cfn-lint

CloudFormation Specifications

• Patch in AWS::SageMaker::CodeRepository to the CloudFormation spec (issue #1005)
• Patch in Tags into IAM Roles and Users (issue #1015)
• Update CloudFormation spec to version 4.2.0 (pull #1023)
• Update specs from pricing and SSM data as of 2019.07.13

Fixes

• Add more Availability Zones (pull #1021)

CloudFormation Specifications

• Patch in AWS::Cognito::UserPool resource information for ap-south-1 and ap-southeast-1 (issue #1002)
• Remove manual patching for AWS::Backup::BackupPlan resource information and fix a few spec issues (pull #1006)
• Fix a few spec regex patterns that were missing escapes of - inside [] (issue #997)
• Update pricing script to include bare metal instance types (issue #998)
• Create a regex pattern for IAM Policy Names (issue #996)
• Patch CloudFormation specs from SSM data on 2019.07.10

Fixes

• Fix a warning when loading resources using a \ in the prefix (issue #1009)

CloudFormation Specifications

• Add INSTANCE to DLMPolicyResourceType allowed values (pull #995)
• Update specs from weird 4.1.0 release (pull #994)
• Update instance types and patches from SSM to date 2019.07.04 (pull #1001)
• Add all the allowed values of the AWS::EFS Resources (pull #990)

Fixes

• Fix an issue where rules were being loaded twice (pull #980)
• Fix an issue with rule E1010 to split GetAtt strings into two values (issue #986)
• Update rules E8004, E8003, E8005, and E8006 to not flag functions used in Service Catalog rules section (issue #979)
• Patched testing for Lambda Runtime EOL and end dates to test as if a specific date (pull #999)

CloudFormation Specifications

• Update specs to 4.1.0
• Added LaunchTemplateId/LaunchTemplateName of the AutoScalingGroup to the OnlyOne
• Patch resource AWS::EC2::LaunchTemplate property TagSpecifications
• Add AWS::EC2::LaunchTemplate property to LaunchTemplateName min/max/pattern
• Add AWS::EC2::LaunchTemplate allowed values for the ResourceType property
• Remove/Add services to region tables based on SSM endpoints

Fixes

• Update JsonSchem to 3.0 to support the new version 1.12.0 of aws-sam-translator
• Update rule E2503 to allow NLBs to use UDP
• Update rule E3020 to include many special characters for DNS records
• Sort filenames when getting a bunch of templates from a folder
• Fix typos in the integration documentation

Features

• Remove rule W2507 and use rule E3008 instead
• Remove rule W2508 and use rule E3008 instead

CloudFormation Specifications

• Update specs to 3.4.0
• Add all the allowed values of the AWS::ECS Resources.
• Update CloudFormation Spec to include the Backup Resources
• Add Cognito RefreshTokenValidity number limits

Fixes

• Fix copy-paste typo in Not function check
• Don't fail when conditions are used with parameters and allowed values
• More IAM Resource exceptions for Sub Needed check

Features

• Update rule E3001 to validate that a Resource Condition is a string

CloudFormation Specifications

• Add all the allowed values of the AWS::EC2 CapacityReservation Resources
• Update Launch Configuration IamInstanceProfile to support Ref or GetAtt to an IAM Instance Profile

Fixes

• Fix lessthan type in a bunch of rules
• Update rule E2507 to handle intrinsics when testing the values for Effect
• Fix rule E8002 to not error when the Condition isn't a string

Features

• Include more resource types in W3037

CloudFormation Specifications

• Add Resource Type AWS::CDK::Metadata

Fixes

• Uncap requests dependency in setup.py
• Check Join functions have lists in the correct sections
• Pass a parameter value for AutoPublishAlias when doing a Transform
• Show usage examples when displaying the help

Fixes

• Support dumping strings for datetime objects when doing a Transform

CloudFormation Specifications

• Update CloudFormation specs to 3.3.0
• Update instance types from pricing API as of 2019.05.23

