By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

class CfnFramework how to add scopeTags to controlScope

0

Hi all, exactly what the title says.

https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_backup.CfnFramework.html#class-cfnframework-construct

const cfnFramework = new backup.CfnFramework(this, 'MyCfnFramework', {
  frameworkControls: [{
    controlName: 'controlName',

    // the properties below are optional
    controlInputParameters: [{
      parameterName: 'parameterName',
      parameterValue: 'parameterValue',
    }],
    controlScope: controlScope, # how do we add scope tags
  }],
});

I was trying to do something like this but it didn't work because I have got the wrong key there but I have also tried tags instead of scopeTags and that didn't work either.

const cfnFramework = new backup.CfnFramework(this, 'MyCfnFramework', {
  frameworkControls: [{
    controlName: 'controlName',

    // the properties below are optional
    controlInputParameters: [{
      parameterName: 'parameterName',
      parameterValue: 'parameterValue',
    }],
    controlScope: {
      scopeTags: # extraneous key [scopeTags] is not permitted
    }
  }],
});

Adding errors that I am seeing on screen -

`2:41:05 AM | CREATE_FAILED | AWS::Backup::Framework | BackupFramework

Properties validation failed for resource BackupFramework with message:

#/FrameworkControls/0/ControlScope: extraneous key [complianceResourceTypes] is not permitted

#/FrameworkControls/0/ControlScope:

extraneous key [tags] is not permitted

#/FrameworkControls/1/ControlScope: extraneous key [complianceResourceTypes] is not permitted

#/FrameworkControls/1/ControlScope: extraneous key [tags] is not permitted 0 comments `

Topics
StorageAWS Cloud Development Kit (CDK)
Tags
AWS BackupAWS Cloud Development Kit (CDK)
Language
English
rePost-User-2336373
asked a year ago227 views
1 Answer
0

You receive this error "extraneous key [complianceResourceTypes] is not permitted" when the properties are not correctly specified or you haven't defined one or more properties for controlScope.

The control scope can include one or more resource types, a combination of a tag key and value, or a combination of one resource type and one resource ID. If no scope is specified, evaluations for the rule are triggered when any resource in your recording group changes in configuration.

NOTE : To set a control scope that includes all of a particular resource, leave the ControlScope empty or do not pass it when calling CreateFramework .

You can try adding scope tags to controlScope by defining it using ControlScopeProperty as shown below :

================ // The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import { aws_backup as backup } from 'aws-cdk-lib'; const controlScopeProperty: backup.CfnFramework.ControlScopeProperty = { complianceResourceIds: ['complianceResourceIds'], complianceResourceTypes: ['complianceResourceTypes'], tags: [{ key: 'key', value: 'value', }], };

I suggest you test it on a demo environment before using in a production setup.

Refer to this documentation for more information : ==> https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_backup.CfnFramework.ControlScopeProperty.html ==> https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-model-validation-failure/

AWS
SUPPORT ENGINEER
Satyam_D
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content