From 9d5333edf3f9a6b1220d546d97cac88c08a2cced Mon Sep 17 00:00:00 2001
From: Georgi <georgi.ajaeiya@datadoghq.com>
Date: Thu, 19 Sep 2024 11:37:51 +0200
Subject: [PATCH] [Logs forwarder] update CFT template to pass cfn-lint

---
 .github/workflows/lint.yml        |  2 +-
 aws/logs_monitoring/template.yaml | 14 ++++++++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index a56f2f4f..087d8d10 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -33,5 +33,5 @@ jobs:
         run: |
           pip install cfn-lint==1.11.1
           cfn-lint --version
-          cfn-lint -t aws/logs_monitoring/template.yaml -i W1030
+          cfn-lint -t aws/logs_monitoring/template.yaml
           cfn-lint -t aws/rds_enhanced_monitoring/rds-enhanced-sam-template.yaml
diff --git a/aws/logs_monitoring/template.yaml b/aws/logs_monitoring/template.yaml
index 20187401..4b5ee72f 100644
--- a/aws/logs_monitoring/template.yaml
+++ b/aws/logs_monitoring/template.yaml
@@ -332,6 +332,10 @@ Conditions:
     - !Condition CreateS3Bucket
     - !Not
       - !Equals [!Ref DdForwarderExistingBucketName, ""]
+  SetVpcSecurityGroupIds: !Not
+    - !Equals [!Join ["", !Ref VPCSecurityGroupIds], ""]
+  SetVpcSubnetIds: !Not
+    - !Equals [!Join ["", !Ref VPCSubnetIds], ""]
 Rules:
   MustSetDdApiKey:
     Assertions:
@@ -526,8 +530,14 @@ Resources:
         - !Ref AWS::NoValue
       VpcConfig: !If
         - UseVPC
-        - SecurityGroupIds: !Ref VPCSecurityGroupIds
-          SubnetIds: !Ref VPCSubnetIds
+        - SecurityGroupIds: !If
+          - SetVpcSecurityGroupIds
+          - !Ref VPCSecurityGroupIds
+          - !Ref AWS::NoValue
+          SubnetIds: !If
+            - SetVpcSubnetIds
+            - !Ref VPCSubnetIds
+            - !Ref AWS::NoValue
         - !Ref AWS::NoValue
   ForwarderRole:
     Type: AWS::IAM::Role