QuickStart specific rules for cfn-python-lint

Last update: Jul 30, 2022

Overview

AWS Quick Start cfn-lint rules

This repo provides CloudFormation linting rules specific to AWS Quick Start guidelines, for more information see the Contributors Guide..

Installation and Usage

cd ~/
git clone https://github.com/aws-quickstart/qs-cfn-lint-rules.git
cd qs-cfn-lint-rules
pip install -e .

To add the rules when running on the command line use the -a flag to add the additional rules:

cfn-lint my-cfn-template.yaml -a ~/qs-cfn-lint-rules/qs_cfn_lint_rules/

To use in your IDE install the relevant cfn-lint plugin and add the rules to your cfn-lint config file (~/.cfnlintrc) as follows:

append_rules:
- ~/qs-cfn-lint-rules/qs_cfn_lint_rules/

Vim Specfic Instructions (using vundle and syntastic)

Install the plugins:

Add to syntastic and vim-cfn your ~/.vimrc:

Add to vundle plugin section:

"---------------------------=== Cloudfromation  ===------------------------------
Plugin 'scrooloose/syntastic'        " Syntax checking plugin for Vim
Plugin 'speshak/vim-cfn'             "CloudFormation syntax checking/highlighting

Install plugins

vim +PluginInstall +qall

Set statusline and triggers:

Append to the bottom of your ~/.vimrc:

"cfn-lint
set statusline+=%#warningmsg#
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*

let g:syntastic_always_populate_loc_list = 1
let g:syntastic_auto_loc_list = 1
let g:syntastic_check_on_open = 1
let g:syntastic_check_on_wq = 0
let g:syntastic_cloudformation_checkers = ['cfn_lint']

Set FileTypes for vim-cfn:

Add to ~/.vim/bundle/vim-cfn/ftdetect/cloudformation.vim

autocmd BufNewFile,BufRead *.template setfiletype yaml.cloudformation
autocmd BufNewFile,BufRead *.template.yaml setfiletype yaml.cloudformation

Update syntastic pluging

Add the following to ~/.vim/after/plugin/syntastic.vim:

let g:syntastic_cloudformation_checkers = ['cfn_lint']

Comments

Add Child Stack parameter matching checks

Issue #, if available:

Adding support for AWS::CloudFormation::Stack to check for Parameter mismatching between parent and child templates.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

opened by gargana 4

Linting EncryptionKey problem

Hello, I added Actions:

kms:CancelKeyDeletion
kms:ConnectCustomKeyStore
kms:CreateAlias
kms:CreateCustomKeyStore
kms:CreateGrant
kms:CreateKey
kms:Decrypt
kms:DeleteAlias
...

And I get an error:

EIAMPolicyWildcardResource IAM policy should not allow * resource; This method in this in this policy support granular permissions

Following the official documentation, I tried this:

Effect: Allow
Principal:
  AWS: 'arn:aws:iam::111122223333:root'
Action: 'kms:*'
Resource: '*'

And I get an error:

EIAMPolicyActionWildcard IAM policy should not allow * Actions; List each required action explicitly instead matching actions for kms:* are: ["kms:GenerateDataKeyWithoutPlaintext", "kms:UpdatePrimaryRegion", "kms:CancelKeyDeletion", "kms:DisableKeyRotation", "kms:GenerateDataKey", "kms:EnableKeyRotation", "kms:GenerateDataKeyPairWithoutPlaintext", "kms:SynchronizeMultiRegionKey", "kms:EnableKey", "kms:ListKeyPolicies", "kms:DisableKey", "kms:DescribeKey", "kms:Decrypt", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:DescribeCustomKeyStores", "kms:ListKeys", "kms:GenerateDataKeyPair", "kms:GenerateRandom", "kms:ScheduleKeyDeletion", "kms:ImportKeyMaterial", "kms:Encrypt", "kms:GetPublicKey", "kms:CreateAlias", "kms:DeleteCustomKeyStore", "kms:Verify", "kms:CreateKey", "kms:Sign", "kms:ListGrants", "kms:RetireGrant", "kms:RevokeGrant", "kms:ListRetirableGrants", "kms:DeleteAlias", "kms:ReEncryptTo", "kms:PutKeyPolicy", "kms:UpdateCustomKeyStore", "kms:DisconnectCustomKeyStore", "kms:ReplicateKey", "kms:UntagResource", "kms:ListResourceTags", "kms:CreateCustomKeyStore", "kms:ConnectCustomKeyStore", "kms:UpdateKeyDescription", "kms:TagResource", "kms:GetParametersForImport", "kms:UpdateAlias", "kms:ListAliases", "kms:DeleteImportedKeyMaterial", "kms:ReEncryptFrom", "kms:CreateGrant"]

