QuickStart specific rules for cfn-python-lint

Overview

AWS Quick Start cfn-lint rules

This repo provides CloudFormation linting rules specific to AWS Quick Start guidelines, for more information see the Contributors Guide..

Installation and Usage

cd ~/
git clone https://github.com/aws-quickstart/qs-cfn-lint-rules.git
cd qs-cfn-lint-rules
pip install -e .

To add the rules when running on the command line use the -a flag to add the additional rules:

cfn-lint my-cfn-template.yaml -a ~/qs-cfn-lint-rules/qs_cfn_lint_rules/

To use in your IDE install the relevant cfn-lint plugin and add the rules to your cfn-lint config file (~/.cfnlintrc) as follows:

append_rules:
- ~/qs-cfn-lint-rules/qs_cfn_lint_rules/

Vim Specfic Instructions (using vundle and syntastic)

image

Install the plugins:

Add to syntastic and vim-cfn your ~/.vimrc:

Add to vundle plugin section:

"---------------------------=== Cloudfromation  ===------------------------------
Plugin 'scrooloose/syntastic'        " Syntax checking plugin for Vim
Plugin 'speshak/vim-cfn'             "CloudFormation syntax checking/highlighting

Install plugins

vim +PluginInstall +qall

Set statusline and triggers:

Append to the bottom of your ~/.vimrc:

"cfn-lint
set statusline+=%#warningmsg#
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*

let g:syntastic_always_populate_loc_list = 1
let g:syntastic_auto_loc_list = 1
let g:syntastic_check_on_open = 1
let g:syntastic_check_on_wq = 0
let g:syntastic_cloudformation_checkers = ['cfn_lint']

Set FileTypes for vim-cfn:

Add to ~/.vim/bundle/vim-cfn/ftdetect/cloudformation.vim

autocmd BufNewFile,BufRead *.template setfiletype yaml.cloudformation
autocmd BufNewFile,BufRead *.template.yaml setfiletype yaml.cloudformation

Update syntastic pluging

Add the following to ~/.vim/after/plugin/syntastic.vim:

let g:syntastic_cloudformation_checkers = ['cfn_lint']

Comments
  • Add Child Stack parameter matching checks

    Add Child Stack parameter matching checks

    Issue #, if available:

    Adding support for AWS::CloudFormation::Stack to check for Parameter mismatching between parent and child templates.

    By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

    opened by gargana 4
  • Linting EncryptionKey problem

    Linting EncryptionKey problem

    Hello, I added Actions:

    kms:CancelKeyDeletion
    kms:ConnectCustomKeyStore
    kms:CreateAlias
    kms:CreateCustomKeyStore
    kms:CreateGrant
    kms:CreateKey
    kms:Decrypt
    kms:DeleteAlias
    ...
    

    And I get an error:

    EIAMPolicyWildcardResource IAM policy should not allow * resource; This method in this in this policy support granular permissions
    

    Following the official documentation, I tried this:

    Effect: Allow
    Principal:
      AWS: 'arn:aws:iam::111122223333:root'
    Action: 'kms:*'
    Resource: '*'
    

    And I get an error:

    EIAMPolicyActionWildcard IAM policy should not allow * Actions; List each required action explicitly instead matching actions for kms:* are: ["kms:GenerateDataKeyWithoutPlaintext", "kms:UpdatePrimaryRegion", "kms:CancelKeyDeletion", "kms:DisableKeyRotation", "kms:GenerateDataKey", "kms:EnableKeyRotation", "kms:GenerateDataKeyPairWithoutPlaintext", "kms:SynchronizeMultiRegionKey", "kms:EnableKey", "kms:ListKeyPolicies", "kms:DisableKey", "kms:DescribeKey", "kms:Decrypt", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:DescribeCustomKeyStores", "kms:ListKeys", "kms:GenerateDataKeyPair", "kms:GenerateRandom", "kms:ScheduleKeyDeletion", "kms:ImportKeyMaterial", "kms:Encrypt", "kms:GetPublicKey", "kms:CreateAlias", "kms:DeleteCustomKeyStore", "kms:Verify", "kms:CreateKey", "kms:Sign", "kms:ListGrants", "kms:RetireGrant", "kms:RevokeGrant", "kms:ListRetirableGrants", "kms:DeleteAlias", "kms:ReEncryptTo", "kms:PutKeyPolicy", "kms:UpdateCustomKeyStore", "kms:DisconnectCustomKeyStore", "kms:ReplicateKey", "kms:UntagResource", "kms:ListResourceTags", "kms:CreateCustomKeyStore", "kms:ConnectCustomKeyStore", "kms:UpdateKeyDescription", "kms:TagResource", "kms:GetParametersForImport", "kms:UpdateAlias", "kms:ListAliases", "kms:DeleteImportedKeyMaterial", "kms:ReEncryptFrom", "kms:CreateGrant"]
    

