opt/homebrew/Cellar/gem-cfn-nag/0.8.10/gems/cfn-model-0.6.6/lib/cfn-model/validator/resource_type_validator.rb:19:in `validate'
from /opt/homebrew/Cellar/gem-cfn-nag/0.8.10/gems/cfn-model-0.6.6/lib/cfn-model/validator/schema_generator.rb:17:in `generate'
from /opt/homebrew/Cellar/gem-cfn-nag/0.8.10/gems/cfn-model-0.6.6/lib/cfn-model/validator/cloudformation_validator.rb:13:in `validate'
from /opt/homebrew/Cellar/gem-cfn-nag/0.8.10/gems/cfn-model-0.6.6/lib/cfn-model/parser/cfn_parser.rb:220:in `pre_validate_model'
from /opt/homebrew/Cellar/gem-cfn-nag/0.8.10/gems/cfn-model-0.6.6/lib/cfn-model/parser/cfn_parser.rb:62:in `parse_without_parameters'
from /opt/homebrew/Cellar/gem-cfn-nag/0.8.10/gems/cfn-model-0.6.6/lib/cfn-model/parser/cfn_parser.rb:43:in `parse'
from /opt/homebrew/Cellar/gem-cfn-nag/0.8.10/gems/cfn-nag-0.8.10/lib/cfn-nag/cfn_nag.rb:87:in `audit'
from /opt/homebrew/Cellar/gem-cfn-nag/0.8.10/gems/cfn-nag-0.8.10/lib/cfn-nag/cfn_nag.rb:68:in `block in audit_aggregate_across_files'
from /opt/homebrew/Cellar/gem-cfn-nag/0.8.10/gems/cfn-nag-0.8.10/lib/cfn-nag/cfn_nag.rb:65:in `each'
from /opt/homebrew/Cellar/gem-cfn-nag/0.8.10/gems/cfn-nag-0.8.10/lib/cfn-nag/cfn_nag.rb:65:in `audit_aggregate_across_files'
from /opt/homebrew/Cellar/gem-cfn-nag/0.8.10/gems/cfn-nag-0.8.10/lib/cfn-nag/cfn_nag.rb:35:in `audit_aggregate_across_files_and_render_results'
from /opt/homebrew/Cellar/gem-cfn-nag/0.8.10/gems/cfn-nag-0.8.10/lib/cfn-nag/cfn_nag_executor.rb:50:in `execute_aggregate_scan'
from /opt/homebrew/Cellar/gem-cfn-nag/0.8.10/gems/cfn-nag-0.8.10/lib/cfn-nag/cfn_nag_executor.rb:30:in `scan'
from /opt/homebrew/Cellar/gem-cfn-nag/0.8.10/gems/cfn-nag-0.8.10/bin/cfn_nag_scan:11:in `<top (required)>'
from /opt/homebrew/bin/cfn_nag_scan:6:in `load'
from /opt/homebrew/bin/cfn_nag_scan:6:in `<main>'
Commenting our that resource block from the template no error is being returned . Could the team confirm about the support for the intrinsic function
cfn nag version
cfn_nag_scan --version
0.8.10