martysweet / cfn-lint Goto Github PK
View Code? Open in Web Editor NEWA CloudFormation JSON and YAML Validator
License: MIT License
A CloudFormation JSON and YAML Validator
License: MIT License
Outputs:
DBDNS:
Description: DNS Name of the DB Instance
Value: !GetAtt Database.Endpoint.Address
Results in
Resource: Outputs > DBDNS > Value
Message: Invalid parameters for Fn::GetAtt
Documentation: http://docs.aws.amazon.com/search/doc-search.html?searchPath=documentation-guide&searchQuery=Fn::GetAtt&x=0&y=0&this_doc_product=AWS+CloudFormation&this_doc_guide=User+Guide&doc_locale=en_us#facet_doc_product=AWS%20CloudFormation&facet_doc_guide=User%20Guide
However !GetAtt Database.Endpoint.Address
is valid and works in CloudFormation.
Template
Resources:
Bucket:
Type: AWS::S3::Bucket
Outputs:
DBDNS:
Description: DNS Name of the DB Instance
Value: !GetAtt Database.Endpoint.Address
Results in a Valid Template, however Database
is not defined in resources, so this template should be invalid.
Is it possible to start supporting the Serverless Application Model transform in the linter?
Currently, I get a bunch of errors like this on my template, which makes the tool quite useless:
Resource: Resources > GetStateFunction
Message: Resource GetStateFunction has an invalid Type of AWS::Serverless::Function.
Documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resources-section-structure.html
LoadBalancerListenerRule:
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
Actions:
- Type: forward
TargetGroupArn: !Ref LoadBalancerTargetGroup
Conditions:
- Field: path-pattern
Values:
- "*"
ListenerArn: !Ref LoadBalancerListener
Priority: 1
Results in
Resource: Resources > LoadBalancerListenerRule > Properties > 0
Message: Expected type String for 0, got value '*'
Documentation: http://docs.aws.amazon.com/search/doc-search.html?searchPath=documentation-guide&searchQuery=AWS::ElasticLoadBalancingV2::ListenerRule.RuleCondition.0&x=0&y=0&this_doc_product=AWS+CloudFormation&this_doc_guide=User+Guide&doc_locale=en_us#facet_doc_product=AWS%20CloudFormation&facet_doc_guide=User%20Guide
However "*" is valid
A template such as
Resources:
CloudFrontDistribution:
Type: "AWS::CloudFront::Distribution"
Properties:
DistributionConfig:
Aliases:
- !Ref DomainName
CacheBehaviors:
CacheBehavior
DefaultCacheBehavior:
DefaultCacheBehavior
DefaultRootObject: index.php"
Enabled: true
Logging:
Bucket: mybucket
IncludeCookies: false
Prefix: !Sub "${DomainName}/"
Origins:
- Id: !Sub "Root-${OriginDomainName}"
DomainName: !Ref OriginDomainName
CustomOriginConfig:
OriginProtocolPolicy: http-only
PriceClass: String
ViewerCertificate:
AcmCertificateArn: !Ref CertificateArn
Will throw an error of:
Resource: Resources > CloudFrontDistribution > Properties > DistributionConfig
Message: Bucket is not a valid property of AWS::CloudFront::Distribution.DistributionConfig.Logging
Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributionconfig.html#cfn-cloudfront-distributionconfig-logging
Resource: Resources > CloudFrontDistribution > Properties > DistributionConfig
Message: CustomOriginConfig is not a valid property of AWS::CloudFront::Distribution.DistributionConfig.Origin
Documentation: http://docs.aws.amazon.com/search/doc-search.html?searchPath=documentation-guide&searchQuery=AWS::CloudFront::Distribution.DistributionConfig.Origin&x=0&y=0&this_doc_product=AWS+CloudFormation&this_doc_guide=User+Guide&doc_locale=en_us#facet_doc_product=AWS%20CloudFormation&facet_doc_guide=User%20Guide
Among others...
This should be Resources > CloudFrontDistribution > Properties > DistributionConfig > Logging
, however it looks like the PropertyType is correct.
DeploymentIAMPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
ManagedPolicyName: DeploymentPolicyForMyApplication
Results in:
1 crit
Resource: Resources > DeploymentIAMPolicy > Properties
Message: ManagedPolicyName is not a valid property of AWS::IAM::ManagedPolicy
Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html
However "ManagedPolicyName" is specified here http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html
When i run the command: /usr/bin/cfn-lint validate idam-master-apps.yml
i get the following error:
root@bd9dd3ebbb6a:/home/jenkins/workspace/gehc-cft-idam/gehc-cft-idam# /usr/bin/cfn-lint validate idam-master-apps.yml
2017-07-26T13:42:37.586Z - error: uncaughtException: toGet.slice(...).join is not a function date=Wed Jul 26 2017 13:42:37 GMT+0000 (UTC), pid=708, uid=0, gid=0, cwd=/home/jenkins/workspace/gehc-cft-idam/gehc-cft-idam, execPath=/usr/local/nvm/versions/v7.4.0/bin/node, version=v7.4.0, argv=[/usr/local/nvm/versions/v7.4.0/bin/node, /usr/bin/cfn-lint, validate, idam-master-apps.yml], rss=36220928, heapTotal=18747392, heapUsed=10032080, external=61182, loadavg=[1.36962890625, 0.50634765625, 0.27392578125], uptime=1369536, trace=[column=40, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=doIntrinsicGetAtt, line=473, method=null, native=false, column=20, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=resolveIntrinsicFunction, line=375, method=null, native=false, column=38, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=recursiveDecent, line=327, method=null, native=false, column=13, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=recursiveDecent, line=337, method=null, native=false, column=13, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=recursiveDecent, line=337, method=null, native=false, column=13, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=recursiveDecent, line=337, method=null, native=false, column=13, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=recursiveDecent, line=337, method=null, native=false, column=13, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=recursiveDecent, line=337, method=null, native=false, column=5, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=resolveReferences, line=299, method=null, native=false, column=5, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=validateWorkingInput, line=108, method=null, native=false], stack=[TypeError: toGet.slice(...).join is not a function, at doIntrinsicGetAtt (/usr/lib/node_modules/cfn-lint/lib/validator.js:473:40), at resolveIntrinsicFunction (/usr/lib/node_modules/cfn-lint/lib/validator.js:375:20), at recursiveDecent (/usr/lib/node_modules/cfn-lint/lib/validator.js:327:38), at recursiveDecent (/usr/lib/node_modules/cfn-lint/lib/validator.js:337:13), at recursiveDecent (/usr/lib/node_modules/cfn-lint/lib/validator.js:337:13), at recursiveDecent (/usr/lib/node_modules/cfn-lint/lib/validator.js:337:13), at recursiveDecent (/usr/lib/node_modules/cfn-lint/lib/validator.js:337:13), at recursiveDecent (/usr/lib/node_modules/cfn-lint/lib/validator.js:337:13), at resolveReferences (/usr/lib/node_modules/cfn-lint/lib/validator.js:299:5), at validateWorkingInput (/usr/lib/node_modules/cfn-lint/lib/validator.js:108:5)]
It appears i have the npm libs installed but not sure why this is failing
As this is a dev tool, watching a template could be useful
Resource: Resources > LambdaFunction > Properties > Environment > Variables
Message: HEALTHCHECK_BUCKET is not a valid property of AWS::Lambda::Function.Map
Documentation: http://docs.aws.amazon.com/search/doc-search.html?searchPath=documentation-guide&searchQuery=AWS::Lambda::Function.Map&x=0&y=0&this_doc_product=AWS+CloudFormation&this_doc_guide=User+Guide&doc_locale=en_us#facet_doc_product=AWS%20CloudFormation&facet_doc_guide=User%20Guide
Resource: Resources > LambdaFunction > Properties > Environment > Variables
Message: SOMETHING_ELSE is not a valid property of AWS::Lambda::Function.Map
Documentation: http://docs.aws.amazon.com/search/doc-search.html?searchPath=documentation-guide&searchQuery=AWS::Lambda::Function.Map&x=0&y=0&this_doc_product=AWS+CloudFormation&this_doc_guide=User+Guide&doc_locale=en_us#facet_doc_product=AWS%20CloudFormation&facet_doc_guide=User%20Guide
We're getting a bunch of critical issues on our API Gateway definitions, which we believe are not actually issues.
They are mostly variations on these 3 issues:
API Gateway Resource PathPart
Resource: Resources > APIGatewayResource > Properties > PathPart
Message: Expected type String for PathPart, got value '{myPathPart}'
API Gateway Integration Responses
Resource: Resources > APIGatewayGetMethod > Properties > Integration > application/json
Message: Expected type String for application/json, got value '#set($inputRoot = $input.path('$'))
API Gateway Selection Pattern
Resource: Resources > APIGatewayGetMethod > Properties > Integration > SelectionPattern
Message: Expected type String for SelectionPattern, got value '.InternalServerError.'
This is a snippet of the offending cfn:
APIGatewayResource:
Type: "AWS::ApiGateway::Resource"
Properties:
PathPart: "{myPathPart}"
RestApiId:
Ref: APIGateway
APIGatewayGetMethod:
Type: "AWS::ApiGateway::Method"
Properties:
ApiKeyRequired: false
AuthorizationType: "NONE"
HttpMethod: GET
Integration:
Type: "AWS"
PassthroughBehavior: WHEN_NO_TEMPLATES
IntegrationHttpMethod: POST
IntegrationResponses:
- StatusCode: 200
- StatusCode: 500
ResponseTemplates:
application/json:
Fn::FindInMap: [CustomVariables, responseTemplates, error]
SelectionPattern: .*InternalServerError.*
- StatusCode: 400
SelectionPattern: .*BadRequest.*
ResponseTemplates:
application/json:
Fn::FindInMap: [CustomVariables, responseTemplates, error]
- StatusCode: 404
SelectionPattern: .*NotFound.*
ResponseTemplates:
application/json:
Fn::FindInMap: [CustomVariables, responseTemplates, error]
RequestTemplates:
application/json:
Fn::FindInMap: [CustomVariables, requestTemplates, valid]
Uri:
Fn::Sub:
- "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${Lambda}/invocations"
- Lambda:
Fn::GetAtt: [LambdaFunction, Arn]
MethodResponses:
- StatusCode: 200
ResponseModels:
application/json:
Ref: ResponseModel
- StatusCode: 500
- StatusCode: 400
- StatusCode: 404
ResourceId:
Ref: APIGatewayResource
RestApiId:
Ref: APIGateway
Hey,
I'm trying to write a PR to add map support and I'm finding that there are a lot of extraneous checks in this project for whether properties exist or not, etc. It's always good to be careful with js, but I think the level you are going to here is leading to a quite difficult to read codebase.
Would you accept a PR to write this in Typescript instead of es6? I'm happy to do the work, you're already transpiling (it would replace Babel), and I think it would lead to much cleaner code (the typescript compiler is smart enough to know when certain checks are not required, so you can largely rely on build-time safety instead of the hand-written runtime checks you are using now).
I know this would be quite an invasive change, so that's why I'm checking instead of barging ahead and PR/forking. If you're unsure maybe we could chat over some IM medium?
Cheers
Jarrad
COS
cfn-lint --debug --region eu-west-1 mytemplate.yaml
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/pseudo-parameter-reference.html
To avoid:
Resource: Resources > ConsulLoadBalancerSecurityGroup > Properties > VpcId
Message: Could not find value in map 123456789012|eu-west-1|VpcId. Have you tried specifying input parameters?
Documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-base64.html
'000000000000':
eu-west-1:
VpcId: vpc-00000000
Use CircleCI 2.0 for faster tests and builds
Check your template is not malformed. unknown tag !<!GetAZs>
Usage: SubAStack: Properties: Parameters: AvailabilityZone: !Select ['0', !GetAZs {Ref: 'AWS::Region'}] Type: AWS::CloudFormation::Stack
I am working to integrate this tool with Sceptre, which is a tool to orchestrate a set of stacks being deployed at once. I am not attempting to actually modify sceptre to call cfn-lint directly, but I am writing a local validation tool that runs cfn-lint
on all stacks in a Sceptre environment.
It would be really helpful to be able to do require('cfn-lint') in a node bridging script, as it's difficult to parse CLI output (and I guess this is not maintained as part of the concept of stable API, which is fair enough..)
require('cfn-lint/validator') does currently work as a workaround.
In addition, and for the same reason, it would be great to have access to computed stack outputs in the errorObject.
I currently have a branch that does both of these; would this functionality be considered?
The CLI interface isn't great.
aws cloudformation validate-stack
and parameters as closely as possibleNot currently sure how to do this with the current information.
This occurs when validating something like an IAM policy.
I'd like to be able to locally validate the syntax of my CloudFormation templates on PRs. I don't have any requirements to validate parameters and it's not realistic for me to document the parameters of all the templates I have. It would be quite useful to skip that option and any validation that depends on passing through parameters.
I'm not sure if this is currently supported, but I have some conditionals that are empty after being evaluated:
Parameters:
Env:
Description: Which Environment
Type: String
Default: Dev
AllowedValues:
- Dev
- QA
- PreProd
- Production
Conditions:
isProd: !Equals [!Ref Env, Production]
isPreProd: !Equals [!Ref Env, PreProd]
isProdOrPreProd: !Or
- Condition: isProd
- Condition: isPreProd
isNotProdOrPreProd: !Not
- Condition: isProdOrPreProd
Mappings:
App:
Dev:
CertificateId: NA
CertificateArn: arn:aws:acm:us-east-1:etc
Production:
CertificateId: 09187234234
CertificateArn: NA
# ... CloudFront config
ViewerCertificate:
IamCertificateId: !If
- isProd
- !FindInMap [App, !Ref Env, CertificateId]
- !Ref "AWS::NoValue"
AcmCertificateArn: !If
- isPreProd
- !FindInMap [App, !Ref Env, CertificateArn]
- !Ref "AWS::NoValue"
cfn-lint validate myapp.yml --pseudo AWS::Region=ap-southeast-2
Results in:
3 crit
Resource: Resources > cloudfrontDistribution > Properties > DistributionConfig > ViewerCertificate > IamCertificateId
Message: Expected type String for IamCertificateId, got value '' instead
Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributionconfig-viewercertificate.html#cfn-cloudfront-distributionconfig-viewercertificate-iamcertificateid
Resource: Resources > cloudfrontDistribution > Properties > DistributionConfig > ViewerCertificate > AcmCertificateArn
Message: AcmCertificateArn is expecting an Arn, '' given. If this is a parameter, has it been specified with --parameters?
Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributionconfig-viewercertificate.html#cfn-cloudfront-distributionconfig-viewercertificate-acmcertificatearn
Resource: Resources > cloudfrontDistribution > Properties > DistributionConfig > ViewerCertificate > AcmCertificateArn
Message: Expected type String for AcmCertificateArn, got value '' instead
Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributionconfig-viewercertificate.html#cfn-cloudfront-distributionconfig-viewercertificate-acmcertificatearn
String checks should allow '-' in the regex.
Template Formation Version is expecting a quoted "2010-09-09", for some reason, unquoted 2010-09-09 is throwing an error.
The "Expected String type" error is giving 'String.IpProtocol' as a type, as opposed to 'SecurityGroup.IpProtocol', this is creating the invalid search
Resource: AWSTemplateFormatVersion
Message: AWSTemplateFormationVersion should be "2010-09-09"
Documentation: http://docs.aws.amazon.com/search/doc-search.html?searchPath=documentation-guide&searchQuery=AWSTemplateFormatVersion&x=0&y=0&this_doc_product=AWS+CloudFormation&this_doc_guide=User+Guide&doc_locale=en_us#facet_doc_product=AWS%20CloudFormation&facet_doc_guide=User%20Guide
Resource: Resources > SecurityGroup > Properties > IpProtocol
Message: Expected type String for IpProtocol, got value -1
Documentation: http://docs.aws.amazon.com/search/doc-search.html?searchPath=documentation-guide&searchQuery=String.IpProtocol&x=0&y=0&this_doc_product=AWS+CloudFormation&this_doc_guide=User+Guide&doc_locale=en_us#facet_doc_product=AWS%20CloudFormation&facet_doc_guide=User%20Guide
When using an AWS::CloudFormation::Stack resource type, in both JSON and YAML, if parameters are passed under resource properties validation fails with error: uncaughtException: Cannot read property 'hasOwnProperty. From error messages and my own troubleshooting, I believe that this bug is from validator.js's function checkResourceProperties, when it attempts process each property for property validation with checkEachProperty(resourceType, resources[res], 'Properties');. I've been able to replicate this the CloudFormation templates in
replication.txt.
As a workaround, I've added a check for resource type prior to checkEachProperty that seems to resolve the error, but presumably removes the desired vetting of parameters for AWS::CloudFormation::Stack.
if (resourceType !== 'AWS::CloudFormation::Stack') {
checkEachProperty(resourceType, resources[res], 'Properties');
}
An invalid property on a parameter doesn't seem to trigger an error (there's a typo in the Default
key):
Parameters:
MyPassword:
Description: Password
Type: String
Defaut: hunter2
NoEcho: True
This parameter was used in some UserData via Fn::Sub
.
Update the files about the new branching strategy, brief project overview and status.
If all happy with TS, add TS documentation for newcomers to learn from.
Invalid references made in the output section of the cloudformation stack is not handled.
Can the CLI provide a non-zero exit code for invalid templates, and optionally when crit
and warn
results exist?
This will allow cfn-lint to be used in a CI process that can abort/fail when invalid templates and/or critical errors are present
V1.3.0 -> V1.3.3
Slightly harder to check
Virtualization type 'hvm' is required for instances of type 'm4.large'. Ensure that you are using an AMI with virtualization type 'hvm'. For more information, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/virtualization_types.html
After validating, have the option to use the AWS API to do a final check
This ensures everything can be caught
Currently, if a ResourceType has an Attribute with 'Arn' in its name, cfn-lint mocks the attribute value to be a valid arn.
Would it be acceptable to extend this behaviour to Parameters with 'Arn' in the name? I structure my templates like this already so it would certainly fit my needs. This would obviate the need to pass mock Arn parameters by hand. It is 'opinionated' behaviour though, so I'm not sure if you would accept it. (It certainly wouldn't break any existing behaviour though as far as I can guess, it just would only work for people if they write their templates in a certain way.))
Resource type of Custom::*
is valid, but cfn-lint
fails it.
UserData:
- Fn::Base64
!Fn::Sub "PERSCODE=${ProvisionKey}"
Does not throw any validation errors
!Fn is invalid, should be !Sub
This template will fail with the message "Bucket name should not contain uppercase characters
"
However cfn-lint is not able to catch this.
$ cfn-lint validate s3bucket_parameter.yaml
0 infos
0 warn
0 crit
Template valid!
Tonys-Mac-mini:~/cloudformation $ cat s3bucket_parameter.yaml --- AWSTemplateFormatVersion: "2010-09-09" Parameters: BucketName: Description: "Name of MyS3Bucket" Type: "String" # Default: "mys3bucketacloudgurutraining" Resources: S3Bucket: Type: "AWS::S3::Bucket" Properties: BucketName: Ref: "BucketName" S3Bucket2: Type: "AWS::S3::Bucket" Properties: BucketName: "Publicreadbucket220170703" Outputs: S3BucketName: Value: Ref: "S3Bucket" Description: "Name of S3 bucket" S3BucketName2: Value: Ref: "S3Bucket2" Description: "Name of S3 bucket"
task.yaml:
Resources:
TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
ContainerDefinitions:
- LogConfiguration:
Options:
awslogs-region: "region"
cfn-lint validate task.yaml
/usr/local/lib/node_modules/cfn-lint/lib/resourcesSpec.js:121
return spec.hasOwnProperty('AdditionalProperties') && spec['AdditionalProperties'] === true;
^
TypeError: Cannot read property 'hasOwnProperty' of null
at Object.isAdditionalPropertiesEnabled (/usr/local/lib/node_modules/cfn-lint/lib/resourcesSpec.js:122:16)
at checkResourceProperty (/usr/local/lib/node_modules/cfn-lint/lib/validator.js:928:49)
at checkProperty (/usr/local/lib/node_modules/cfn-lint/lib/validator.js:1049:21)
at checkResourceProperty (/usr/local/lib/node_modules/cfn-lint/lib/validator.js:973:17)
at checkProperty (/usr/local/lib/node_modules/cfn-lint/lib/validator.js:1049:21)
at checkResourceProperty (/usr/local/lib/node_modules/cfn-lint/lib/validator.js:973:17)
at checkProperty (/usr/local/lib/node_modules/cfn-lint/lib/validator.js:1049:21)
at checkResourceProperty (/usr/local/lib/node_modules/cfn-lint/lib/validator.js:955:29)
at /usr/local/lib/node_modules/cfn-lint/lib/validator.js:919:9
at Array.forEach (native)
If DependsOn is not defined, suggest it to the user with INFO
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html
For example:
ConsulAutoScalingGroup:
Type: AWS::AutoScaling::AutoScalingGroup
Properties:
DesiredCapacity: 3
MaxSize: 7
MinSize: 3
MetricsCollection:
Granularity: 1Minute
HealthCheckType: EC2
LaunchConfigurationName: !Ref ConsulLaunchConfiguration
VPCZoneIdentifier: !FindInMap [!Ref "AWS::AccountId", !Ref "AWS::Region", "PrivateSubnets"]
Tags:
- Key: Consul-Auto-Discover
Value: !Sub "Consul-${AWS::AccountId}-${AWS::Region}-${AWS::StackName}"
PropagateAtLaunch: true
Invalid value 'Must specify both from and to ports with ICMP.' for portRange.
It appears parameters with values of int
are not being processed properly. This is probably getting picked up on tests but being ignored as the majority of tests only check critical errors.
Resource: Resources > ALBTargetGroup > Properties
Message: Unhandled property for HealthCheckIntervalSeconds
Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-healthcheckintervalseconds
Resource: Resources > ALBTargetGroup > Properties
Message: Unhandled property for UnhealthyThresholdCount
Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-unhealthythresholdcount
Resource: Resources > ALBTargetGroup > Properties
Message: Unhandled property for Port
Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-port
Resource: Resources > DNSRecordInstance > Properties
Message: Unhandled property for TTL
Documentation: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset.html#cfn-route53-recordset-ttl
Detect circular dependencies in the template. This is not urgent as it is caught by AWS before deploying a template.
It would be useful if cfn-lint could be ran in a sort of 'strict mode' that it would create an error if a parameter was missing and not provided as a Default or on the CLI, instead of (or maybe as well as) proceeding with a mocked value.
Perhaps an optional options
argument passed to validateFile
to switch behaviour.
Would you accept this?
S3LoggingBucket:
Type: AWS::S3::Bucket
Properties:
LifecycleConfiguration:
Rules:
- Status: Enabled
Transitions:
StorageClass: GLACIER
TransitionInDays: 60
is Invalid as Transitions should be array types (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-lifecycleconfig-rule.html).
S3LoggingBucket:
Type: AWS::S3::Bucket
Properties:
LifecycleConfiguration:
Rules:
- Status: Enabled
Transitions:
- StorageClass: GLACIER
TransitionInDays: 60
would be correct...
Getting this error from a fresh install of cfn-lint version 1.1.7.
The cloudformation template i'm using is a valid json format template which has already been deployed successfully.
root@DESKTOP-9JIN1GI:/mnt/c/workspace/andover-pipelinebot# npm install -g cfn-lint
/usr/bin/cfn-lint -> /usr/lib/node_modules/cfn-lint/lib/index.js
/usr/lib
└── [email protected]
root@DESKTOP-9JIN1GI:/mnt/c/workspace/andover-pipelinebot# cfn-lint --version
1.1.7
root@DESKTOP-9JIN1GI:/mnt/c/workspace/andover-pipelinebot# cfn-lint validate .serverless/cloudformation-template-update-stack.json
2017-10-31T14:35:12.455Z - error: uncaughtException: Cannot read property 'hasOwnProperty' of null date=Tue Oct 31 2017 14:35:12 GMT+0000 (STD), pid=1178, uid=0, gid=0, cwd=/mnt/c/workspace/andover-pipelinebot, execPath=/usr/bin/node, version=v6.11.3, argv=[/usr/bin/node, /usr/bin/cfn-lint, validate, .serverless/cloudformation-template-update-stack.json], rss=26845184, heapTotal=19972096, heapUsed=10396944, external=69450, loadavg=[0.5185546875, 0.57763671875, 0.5859375], uptime=103911, trace=[column=16, file=/usr/lib/node_modules/cfn-lint/lib/resourcesSpec.js, function=Object.isAdditionalPropertiesEnabled, line=121, method=isAdditionalPropertiesEnabled, native=false, column=49, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=checkResourceProperty, line=928, method=null, native=false, column=21, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=checkProperty, line=1049, method=null, native=false, column=17, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=checkResourceProperty, line=973, method=null, native=false, column=21, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=checkProperty, line=1049, method=null, native=false, column=17, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=checkResourceProperty, line=973, method=null, native=false, column=9, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=null, line=919, method=null, native=false, column=null, file=null, function=Array.forEach, line=null, method=forEach, native=true, column=27, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=checkEachProperty, line=918, method=null, native=false, column=17, file=/usr/lib/node_modules/cfn-lint/lib/validator.js, function=checkResourceProperties, line=902, method=null, native=false], stack=[TypeError: Cannot read property 'hasOwnProperty' of null, at Object.isAdditionalPropertiesEnabled (/usr/lib/node_modules/cfn-lint/lib/resourcesSpec.js:121:16), at checkResourceProperty (/usr/lib/node_modules/cfn-lint/lib/validator.js:928:49), at checkProperty (/usr/lib/node_modules/cfn-lint/lib/validator.js:1049:21), at checkResourceProperty (/usr/lib/node_modules/cfn-lint/lib/validator.js:973:17), at checkProperty (/usr/lib/node_modules/cfn-lint/lib/validator.js:1049:21), at checkResourceProperty (/usr/lib/node_modules/cfn-lint/lib/validator.js:973:17), at /usr/lib/node_modules/cfn-lint/lib/validator.js:919:9, at Array.forEach (native), at checkEachProperty (/usr/lib/node_modules/cfn-lint/lib/validator.js:918:27), at checkResourceProperties (/usr/lib/node_modules/cfn-lint/lib/validator.js:902:17)]
root@DESKTOP-9JIN1GI:/mnt/c/workspace/andover-pipelinebot# cfn-lint validate .serverless/cloudformation-template-update-stack.json --pseudo AWS::Region=eu-west-1,AWS::AccountId=12345
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
ExistingSecurityGroups:
Type: List<AWS::EC2::SecurityGroup::Id>
Resources:
Bucket:
Type: AWS::S3::Bucket
Results in:
0 infos
0 warn
1 crit
Resource: Parameters > ExistingSecurityGroups
Message: Parameter ExistingSecurityGroups has an invalid type of List<AWS::EC2::SecurityGroup::Id>.
Documentation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html
However List<AWS::EC2::SecurityGroup::Id>
is valid.
The Attributes that a Custom::
resource can have are arbitrary. Accessing any attribute of a Custom resource should return a mock value instead of creating an error.
Happy to work on this, just logging it so I don't forget :)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.