    How can I solve the problem?

    opened by grimmyson 1
  • Apply mixed-line-ending recommendations

    Apply mixed-line-ending recommendations

    Issue #, if available:

    Description of changes: Apply mixed-line-ending pre-commit-hook recommendations

    By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

    enhancement 
    opened by tlindsay42 1
  • Failing stack creation on certain error codes.

    Failing stack creation on certain error codes.

    Hi,

    We have developed a cicd pipeline for creating resources through cfn. As a security checks, we use cfn-lint and cfn-nag for testing the templates. Is there any flags to pass so that we can fail the build if certain error codes met ?

    opened by sriram9707 1
  • Add custom dictionary words

    Add custom dictionary words

    • For quickstart-amazon-eks

    By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

    opened by tlindsay42 0
  • Add custom dictionary words

    Add custom dictionary words

    • For quickstart-amazon-eks

    By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

    opened by tlindsay42 0
  • Add custom dictionary words

    Add custom dictionary words

    • For quickstart-amazon-eks

    By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

    opened by tlindsay42 0
  • Add custom dictionary words

    Add custom dictionary words

    • For quickstart-eks-gitlab

    By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

    opened by tlindsay42 0
  • Restrict cfn-lint version

    Restrict cfn-lint version

    Description of changes: Restrict cfn-lint version

    By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

    opened by vsnyc 0
  • Add custom dictionary words

    Add custom dictionary words

    • For quickstart-eks-gitlab

    By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

    opened by tlindsay42 0
  • Add custom dictionary words

    Add custom dictionary words

    • For quickstart-eks-gitlab

    By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

    opened by tlindsay42 0
  • Update EBSVolumeEncryption.py

    Update EBSVolumeEncryption.py

    Description of changes: Incorrect property is being checked, it should be Encrypted, not StorageEncrypted for AWS::EC2::Volume

    By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

    opened by vsnyc 0
  • AWS::RDS::DBCluster/StorageEncrypted false positive

    AWS::RDS::DBCluster/StorageEncrypted false positive

    The AWS::RDS::DBCluster resource property StorageEncrypted is not property evaluated. When this value is set to true the lint rule violation persists.

    opened by andrew-glenn 0
  • New rule for : Linting Rule for LABELS PARAMETERS in Param Label structure

    New rule for : Linting Rule for LABELS PARAMETERS in Param Label structure

    Having bad indentation can break document generation:

        - Label:
            default: Aerospike configuration
          Parameters:
          - NumberOfInstances
          - Tenancy
          - EnableCloudWatch
          - InstanceType
          - EBS
          - NamespaceFile
          - FeatureKeyFile
        - Label:
            default: Linux bastion configuration
            Parameters:
              - BastionAMIOS
              - BastionInstanceType
              - NumBastionHosts
    
    opened by gargana 0
Releases(v1.5)
Owner
AWS Quick Start
Automated gold-standard deployments on AWS
AWS Quick Start
Rotates Amazon Personalize filters on a schedule based on dynamic templates

Amazon Personalize Filter Rotation This project contains the source code and supporting files for deploying a serverless application that provides aut

James Jory 2 Nov 12, 2021
Disco is an extensive and extendable Python 2.x/3.x library for the Discord API.

disco Disco is an extensive and extendable Python 2.x/3.x library for the Discord API. Disco boasts the following major features: Expressive, function