Features

• Add Info logging capability and set the default logging to NotSet

Fixes

• Only do rule logging (start/stop/time) when the rule is going to be called
• Update rule E1019 to allow Fn::Transform inside a Fn::Sub
• Update rule W2001 to not break when Fn::Transform inside a Fn::Sub
• Update rule E2503 to allow conditions to be used and to not default to network load balancer when an object is used for the Load Balancer type

Features

• New rule E3038 to check if a Serverless resource includes the appropriate Transform
• New rule E2531 to validate a Lambda's runtime against the deprecated dates
• New rule W2531 to validate a Lambda's runtime against the EOL dates
• Update rule E2541 to include updates to Code Pipeline capabilities
• Update rule E2503 to include checking of values for load balancer attributes

CloudFormation Specifications

• Update CloudFormation specs to 3.2.0
• Update instance types from pricing API as of 2019.05.20

Fixes

• Include setuptools in setup.py requires

CloudFormation Specifications

• Update instance types from pricing API as of 2019.05.16

Fixes

• Update E7001 to allow float/doubles for mapping values
• Update W1020 to check pre-transformed Fn::Sub(s) to determine if a Sub is needed
• Pin requests to be below or equal to 2.21.0 to prevent issues with botocore

Features

• Add support for List Parameter types

CloudFormation Specifications

• Add allowed values for AWS::EC2 EIP, FlowLog, CustomerGateway, DHCPOptions, EC2Fleet
• Create new property type for Security Group IDs or Names
• Add new Lambda runtime environment for NodeJs 10.x
• Move AWS::ServiceDiscovery::Service Health checks from Only One to Exclusive
• Update Glue Crawler Role to take an ARN or a name
• Remove PrimitiveType from MaintenanceWindowTarget Targets
• Add Min/Max values for Load Balancer Ports to be between 1-65535

Fixes

• Include License file in the pypi package to help with downstream projects
• Filter out dynamic references from rule E3031 and E3030
• Convert Python linting and Code Coverage from Python 3.6 to 3.7

Fixes

• Update rule E8003 to support more functions inside a Fn::Equals

Features

• Allow a rule's exception to be defined in a resource's metadata
• Add rule configuration capabilities
• Update rule E3012 to allow for non strict property checking
• Add rule E8003 to test Fn::Equals structure and syntax
• Add rule E8004 to test Fn::And structure and syntax
• Add rule E8005 to test Fn::Not structure and syntax
• Add rule E8006 to test Fn::Or structure and syntax
• Include Path to error in the JSON output
• Update documentation to describe how to install cfn-lint from brew

CloudFormation Specifications

• Update CloudFormation specs to version 3.0.0
• Add new region ap-east-1
• Add list min/max and string min/max for CloudWatch Alarm Actions
• Add allowed values for EC2::LaunchTemplate
• Add allowed values for EC2::Host
• Update allowed values for Amazon MQ to include 5.15.9
• Add AWS::Greengrass::ResourceDefinition to GreenGrass supported regions
• Add AWS::EC2::VPCEndpointService to all regions
• Update AWS::ECS::TaskDefinition ExecutionRoleArn to be a IAM Role ARN
• Patch spec files for SSM MaintenanceWindow to look for Target and not Targets
• Update ManagedPolicyArns list size to be 20 which is the hard limit. 10 is the soft limit.

Fixes

• Fix rule E3033 to check the string size when the string is inside a list
• Fix an issue in which AWS::NotificationARNs was not a list
• Add AWS::EC2::Volume to rule W3010
• Fix an issue with W2001 where SAM translate would remove the Ref to a parameter causing this error to falsely trigger
• Fix rule W3010 to not error when the availability zone is 'all'

Fixes

• Fix core Condition processing to support direct Condition in another Condition
• Fix the W2030 to check numbers against string allowed values

Features

• Add NS and PTR Route53 record checking to rule E3020
• New rule E3050 to check if a Ref to IAM Role has a Role path of '/'
• New rule E3037 to look for duplicates in a list that doesn't support duplicates
• New rule I3037 to look for duplicates in a list when duplicates are allowed

CloudFormation Specifications

• Add Min/Max values to AWS::ElasticLoadBalancingV2::TargetGroup HealthCheckTimeoutSeconds
• Add Max JSON size to AWS::IAM::ManagedPolicy PolicyDocument
• Add allowed values for AWS::EC2 SpotFleet, TransitGateway, NetworkAcl
  NetworkInterface, PlacementGroup, and Volume
• Add Min/max values to AWS::Budgets::Budget.Notification Threshold
• Update RDS Instance types by database engine and license definitions using the pricing API
• Update AWS::CodeBuild::Project ServiceRole to support Role Name or ARN
• Update AWS::ECS::Service Role to support Role Name or ARN

Fixes

• Update E3025 to support the new structure of data in the RDS instance type json
• Update E2540 to remove all nested conditions from the object
• Update E3030 to not do strict type checking
• Update E3020 to support conditions nested in the record sets
• Update E3008 to better handle CloudFormation sub stacks with different GetAtt formats

CloudFormation Specifications

• Update CloudFormation Specs to 2.30.0
• Fix IAM Regex Path to support more character types
• Update AWS::Batch::ComputeEnvironment.ComputeResources InstanceRole to reference an
  InstanceProfile or GetAtt the InstanceProfile Arn
• Allow VPC IDs to Ref a Parameter of type String

Fixes

• Fix E3502 to check the size of the property instead of the parent object

Features

• New rule E3032 to check the size of lists
• New rule E3502 to check JSON Object Size using definitions in the spec file
• New rule E3033 to test the minimum and maximum length of a string
• New rule E3034 to validate the min and max of a number
• Remove Ebs Iops check from E2504 and use rule E3034 instead
• Remove rule E2509 and use rule E3033 instead
• Remove rule E2508 as it replaced by E3032 and E3502
• Update rule E2503 to check that there are at least two 2 Subnets or SubnetMappings for ALBs
• SAM requirement upped to minimal version of 1.10.0

CloudFormation Specifications

• Extend specs to include:
  • ListMin and ListMax for the minimum and maximum size of a list
  • JsonMax to check the max size of a JSON Object
  • StringMin and StringMax to check the minimum and maximum length of a String
  • NumberMin and NumberMax to check the minimum and maximum value of a Number, Float, Long
• Update State and ExecutionRoleArn to be required on AWS::DLM::LifecyclePolicy
• Add AllowedValues for PerformanceInsightsRetentionPeriod for AWS::RDS::Instance
• Add AllowedValues for the AWS::GuardDuty Resources
• Add AllowedValues for AWS::EC2 VPC and VPN Resources
• Switch IAM Instance Profiles for certain resources to the type that only takes the name
• Add regex pattern for IAM Instance Profile when a name (not Arn) is used
• Add regex pattern for IAM Paths
• Add Regex pattern for IAM Role Arn
• Update OnlyOne spec to require require at least one of Subnets or SubnetMappings with ELB v2

Fixes

• Fix serverless transform to use DefinitionBody when Auth is in the API definition
• Fix rule W2030 to not error when checking SSM or List Parameters

Features

• Update rule E2503 to make sure NLBs don't have a Security Group configured

CloudFormation Specifications

• Add all the allowed values of the AWS::Glue Resources
• Update OnlyOne check for AWS::CloudWatch::Alarm to only MetricName or Metrics
• Update Exclusive check for AWS::CloudWatch::Alarm for properties mixed with Metrics and Statistic
• Update CloudFormation specs to 2.29.0
• Fix type with MariaDB in the AllowedValues
• Update pricing information for data available on 2018.3.29

Fixes

• Fix rule E1029 to not look for a sub is needed when looking for iot strings in policies
• Fix rule E2541 to allow for ActionId Versions of length 1-9 and meets regex [0-9A-Za-z_-]+
• Fix rule E2532 to allow for Parameters inside a Pass action
• Fix an issue when getting the location of an error in which numbers are causing an attribute error