cfn-lint | CloudFormation Linter | AWS library
kandi X-RAY | cfn-lint Summary
kandi X-RAY | cfn-lint Summary
Validate AWS CloudFormation yaml/json templates against the AWS CloudFormation Resource Specification and additional checks. Includes checking valid values for resource properties and best practices.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Parse a JSON object .
- Get schema value types .
- Checks if a property matches the given criteria .
- Create the argparse parser .
- Create a node class based on the input .
- Validate a resource .
- Returns a list of scenarios that match conditions .
- Scans a JSON string .
- Update the resource spec for a given region .
- Match a resource .
cfn-lint Key Features
cfn-lint Examples and Code Snippets
make test
make test-lint
make test-validate
make test-security
make test-unit
make test-e2e
Community Discussions
Trending Discussions on cfn-lint
QUESTION
When running cfn-lint on the following code I get a warning
...ANSWER
Answered 2021-Dec-17 at 22:20Yes, the warning is valid since the Ref
usage implicitly defines a dependency on MicroserviceLoadBalancerSGPrivate
. Technically speaking, redundant would be more correct than obsolete.
Unless you specifically need MicroserviceSG
to be created after MicroserviceLoadBalancerSGPrivate
, then you should remove the DependsOn
and let CloudFormation do it's thing, as CloudFormation will optimize and parallelize the deployment.
The most common use of the DependsOn
is to enforce the creation and deletion of resources in a certain order, as mentioned by the documentation:
You can use the DependsOn attribute with any resource. Here are some typical uses: Declare dependencies for resources that must be created or deleted in a specific order
The DependsOn documentation has more scenarios on when and why you might want to use DependsOn
.
QUESTION
When I try to deploy a seemingly simple CDK stack, it fails with a strange error. I don't get this same behavior when I create a different iam.ManagedPolicy
in a different file, and that one has a much more complicated policy with several actions, etc. What am I doing wrong?
ANSWER
Answered 2021-Dec-18 at 06:18The role ARN rolename
was incorrect; I was missing a colon after iam
. So it's iam::
not iam:
. I think I copied the single colon from a (wrong) example somewhere on the Internet. Gah...
QUESTION
cfn-lint version: 0.53.0
Description of issue.
I have following setup on my Ubuntu machine
- cfn-lint
- cfn-python-lint via pre-commit
Case 1: If I run cfn-lint ./**/*.yml
from terminal at the project root folder then there are no errors
Case 2: If I now try to git commit the code with pre-commit installed, it gives the following error "E0000 Template needs to be an object." for the parameters JSON file.
The parameter JSON looks something like this:
...ANSWER
Answered 2021-Aug-06 at 09:41In Case 1, you are only matching files with a *.yml
extension and not a JSON extension. However, in Case 2, being your pre-commit hook, you do include json files as well. Meaning it will probably try to interpret your parameters JSON file as a CloudFormation file.
Your parameters file isn't CloudFormation however, it is a simple JSON array containing some values. A CloudFormation file is always an object, never an array at the top level. This would explain the error message. The solution: only include files in your cfn-python-lint scan that are actually CloudFormation files.
QUESTION
I have a cloud formation template where I have all the resources and details for the project.
I have the cfn-lint setup locally and it is running perfectly fine. However when I push the code changes, build fails at deployment stage due to cfn-nag stating some simple changes which could be fixed.
I'm using windows machine and I need a way to run this cfn-nag locally so that I could check this just like cfn-lint and fix them locally instead of waiting 40 minutes for build till it reaches deployment stage.
I referred several posts online, found below two helpful
https://stelligent.com/2018/03/23/validating-aws-cloudformation-templates-with-cfn_nag-and-mu/ https://github.com/stelligent/cfn_nag
What is the difference between cfn-nag and cfn-lint and why lint is not failing on what cfn-nag is complaining about?
The above links have some instructions on Ruby and Brew but I'm using Nodejs, felt lost. Please help.
...ANSWER
Answered 2021-Jul-15 at 10:53CFN-Nag looks for patterns in AWS CloudFormation templates that may indicate insecure infrastructure,
Ex:
IAM rules that are too permissive (wildcards), Security group rules that are too permissive (wildcards), Access logs that aren’t enabled, Encryption that isn’t enabled,
CFN-Lint scans the AWS CloudFormation template by processing a collection of Rules, where every rule handles a specific function check or validation of the template. It validates against AWS CloudFormation Resource specification.
This collection of rules can be extended with custom rules using the --append-rules argument.
Ex: Whitespaces, alignment(YAML), type checks, valid values for resource properties, and other best practices.
Those two links you previded above have all the information needed, just not directly for a Nodejs developer using a Windows machine.
Step1: Pull the docket image stelligent/cfn-nag
Step2: Add the script to your package.json for cfn-nag
Ex:
QUESTION
I want to deploy an SQS queue from a CloudFormation template. Is there any issue with my template?
...ANSWER
Answered 2021-Jun-30 at 21:35sqs:SendMessage
is missing the end quote
Recommend trying the CloudFormation Linter in VSCode to see some of these errors inline while authoring templates along with autocompletion and documentation links
QUESTION
I was trying to implement a dynamodb
proxy using apigateway
. But when invoking it, the api is returning error,
Fri Mar 19 20:30:27 UTC 2021 : Execution failed due to configuration error: Unable to transform request
Fri Mar 19 20:30:27 UTC 2021 : Method completed with status: 500
To me it looks like the issue is not with the requestTemplates
transformation(?), but what else, any idea?
Cloudformation
template.
ANSWER
Answered 2021-Mar-19 at 22:40I think this line is the issue:
QUESTION
I have come across a usecase where i am seeing conflict between Shell Variables
and Cloudformation Parameters
.
Example:
I am writing AWS::ImageBuilder::Component
ANSWER
Answered 2021-Feb-15 at 12:26You have to escape your variables using ${!}
notation:
QUESTION
ANSWER
Answered 2021-Feb-02 at 11:13To get the Arn
, you have to use GetAtt intristic function:
QUESTION
I am working on a proof of concept for deploying a conformance pack via AWS cloudformation and I am stumped by the error "Parameter values specified for a template which does not require them." The config rule I am using does require a parameter. Code is attached. I have also tested the template with cfn-lint and do not receive any feedback/errors.
My template is "simple" and below:
...ANSWER
Answered 2020-Nov-12 at 09:16The cause is that you are passing a parameter (the one specified in ConformancePackInputParameters
) to a CloudFormation template (the one specified in TemplateBody
) that does not contain a Parameters
section and therefore expects no parameters. To solve this, you need to add a parameter to the inner CloudFormation template, which you can then refer to in predefinedPolicyName
:
The following template works for me:
QUESTION
I've written a macro (called BucketChecker
) that takes in an s3 bucket name and checks if it already exists.
The fragment will return true or false accordingly.
I would like to use this macro in a Conditions
section as described in this article: https://cloudnineapps.com/blogs/cloud-computing/how-to-create-dynamic-condition-expressions-in-aws-cloudformation-using-macros/.
The idea is to use this as a condition in my template like this:
...ANSWER
Answered 2020-Jul-10 at 10:39Based on the comments.
The cfn-linter
was incorrectly classifying the Fn::Transform
as malformed.
Deploying the stack confirmed that there are no issues with the Fn::Transform
.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install cfn-lint
There are getting started guides available in the documentation section to help with integrating cfn-lint or creating rules.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page