cfn-lint | CloudFormation Linter | AWS library

 by   aws-cloudformation Python Version: 1.3.3 License: MIT-0

kandi X-RAY | cfn-lint Summary

kandi X-RAY | cfn-lint Summary

cfn-lint is a Python library typically used in Cloud, AWS applications. cfn-lint has no bugs, it has no vulnerabilities, it has build file available, it has a Permissive License and it has medium support. You can install using 'pip install cfn-lint' or download it from GitHub, PyPI.

Validate AWS CloudFormation yaml/json templates against the AWS CloudFormation Resource Specification and additional checks. Includes checking valid values for resource properties and best practices.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              cfn-lint has a medium active ecosystem.
              It has 2185 star(s) with 526 fork(s). There are 46 watchers for this library.
              There were 9 major release(s) in the last 6 months.
              There are 99 open issues and 855 have been closed. On average issues are closed in 112 days. There are 8 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of cfn-lint is 1.3.3

            kandi-Quality Quality

              cfn-lint has 0 bugs and 0 code smells.

            kandi-Security Security

              cfn-lint has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              cfn-lint code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              cfn-lint is licensed under the MIT-0 License. This license is Permissive.
              Permissive licenses have the least restrictions, and you can use them in most projects.

            kandi-Reuse Reuse

              cfn-lint releases are available to install and integrate.
              Deployable package is available in PyPI.
              Build file is available. You can build the component from source.
              Installation instructions, examples and code snippets are available.

            Top functions reviewed by kandi - BETA

            kandi has reviewed cfn-lint and discovered the below as its top functions. This is intended to give you an instant insight into cfn-lint implemented functionality, and help decide if they suit your requirements.
            • Parse a JSON object .
            • Get schema value types .
            • Checks if a property matches the given criteria .
            • Create the argparse parser .
            • Create a node class based on the input .
            • Validate a resource .
            • Returns a list of scenarios that match conditions .
            • Scans a JSON string .
            • Update the resource spec for a given region .
            • Match a resource .
            Get all kandi verified functions for this library.

            cfn-lint Key Features

            No Key Features are available at this moment for cfn-lint.

            cfn-lint Examples and Code Snippets

            Testing
            Pythondot img1Lines of Code : 6dot img1License : Permissive (MIT)
            copy iconCopy
            make test
            
            make test-lint
            
            make test-validate
            
            make test-security
            
            make test-unit
            
            make test-e2e
              

            Community Discussions

            QUESTION

            CloudFormation cnf-lint Obsolete "DependsOn"
            Asked 2021-Dec-18 at 11:39

            When running cfn-lint on the following code I get a warning

            ...

            ANSWER

            Answered 2021-Dec-17 at 22:20

            Yes, the warning is valid since the Ref usage implicitly defines a dependency on MicroserviceLoadBalancerSGPrivate. Technically speaking, redundant would be more correct than obsolete.

            Unless you specifically need MicroserviceSG to be created after MicroserviceLoadBalancerSGPrivate, then you should remove the DependsOn and let CloudFormation do it's thing, as CloudFormation will optimize and parallelize the deployment.

            The most common use of the DependsOn is to enforce the creation and deletion of resources in a certain order, as mentioned by the documentation:

            You can use the DependsOn attribute with any resource. Here are some typical uses: Declare dependencies for resources that must be created or deleted in a specific order

            The DependsOn documentation has more scenarios on when and why you might want to use DependsOn.

            Source https://stackoverflow.com/questions/70399358

            QUESTION

            Creating Managed Policy in CDK errors with MalformedPolicy
            Asked 2021-Dec-18 at 06:18

            When I try to deploy a seemingly simple CDK stack, it fails with a strange error. I don't get this same behavior when I create a different iam.ManagedPolicy in a different file, and that one has a much more complicated policy with several actions, etc. What am I doing wrong?

            ...

            ANSWER

            Answered 2021-Dec-18 at 06:18

            The role ARN rolename was incorrect; I was missing a colon after iam. So it's iam:: not iam:. I think I copied the single colon from a (wrong) example somewhere on the Internet. Gah...

