You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, #310 introduced a bug with the cdk-nag suppressions when the VPC/private subnets are configured with less than 3 AZs.
Error: Suppression path "/testestGenAIChatBotStack/UserInterface/PrivateWebsite/DescribeNetworkInterfaces-2/CustomResourcePolicy/Resource" did not match any resource. This can occur when a resource does not exist or if a suppression is applied before a resource is created.
Hi,
#310 introduced a bug with the cdk-nag suppressions when the VPC/private subnets are configured with less than 3 AZs.
Error: Suppression path "/testestGenAIChatBotStack/UserInterface/PrivateWebsite/DescribeNetworkInterfaces-2/CustomResourcePolicy/Resource" did not match any resource. This can occur when a resource does not exist or if a suppression is applied before a resource is created.
Root cause seem to be the hard-coded suppression rules in https://github.com/aws-samples/aws-genai-llm-chatbot/blob/20828628f83fca299cf3775deb62014a4957dbac/lib/aws-genai-llm-chatbot-stack.ts#L420C1-L435C9. If there are != 3 private subnets containing the VPC Endpoints, the suppressions will fail.
I suggest to create the suppressions dynamically the same way the VPC Endpoints are created, e.g. something like
Happy to submit a PR for this.
The text was updated successfully, but these errors were encountered: