Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cfn_nag does not deploy via Serverless Application Repository: Ruby runtime version #588

Open
snowake4me opened this issue Feb 7, 2022 · 1 comment
Open

cfn_nag does not deploy via Serverless Application Repository: Ruby runtime version #588

snowake4me opened this issue Feb 7, 2022 · 1 comment

Comments

@snowake4me
Copy link

Team Stelligent-

First and foremost - thanks for an awesome tool. I've used it locally, and am currently trying to incorporate it into our pipeline (CodePipeline, CodeBuild, CodeDeploy) where we manage several large, complex CloudFormation templates which deploy our Transit infrastructure and configurations.

I tried to go the easy route, and just deploy via the AWS Serverless Application Repository -- but when I do, the stack that is created fails and does a rollback, indicating:

Resource handler returned message: "The runtime parameter of ruby2.5 is no longer supported for creating or updating AWS Lambda functions. We recommend you use the new runtime (ruby2.7) while creating or updating functions.

Of course, I could go into the code and update the Ruby runtime, as suggested - just wondering if this SAR entry is being actively maintained? When this didn't work, I went "old school" and just created a pipeline build stage for the checks, install Ruby, install cfn_nag and run the scan - but that's the subject of a different issue. :)

Just curious if I'm missing something obvious, 'doing it wrong', or failing to realize this is no longer a recommended deployment technique. In my current implementation, I'm basically replicating what was documented in this 2019 blog post:

https://aws.amazon.com/blogs/opensource/using-aws-codepipeline-and-open-source-tools-for-at-scale-infrastructure-deployment/

Thanks in advance for any pointers or guidance - and thanks again for a really helpful tool!
@mebrahimi13
Copy link

The issue is actually due to the Ruby environment version. AWS Lambda no longer supports Ruby 2.5. When updating runtime version to Ruby 2.7, (which is the only support version according to AWS Documentation), I get the following error. I believe a new version of cfn-nag supporting Ruby 2.7 would fix the issue.

    "errorMessage": "cannot load such file -- cfn-nag",
    "errorType": "Init<LoadError>",
    "stackTrace": [
        "/var/lang/lib/ruby/site_ruby/2.7.0/rubygems/core_ext/kernel_require.rb:85:in `require'",
        "/var/lang/lib/ruby/site_ruby/2.7.0/rubygems/core_ext/kernel_require.rb:85:in `require'",
        "/var/task/code_pipeline_invoker.rb:1:in `<top (required)>'",
        "/var/task/handler.rb:1:in `require_relative'",
        "/var/task/handler.rb:1:in `<top (required)>'",
        "/var/lang/lib/ruby/site_ruby/2.7.0/rubygems/core_ext/kernel_require.rb:85:in `require'",
        "/var/lang/lib/ruby/site_ruby/2.7.0/rubygems/core_ext/kernel_require.rb:85:in `require'"
    ]
}```

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mebrahimi13 @snowake4me