1 Nov 18, 2021
ChannelActionsBot - Channel Actions Bot With Python

ChannelActionsBot Can be found on telegram as @ChannelActionsBot! Features Auto

Aditya 56 Dec 30, 2022
Bezlik Year Calendar Planner

Bezlik Year Calendar Planner Scribus script for creating year planners on one page A1 paper format. Script is based on Year-Calendar-Script-for-Scribu

Bohdan Bobrowski 2 May 24, 2022
ToqueIO Nuke tools - A collection of tools designed to assist in enhancing your workflows within nuke

ToqueIO Nuke tools - A collection of tools designed to assist in enhancing your workflows within nuke

4 Feb 19, 2022
Python script to extract all Humble Bundle keys and redeem them on Steam automagically.

humble-steam-key-redeemer Python script to extract all Humble keys and redeem them on Steam automagically. This is primarily designed to be a set-it-a

74 Jan 08, 2023
A powerful, cool and well-made userbot for your Telegram profile with promising extension capabilities.

Telecharm userbot A powerful, fast and simple Telegram userbot written in Python 3 and based on Pyrogram 1.X. Currently in active WIP state, so feel f

Daniil Kovalenko 16 Dec 01, 2022
Fun telegram bot =)

Recolor Bot About Fun telegram bot, that can change your hair color. Preparations Update package lists sudo apt-get update; Make sure Git and docker-c

Just Koala 4 Jul 09, 2022
Tools for use in DeFi. Impermanent Loss calculations, staking and farming strategies, coingecko and pancakeswap API queries, liquidity pools and more

DeFi open source tools Get Started Instalation General Tools Impermanent Loss, simple calculation Compare Buy & Hold with Staking and Farming Complete

Juan Pablo Pisano 467 Jan 08, 2023
Python wrapper for the GitLab API

Python GitLab python-gitlab is a Python package providing access to the GitLab server API. It supports the v4 API of GitLab, and provides a CLI tool (

1.9k Dec 31, 2022
Use Node JS Keywords In Python!!!

Use Node JS Keywords In Python!!!

Sancho Godinho 1 Oct 23, 2021
Python binding for Terraform.

Python libterraform Python binding for Terraform. Installation $ pip install libterraform NOTE Please install version 0.3.1 or above, which solves the

Prodesire 28 Dec 29, 2022
Seamlessly Connecting Notion Database with Python Pandas DataFrame

notion-df: Seamlessly Connecting Notion Database with Pandas DataFrame Please Note: This project is currently in pre-alpha stage. The code are not app

Shannon Shen 38 Dec 28, 2022
Sample code helps get you started with a simple Python web service using AWS Lambda and Amazon API Gateway

Welcome to the AWS CodeStar sample web service This sample code helps get you started with a simple Python web service using AWS Lambda and Amazon API

0 Jan 20, 2022
💻 A fully functional local AWS cloud stack. Develop and test your cloud & Serverless apps offline!

LocalStack - A fully functional local AWS cloud stack LocalStack provides an easy-to-use test/mocking framework for developing Cloud applications. Cur

LocalStack 45.3k Jan 02, 2023
Twitter feed of newly published articles in Limnology

limnopapers Code to monitor limnology RSS feeds and tweet new articles. Scope The keywords and journal choices herein aim to focus on limnology (the s

7 Dec 20, 2022
Wrapper around the latest Tuenti API

python-tuenti Overview Wrapper around the latest Tuenti API. Installation Install using pip, including any optional packages you want... $ pip install

Juan Riaza 10 Mar 07, 2022
Darkflame Universe Account Manager

Darkflame Universe Account Manager This is a quick and simple web application intended for account creation and management for a DLU instance created

31 Nov 29, 2022
Unofficial python api for MicroBT Whatsminer ASICs

whatsminer-api Unofficial python api for MicroBT Whatsminer ASICs Code adapted from a python file found in the Whatsminer Telegram group that is credi

Satoshi Anonymoto 16 Dec 23, 2022
Many discord bots serving different purposes

Discord_Botlari Farklı amaçlara hizmet eden bir çok discord botu En kapsamlı Bot Game Bottur. bir oyun botudur discord sunucularında kullanılır. (tüm

1 Dec 21, 2021