No software is perfect, here is a list of known issues /gotchas that is worth noting with potential workarounds when you do encounter them (and for some, where you don’t really have a solution)
- Queries assigned to variables (see Guard: Variable, Projections and Interpolations) can be accessed using two forms when defining clauses, E.g.
let api_gws = Resources.*[ Type == 'AWS::ApiGateway::RestApi' ]
%api_gws.Properties.EndpointConfiguration.Types[*] == "PRIVATE"`
or
%api_gws {
Properties.EndpointConfiguration.Types[*] == "PRIVATE"
}
The block form iterates over all AWS::ApiGateway::RestApi
resources found in the input. The first form short circuits and returns immediately after the first resource failure.
Workaround: use the block form to traverse all values to show all resource failures and not just the first one that failed. We are tracking to resolve this issue.
- Need
when
guards with filter expressions- When a query uses filters likeResources.*[ Type == 'AWS::ApiGateway::RestApi' ]
, if there are noApiGatway
resources, then Guard will fail the clause today when performing the check
%api_gws.Properties.EndpointConfiguration.Types[*] == "PRIVATE"
Workaround: assign filters to variables and use
when
condition check e.g.
let api_gws = Resources.*[ Type == 'AWS::ApiGateway::RestApi' ]
when %api_gws !empty { ...}
- When performing
!=
comparison, if the values are incompatible like comparing astring
toint
, an error is thrown internally but currently suppressed and converted tofalse
to satisfy the requirements of Rust’s PartialEq. We are tracking to release a fix for this issue soon. exists
andempty
checks do not display the JSON pointer path inside the document in the error messages. Both these clauses often have retrieval errors which does not maintain this traversal information today. We are tracking to resolve this issue.- When evaluating CloudFormation templates in YAML format, we do not support the short form versions of CloudFormation intrinsic functions like
!Join
,!Sub
and others. Guard does not support these YAML extensions when evaluating.
Workaround: use the expanded form when using these functions.
- Currently, for
string
literals, Guard does not support embedded escaped strings. We are tracking to resolve this issue soon.