What is the reason for W6001 warning message

[zjwertz8]

Hello,

Just curious as to what security concern, if any, W6001 brings up. The Rule is defined below:

W6001 | Title: Check Outputs using ImportValue | Description: Check if the Output value is set using ImportValue, so creating an Output of an Output

An example code snippet is below. I am trying to create a new stack template output that I can use in a subsequent step in my build pipeline. This output works as intended, but I am wondering what the warning is about. I am creating an output of an output on purpose. Does this fall out of best practice or have some security concern that negates it from being warning-less?

Outputs:
  TaskSubnetGroups:
    Description: Comma separated list of Subnet Groups
    Value:
      Fn::ImportValue:
        !Sub ${VPCStackName}-${Env}-privateSubnets

Thanks!

[kddejong]

Its not a security concern. More of a you are just exporting the same thing as you imported. With limits, etc. this rule will tell you that there may not be much value there.

[zjwertz8]

Okay thank you for the input!

[kddejong]

You can absolutely disable the rule if you need and thanks for the question.

[zjwertz8]

For sure I've got an --ignore-checks flag set to that specific rule on the cfn-lint command, just wanted to make sure I wasn't ignoring it without knowing why.