            Source https://stackoverflow.com/questions/70400687

            QUESTION

            With pre-commit hook getting "E0000 Template needs to be an object."
            Asked 2021-Aug-06 at 09:41

            cfn-lint version: 0.53.0

            Description of issue.

            I have following setup on my Ubuntu machine

            1. cfn-lint
            2. cfn-python-lint via pre-commit

            Case 1: If I run cfn-lint ./**/*.yml from terminal at the project root folder then there are no errors

            Case 2: If I now try to git commit the code with pre-commit installed, it gives the following error "E0000 Template needs to be an object." for the parameters JSON file.

            The parameter JSON looks something like this:

            ...

            ANSWER

            Answered 2021-Aug-06 at 09:41

            In Case 1, you are only matching files with a *.yml extension and not a JSON extension. However, in Case 2, being your pre-commit hook, you do include json files as well. Meaning it will probably try to interpret your parameters JSON file as a CloudFormation file.

            Your parameters file isn't CloudFormation however, it is a simple JSON array containing some values. A CloudFormation file is always an object, never an array at the top level. This would explain the error message. The solution: only include files in your cfn-python-lint scan that are actually CloudFormation files.

            Source https://stackoverflow.com/questions/68664454

            QUESTION

            AWS cloudformation: How to run cfn-nag locally in Windows
            Asked 2021-Jul-15 at 10:53

            I have a cloud formation template where I have all the resources and details for the project.

            I have the cfn-lint setup locally and it is running perfectly fine. However when I push the code changes, build fails at deployment stage due to cfn-nag stating some simple changes which could be fixed.

            I'm using windows machine and I need a way to run this cfn-nag locally so that I could check this just like cfn-lint and fix them locally instead of waiting 40 minutes for build till it reaches deployment stage.

            I referred several posts online, found below two helpful

            https://stelligent.com/2018/03/23/validating-aws-cloudformation-templates-with-cfn_nag-and-mu/ https://github.com/stelligent/cfn_nag

            What is the difference between cfn-nag and cfn-lint and why lint is not failing on what cfn-nag is complaining about?

            The above links have some instructions on Ruby and Brew but I'm using Nodejs, felt lost. Please help.

            ...

            ANSWER

            Answered 2021-Jul-15 at 10:53

            CFN-Nag looks for patterns in AWS CloudFormation templates that may indicate insecure infrastructure,

            Ex:

            IAM rules that are too permissive (wildcards), Security group rules that are too permissive (wildcards), Access logs that aren’t enabled, Encryption that isn’t enabled,

            CFN-Lint scans the AWS CloudFormation template by processing a collection of Rules, where every rule handles a specific function check or validation of the template. It validates against AWS CloudFormation Resource specification.

            This collection of rules can be extended with custom rules using the --append-rules argument.

            Ex: Whitespaces, alignment(YAML), type checks, valid values for resource properties, and other best practices.

            Those two links you previded above have all the information needed, just not directly for a Nodejs developer using a Windows machine.

            Step1: Pull the docket image stelligent/cfn-nag

            Step2: Add the script to your package.json for cfn-nag

            Ex:

            Source https://stackoverflow.com/questions/68327451

            QUESTION

            How to check if CloudFormation template is correct?
            Asked 2021-Jun-30 at 22:27

            I want to deploy an SQS queue from a CloudFormation template. Is there any issue with my template?

            ...

            ANSWER

            Answered 2021-Jun-30 at 21:35

            sqs:SendMessage is missing the end quote

            Recommend trying the CloudFormation Linter in VSCode to see some of these errors inline while authoring templates along with autocompletion and documentation links

            Source https://stackoverflow.com/questions/68199178

            QUESTION

            Cloudformation DynamoDB-API Gateway Proxy
            Asked 2021-Mar-20 at 00:18

            I was trying to implement a dynamodb proxy using apigateway. But when invoking it, the api is returning error,

            Fri Mar 19 20:30:27 UTC 2021 : Execution failed due to configuration error: Unable to transform request

            Fri Mar 19 20:30:27 UTC 2021 : Method completed with status: 500

            To me it looks like the issue is not with the requestTemplates transformation(?), but what else, any idea?