How can I solve the problem?

opened by grimmyson 1

Apply mixed-line-ending recommendations

Issue #, if available:

Description of changes: Apply mixed-line-ending pre-commit-hook recommendations

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
enhancement

opened by tlindsay42 1
Failing stack creation on certain error codes.

Hi,

We have developed a cicd pipeline for creating resources through cfn. As a security checks, we use cfn-lint and cfn-nag for testing the templates. Is there any flags to pass so that we can fail the build if certain error codes met ?

opened by sriram9707 1
Add custom dictionary words
For quickstart-amazon-eks

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-amazon-eks

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-amazon-eks

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-eks-gitlab

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Restrict cfn-lint version

Description of changes: Restrict cfn-lint version

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

opened by vsnyc 0
Add custom dictionary words
For quickstart-eks-gitlab

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-eks-gitlab

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Update EBSVolumeEncryption.py

Description of changes: Incorrect property is being checked, it should be Encrypted, not StorageEncrypted for AWS::EC2::Volume

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

opened by vsnyc 0
AWS::RDS::DBCluster/StorageEncrypted false positive

The AWS::RDS::DBCluster resource property StorageEncrypted is not property evaluated. When this value is set to true the lint rule violation persists.

opened by andrew-glenn 0

New rule for : Linting Rule for LABELS PARAMETERS in Param Label structure

Having bad indentation can break document generation:

    - Label:
        default: Aerospike configuration
      Parameters:
      - NumberOfInstances
      - Tenancy
      - EnableCloudWatch
      - InstanceType
      - EBS
      - NamespaceFile
      - FeatureKeyFile
    - Label:
        default: Linux bastion configuration
        Parameters:
          - BastionAMIOS
          - BastionInstanceType
          - NumBastionHosts

opened by gargana 0

Releases(v1.5)

v1.5(Oct 10, 2022)

Source code(tar.gz)
Source code(zip)
v1.4(Sep 27, 2022)

Source code(tar.gz)
Source code(zip)
v1.3(Sep 27, 2022)

Source code(tar.gz)
Source code(zip)
v1.2(Aug 31, 2022)

Source code(tar.gz)
Source code(zip)
v1.1(Mar 16, 2022)

null
Source code(tar.gz)
Source code(zip)
v1.0(Mar 4, 2022)

null
Source code(tar.gz)
Source code(zip)
v1.0.dev0(Nov 18, 2020)

Source code(tar.gz)
Source code(zip)

Owner

AWS Quick Start

Automated gold-standard deployments on AWS

GitHub Repository

A multi-purpose Discord bot with simple moderation commands, reaction roles, reminders, and much more!

Nokari This is the rewrite of Nokari. There are still a lot of things to be done. I'm still working on the internal logic, so the bot basically has no

13 Nov 17, 2022

Telegram Group Manager Bot Written In Python Using Pyrogram.

──「𝐂𝐡𝐢𝐤𝐚 𝐅𝐮𝐣𝐢𝐰𝐚𝐫𝐚」── Telegram Group Manager Bot Written In Python Using Pyrogram. Deploy To Heroku NOTE: I'm making this note to whoever

3 Feb 12, 2022

Automatically send commands to send Twitch followers to any Twitch account.

Automatically send commands to send Twitch followers to any Twitch account. You just need to be in a Twitch follow bot Discord server!

6 Nov 27, 2022

A multi exploit instagram exploitation framework

Instagram Exploitation Framework About IEF Is an open source Instagram Exploitation Framework with various Exploits that could be used to mod your pro

1 May 23, 2022

𝐀 𝐦𝐨𝐝𝐮𝐥𝐚𝐫 𝐓𝐞𝐥𝐞𝐠𝐫𝐚𝐦 𝐆𝐫𝐨𝐮𝐩 𝐦𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 𝐛𝐨𝐭 𝐰𝐢𝐭𝐡 𝐮𝐥𝐭𝐢𝐦𝐚𝐭𝐞 𝐟𝐞𝐚𝐭𝐮𝐫𝐞𝐬 !!

