E3005/W1001 reported, although the concern is addressed with the Rules/Assertions

[tekdj7]

cfn-lint version: (cfn-lint --version)
0.44.6 (also already ran, cfn-lint -u)

Description of issue.
Using the AWS Quick Start aws-vpc.template, cfn-lint is reporting several E3005 & W1001 issues, even though the concern is addressed with the Rules/Assertions in the template. Below is a sample of some of the errors:

• [cfn-lint] E3005: DependsOn VPCGatewayAttachment may not exist when condition when condition "NATGatewaysCondition" is True and when condition "PublicSubnetsCondition" is False at Resources/NAT1EIP/DependsOn
• [cfn-lint] W1001: Ref to resource "PrivateSubnet1ARouteTable" that may not be available when condition "NATGatewaysCondition" is True and when condition "PrivateSubnetsCondition" is False at Resources/PrivateSubnet1ARoute/Properties/RouteTableId/Ref

[kddejong]

For now you may want to look at resource based exceptions or template exceptions for this. This change is going to take some work and testing. Right now we resolve condition relationships based on parameter values. Adding in rule logic will take us a little time to resolve.

[awsstudygroup2021]

wher is the PrivateSubnetsCondition? I dont see it on the internet or any AWS document. Thanks

[chrisoverzero]

@awsstudygroup2021

It's not any universal CloudFormation thing. It's a named Condition from the template referenced in the original post:

Conditions:
  PrivateSubnetsCondition: !Equals [!Ref 'CreatePrivateSubnets', 'true']

[kddejong]

We now account for some level of Rules. We cannot account for all assertions possible but the standard And/Or/Not/Equals are now covered. I can handle any additional issues for other rules/assertions via request.