            Cloudformation template.

            ...

            ANSWER

            Answered 2021-Mar-19 at 22:40

            I think this line is the issue:

            Source https://stackoverflow.com/questions/66715419

            QUESTION

            Differentiate between Shell Variables and Cloudformation template parameters
            Asked 2021-Feb-15 at 12:27

            I have come across a usecase where i am seeing conflict between Shell Variables and Cloudformation Parameters.

            Example:

            I am writing AWS::ImageBuilder::Component

            ...

            ANSWER

            Answered 2021-Feb-15 at 12:26

            You have to escape your variables using ${!} notation:

            Source https://stackoverflow.com/questions/66206218

            QUESTION

            Cfn-Lint : Property "ExecutionRoleArn" has no valid Refs to Resources at Resources/TaskDefinition/Properties/ExecutionRoleArn/Ref
            Asked 2021-Feb-02 at 11:13

            I am building a cloudformation template to run ECS cluster and ECS tasks on AWS.

            Also i am using Atom Text editor with plugin Cfn-Lint.

            I am facing below issue in cfn linter validation in Atom text editor as shown in image.

            Sharing some code snippet

            ...

            ANSWER

            Answered 2021-Feb-02 at 11:13

            To get the Arn, you have to use GetAtt intristic function:

            Source https://stackoverflow.com/questions/66008337

            QUESTION

            "Parameter values specified for a template which does not require them." when trying to deploy a conformance pack via AWS cloudformation
            Asked 2020-Nov-12 at 09:16

            I am working on a proof of concept for deploying a conformance pack via AWS cloudformation and I am stumped by the error "Parameter values specified for a template which does not require them." The config rule I am using does require a parameter. Code is attached. I have also tested the template with cfn-lint and do not receive any feedback/errors.

            My template is "simple" and below:

            ...

            ANSWER

            Answered 2020-Nov-12 at 09:16

            The cause is that you are passing a parameter (the one specified in ConformancePackInputParameters) to a CloudFormation template (the one specified in TemplateBody) that does not contain a Parameters section and therefore expects no parameters. To solve this, you need to add a parameter to the inner CloudFormation template, which you can then refer to in predefinedPolicyName:

            The following template works for me:

            Source https://stackoverflow.com/questions/64794787

            QUESTION

            Use macro inside CloudFormation Conditions
            Asked 2020-Sep-10 at 00:16

            I've written a macro (called BucketChecker) that takes in an s3 bucket name and checks if it already exists. The fragment will return true or false accordingly.

            I would like to use this macro in a Conditions section as described in this article: https://cloudnineapps.com/blogs/cloud-computing/how-to-create-dynamic-condition-expressions-in-aws-cloudformation-using-macros/.

            The idea is to use this as a condition in my template like this:

            ...

            ANSWER

            Answered 2020-Jul-10 at 10:39

            Based on the comments.

            The cfn-linter was incorrectly classifying the Fn::Transform as malformed.

            Deploying the stack confirmed that there are no issues with the Fn::Transform.

            Source https://stackoverflow.com/questions/62817550

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install cfn-lint

            Python 2.7+ and 3.5+ are supported.
            There are getting started guides available in the documentation section to help with integrating cfn-lint or creating rules.

            Support

            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            Install
          • PyPI

            pip install cfn-lint

          • CLONE
          • HTTPS

            https://github.com/aws-cloudformation/cfn-lint.git

          • CLI

            gh repo clone aws-cloudformation/cfn-lint

          • sshUrl

            git@github.com:aws-cloudformation/cfn-lint.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular AWS Libraries

            localstack

            by localstack

            og-aws

            by open-guides

            aws-cli

            by aws

            awesome-aws

            by donnemartin

            amplify-js

            by aws-amplify

            Try Top Libraries by aws-cloudformation

            cfn-python-lint

            by aws-cloudformationPython

            cloudformation-guard

            by aws-cloudformationRust

            rain

            by aws-cloudformationGo

            custom-resource-helper

            by aws-cloudformationPython

            cloudformation-cli

            by aws-cloudformationPython