𝐇𝐨𝐰 𝐓𝐨 𝐃𝐞𝐩𝐥𝐨𝐲 For easiest way to deploy this Bot click on the below button 𝐌𝐚𝐝𝐞 𝐁𝐲 𝐒𝐮𝐩𝐩𝐨𝐫𝐭 𝐆𝐫𝐨𝐮𝐩 𝐒𝐨𝐮𝐫𝐜𝐞𝐬 𝐆𝐞𝐧𝐞?

4 Oct 18, 2021

📖 GitHub action schedular (cron) that posts a Hadith every hour on Twitter & Facebook.

Hadith Every Hour 📖 A bot that posts a Hadith every hour on Twitter & Facebook (Every 3 hours for now to avoid spamming) Follow on Twitter @HadithEve

13 Dec 14, 2022

Pixiv 爬虫，使用 Python 实现。支持批量下载、上传到图床。

用 Python 实现的 Pixiv 爬虫，支持批量下载和上传。随机图片 API: https://loliapi.ml/ Deploy Github Action 集成部署建议使用本方法部署，相较于本地部署，无需搭建环境，全程在线上完成。并且使用国外服务器下载、上传，网络更加通畅。 Fork

18 Feb 26, 2022

Telegram bot with various Sticker Tools

Sticker Tools Bot @Sticker_Tools_Bot A star ⭐ from you means a lot to us! Telegram bot with various Sticker Tools Usage Deploy to Heroku Tap on above

20 Dec 08, 2022

A Telegram Calculator to calculate your maths sums

CalculatorBot A Telegram Calculator to calculate your maths sums! Made by /Team

2 Dec 31, 2021

Free python/telegram bot for easy execution and surveillance of crypto trading plans on multiple exchanges.

EazeBot Introduction Have you ever traded cryptocurrencies and lost overview of your planned buys/sells? Have you encountered the experience that your

100 Dec 06, 2022

Weather telegram bot with aiogram, on Russian language

weather_bot Weather telegram bot with aiogram, on Russian language #RU Бот по определению погоды в Telegram, написана на библиотеке aiogram, весь инте

0 Jan 06, 2022

Advance Anonymous Sender bot with Caption Editor

AnonyMous Sender 👨‍💻 Advanced Anonymous Sender with Caption Editor Join @DaisySupport_Official 🎵 for help Features Get forwarded messages without f

13 Oct 09, 2022

Leveraged grid-trading bot using CCXT/CCXT Pro library in FTX exchange.

Leveraged-grid-trading-bot The code is designed to perform infinity grid trading strategy in FTX exchange. The basic trader named Gridtrader.py contro

25 Oct 07, 2021

This bot is created by AJTimePyro and It accepts direct downloading url & then return file as telegram file.

URL Uploader Bot This is the source code of URL Uploader Bot. And the developer of this bot is AJTimePyro, His Telegram Channel & Group. You can use t

23 Nov 13, 2022

Invites link generator for telegram(made for channel referral links)

InviteLinkGen Invites link generator for telegram(for channel referral links) made for @HelakuruEsana channel Spotify Giveaway

7 Feb 01, 2022

Schedule Twitter updates with easy

coo: schedule Twitter updates with easy Coo is an easy to use Python library for scheduling Twitter updates. To use it, you need to first apply for a

46 Nov 03, 2022

The Best Multipurpose Discord Bot!

Polsu The Best Multipurpose Discord Bot! • Introduction • Screenshots • Setup • License Introduction Polsu is a Multipurpose Discord Bot. Polsu has a

1 Nov 09, 2021

Social Framework

Social Int Framework Social Int Framework its a Selenium script that scrape the IG photos and do a Reverse search on google and yandex for finding ano

29 Dec 06, 2022

Multi Account Generator Minecraft/NordVPN/Hulu/Origin And ...

76 Jan 01, 2023

Sunflower-farmers-automated-bot - Sunflower Farmers NFT Game automated bot.IT IS NOT a cheat or hack bot

Sunflower-farmers-auto-bot Sunflower Farmers NFT Game automated bot.IT IS NOT a

17 Nov 09, 2022