Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nag error: undefined method 'new' for AWS:Module (NoMethodError) #481

Closed
KyleMuellerPFG opened this issue Aug 19, 2020 · 3 comments
Closed

Nag error: undefined method 'new' for AWS:Module (NoMethodError) #481

KyleMuellerPFG opened this issue Aug 19, 2020 · 3 comments
Labels
bug cfn-model

Comments

@KyleMuellerPFG
Copy link

cfn-nag version: 0.6.7
cfn-model version: 0.5.1

Running 'cfn_nag_scan' on below template (generated using the AWS CDK, and is deployable to AWS) results in the following error:

Traceback (most recent call last):
14: from C:/Ruby26-x64/bin/cfn_nag_scan:23:in <main>' 13: from C:/Ruby26-x64/bin/cfn_nag_scan:23:in load'
12: from C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/cfn-nag-0.6.7/bin/cfn_nag_scan:11:in <top (required)>' 11: from C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/cfn-nag-0.6.7/lib/cfn-nag/cfn_nag_executor.rb:30:in scan'
10: from C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/cfn-nag-0.6.7/lib/cfn-nag/cfn_nag_executor.rb:50:in execute_aggregate_scan' 9: from C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/cfn-nag-0.6.7/lib/cfn-nag/cfn_nag.rb:34:in audit_aggregate_across_files_and_render_results'
8: from C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/cfn-nag-0.6.7/lib/cfn-nag/cfn_nag.rb:64:in audit_aggregate_across_files' 7: from C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/cfn-nag-0.6.7/lib/cfn-nag/cfn_nag.rb:64:in each'
6: from C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/cfn-nag-0.6.7/lib/cfn-nag/cfn_nag.rb:67:in block in audit_aggregate_across_files' 5: from C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/cfn-nag-0.6.7/lib/cfn-nag/cfn_nag.rb:86:in audit'
4: from C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/cfn-model-0.5.1/lib/cfn-model/parser/cfn_parser.rb:43:in parse' 3: from C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/cfn-model-0.5.1/lib/cfn-model/parser/cfn_parser.rb:86:in parse_without_parameters'
2: from C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/cfn-model-0.5.1/lib/cfn-model/parser/cfn_parser.rb:164:in transform_hash_into_model_elements_with_numbers' 1: from C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/cfn-model-0.5.1/lib/cfn-model/parser/cfn_parser.rb:164:in each'
C:/Ruby26-x64/lib/ruby/gems/2.6.0/gems/cfn-model-0.5.1/lib/cfn-model/parser/cfn_parser.rb:167:in block in transform_hash_into_model_elements_with_numbers': undefined method new' for AWS:Module (NoMethodError)

Template:

{
  "Description": "Key template for providerNameOne",
  "Resources": {
    "KmsKeyF138A6A4": {
      "Type": "AWS::KMS::Key",
      "Properties": {
        "KeyPolicy": {
          "Statement": [
            {
              "Action": "kms:*",
              "Effect": "Allow",
              "Principal": {
                "AWS": {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":iam::",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":root"
                    ]
                  ]
                }
              },
              "Resource": "*"
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Effect": "Allow",
              "Principal": {
                "AWS": {
                  "Fn::Join": [
                    "",
                    [
                      "arn:aws:iam::",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":role/admin"
                    ]
                  ]
                }
              },
              "Resource": "*"
            }
          ],
          "Version": "2012-10-17"
        },
        "Description": "KMS key",
        "EnableKeyRotation": true
      },
      "UpdateReplacePolicy": "Retain",
      "DeletionPolicy": "Retain",
      "Metadata": {
        "aws:cdk:path": "redacted"
      }
    },
    "SetReplicaKmsKeyParameterInPrimaryRegion61DB8DB4": {
      "Type": "Custom::AWS",
      "Properties": {
        "ServiceToken": {
          "Fn::GetAtt": [
            "AWS679f53fac002430cb0da5b7982bd22872D164C4C",
            "Arn"
          ]
        },
        "Create": {
          "action": "putParameter",
          "service": "SSM",
          "parameters": {
            "Name": "/param",
            "Value": {
              "Fn::GetAtt": [
                "KmsKeyF138A6A4",
                "Arn"
              ]
            },
            "Type": "String"
          },
          "physicalResourceId": {
            "id": "19082020162417"
          },
          "region": "us-east-1"
        },
        "Update": {
          "action": "putParameter",
          "service": "SSM",
          "parameters": {
            "Name": "/param",
            "Value": {
              "Fn::GetAtt": [
                "KmsKeyF138A6A4",
                "Arn"
              ]
            },
            "Type": "String"
          },
          "physicalResourceId": {
            "id": "19082020162417"
          },
          "region": "us-east-1"
        }
      },
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete",
      "Metadata": {
        "aws:cdk:path": "redacted"
      }
    },
    "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "ManagedPolicyArns": [
          {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
              ]
            ]
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "redacted"
      }
    },
    "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleDefaultPolicyD28E1A5E": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "ssm:PutParameter",
              "Effect": "Allow",
              "Resource": "*"
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleDefaultPolicyD28E1A5E",
        "Roles": [
          {
            "Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "redacted"
      }
    },
    "AWS679f53fac002430cb0da5b7982bd22872D164C4C": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Code": {
          "S3Bucket": {
            "Ref": "AssetParametersafe12ee13b10f5531c1f6afc434951e2965d2ce674cd6131e0e18ce24003942fS3BucketC0EBB250"
          },
          "S3Key": {
            "Fn::Join": [
              "",
              [
                {
                  "Fn::Select": [
                    0,
                    {
                      "Fn::Split": [
                        "||",
                        {
                          "Ref": "AssetParametersafe12ee13b10f5531c1f6afc434951e2965d2ce674cd6131e0e18ce24003942fS3VersionKey2A433453"
                        }
                      ]
                    }
                  ]
                },
                {
                  "Fn::Select": [
                    1,
                    {
                      "Fn::Split": [
                        "||",
                        {
                          "Ref": "AssetParametersafe12ee13b10f5531c1f6afc434951e2965d2ce674cd6131e0e18ce24003942fS3VersionKey2A433453"
                        }
                      ]
                    }
                  ]
                }
              ]
            ]
          }
        },
        "Handler": "index.handler",
        "Role": {
          "Fn::GetAtt": [
            "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2",
            "Arn"
          ]
        },
        "Runtime": "nodejs12.x",
        "Timeout": 120
      },
      "DependsOn": [
        "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleDefaultPolicyD28E1A5E",
        "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2"
      ],
      "Metadata": {
        "aws:cdk:path": "redacted",
        "aws:asset:path": "asset.afe12ee13b10f5531c1f6afc434951e2965d2ce674cd6131e0e18ce24003942f",
        "aws:asset:property": "Code"
      }
    }
  },
  "Parameters": {
    "AssetParametersafe12ee13b10f5531c1f6afc434951e2965d2ce674cd6131e0e18ce24003942fS3BucketC0EBB250": {
      "Type": "String",
      "Description": "S3 bucket for asset \"afe12ee13b10f5531c1f6afc434951e2965d2ce674cd6131e0e18ce24003942f\""
    },
    "AssetParametersafe12ee13b10f5531c1f6afc434951e2965d2ce674cd6131e0e18ce24003942fS3VersionKey2A433453": {
      "Type": "String",
      "Description": "S3 key for asset version \"afe12ee13b10f5531c1f6afc434951e2965d2ce674cd6131e0e18ce24003942f\""
    },
    "AssetParametersafe12ee13b10f5531c1f6afc434951e2965d2ce674cd6131e0e18ce24003942fArtifactHashC0FC33BC": {
      "Type": "String",
      "Description": "Artifact hash for asset \"afe12ee13b10f5531c1f6afc434951e2965d2ce674cd6131e0e18ce24003942f\""
    }
  }
}
@cyuste
Copy link

cyuste commented Sep 16, 2020

Hi,
same error here, cfn_nag version 0.6.7 using a cf in json format auto-generated by cdk (deployable)

@cyuste
Copy link

cyuste commented Sep 17, 2020

Hello again,

I think --strongly emphasises 'think'-- that the problem is when the cloudformation contains a Custom::AWS resource, as in the example from @KyleMuellerPFG and mine

@arothian arothian mentioned this issue Oct 12, 2020
Merged
@arothian
Copy link
Contributor

Thanks for reporting. As a workaround, setting resourceType on your custom resource in CDK to something like Custom::MyCustomResource should work until we have a fix released for this.

arothian added a commit to arothian/cfn_nag that referenced this issue Oct 12, 2020
@arothian
Update cfn-model to 0.5.2 (Fixes stelligent#481)
8428763
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug cfn-model
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@arothian @cyuste @KyleMuellerPFG