Handle Custom Resources
Opened this issue · 2 comments
Hi,
I am using the Custom Resource backed by Lambda function in the same template.
ExampleS3PolicyRun:
Type: Custom::ExampleS3Policy
Condition: CreateExampleS3Bucket
Properties:
ServiceToken: !GetAtt ExampleS3PolicyFunction.Arn
Environment: !Ref EnvironmentName
ExampleS3PolicyMappings: !Ref ExampleS3PolicyMappings
But I got
ERROR: Invalid resource type: Custom::ExampleS3Policy
Hi, thank you for opening this issue. It looks like you have an IAM policy that references this custom resource?
This is not something that the tool currently supports, though the error message could be better. The problem is that the tool could not know what type of ARN your custom resource generates since it could be any AWS resource. The tool throws an error in this type of situation so that a bad actor couldn't use this strategy as a way to get around policy validation checks.
I think what could be added in the future is some sort of configuration that allows you to intentionally ignore situations like this, but that does not exist today.
@mluttrell Thanks. Yes will be helpful if we have option to silently ignore this situation.