QuickStart specific rules for cfn-python-lint

Last update: Jul 30, 2022

Overview

AWS Quick Start cfn-lint rules

This repo provides CloudFormation linting rules specific to AWS Quick Start guidelines, for more information see the Contributors Guide..

Installation and Usage

cd ~/
git clone https://github.com/aws-quickstart/qs-cfn-lint-rules.git
cd qs-cfn-lint-rules
pip install -e .

To add the rules when running on the command line use the -a flag to add the additional rules:

cfn-lint my-cfn-template.yaml -a ~/qs-cfn-lint-rules/qs_cfn_lint_rules/

To use in your IDE install the relevant cfn-lint plugin and add the rules to your cfn-lint config file (~/.cfnlintrc) as follows:

append_rules:
- ~/qs-cfn-lint-rules/qs_cfn_lint_rules/

Vim Specfic Instructions (using vundle and syntastic)

Install the plugins:

Add to syntastic and vim-cfn your ~/.vimrc:

Add to vundle plugin section:

"---------------------------=== Cloudfromation  ===------------------------------
Plugin 'scrooloose/syntastic'        " Syntax checking plugin for Vim
Plugin 'speshak/vim-cfn'             "CloudFormation syntax checking/highlighting

Install plugins

vim +PluginInstall +qall

Set statusline and triggers:

Append to the bottom of your ~/.vimrc:

"cfn-lint
set statusline+=%#warningmsg#
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*

let g:syntastic_always_populate_loc_list = 1
let g:syntastic_auto_loc_list = 1
let g:syntastic_check_on_open = 1
let g:syntastic_check_on_wq = 0
let g:syntastic_cloudformation_checkers = ['cfn_lint']

Set FileTypes for vim-cfn:

Add to ~/.vim/bundle/vim-cfn/ftdetect/cloudformation.vim

autocmd BufNewFile,BufRead *.template setfiletype yaml.cloudformation
autocmd BufNewFile,BufRead *.template.yaml setfiletype yaml.cloudformation

Update syntastic pluging

Add the following to ~/.vim/after/plugin/syntastic.vim:

let g:syntastic_cloudformation_checkers = ['cfn_lint']

Comments

Add Child Stack parameter matching checks

Issue #, if available:

Adding support for AWS::CloudFormation::Stack to check for Parameter mismatching between parent and child templates.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

opened by gargana 4

Linting EncryptionKey problem

Hello, I added Actions:

kms:CancelKeyDeletion
kms:ConnectCustomKeyStore
kms:CreateAlias
kms:CreateCustomKeyStore
kms:CreateGrant
kms:CreateKey
kms:Decrypt
kms:DeleteAlias
...

And I get an error:

EIAMPolicyWildcardResource IAM policy should not allow * resource; This method in this in this policy support granular permissions

Following the official documentation, I tried this:

Effect: Allow
Principal:
  AWS: 'arn:aws:iam::111122223333:root'
Action: 'kms:*'
Resource: '*'

And I get an error:

EIAMPolicyActionWildcard IAM policy should not allow * Actions; List each required action explicitly instead matching actions for kms:* are: ["kms:GenerateDataKeyWithoutPlaintext", "kms:UpdatePrimaryRegion", "kms:CancelKeyDeletion", "kms:DisableKeyRotation", "kms:GenerateDataKey", "kms:EnableKeyRotation", "kms:GenerateDataKeyPairWithoutPlaintext", "kms:SynchronizeMultiRegionKey", "kms:EnableKey", "kms:ListKeyPolicies", "kms:DisableKey", "kms:DescribeKey", "kms:Decrypt", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:DescribeCustomKeyStores", "kms:ListKeys", "kms:GenerateDataKeyPair", "kms:GenerateRandom", "kms:ScheduleKeyDeletion", "kms:ImportKeyMaterial", "kms:Encrypt", "kms:GetPublicKey", "kms:CreateAlias", "kms:DeleteCustomKeyStore", "kms:Verify", "kms:CreateKey", "kms:Sign", "kms:ListGrants", "kms:RetireGrant", "kms:RevokeGrant", "kms:ListRetirableGrants", "kms:DeleteAlias", "kms:ReEncryptTo", "kms:PutKeyPolicy", "kms:UpdateCustomKeyStore", "kms:DisconnectCustomKeyStore", "kms:ReplicateKey", "kms:UntagResource", "kms:ListResourceTags", "kms:CreateCustomKeyStore", "kms:ConnectCustomKeyStore", "kms:UpdateKeyDescription", "kms:TagResource", "kms:GetParametersForImport", "kms:UpdateAlias", "kms:ListAliases", "kms:DeleteImportedKeyMaterial", "kms:ReEncryptFrom", "kms:CreateGrant"]

How can I solve the problem?

opened by grimmyson 1

Apply mixed-line-ending recommendations

Issue #, if available:

Description of changes: Apply mixed-line-ending pre-commit-hook recommendations

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
enhancement

opened by tlindsay42 1
Failing stack creation on certain error codes.

Hi,

We have developed a cicd pipeline for creating resources through cfn. As a security checks, we use cfn-lint and cfn-nag for testing the templates. Is there any flags to pass so that we can fail the build if certain error codes met ?

opened by sriram9707 1
Add custom dictionary words
For quickstart-amazon-eks

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-amazon-eks

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-amazon-eks

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-eks-gitlab

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Restrict cfn-lint version

Description of changes: Restrict cfn-lint version

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

opened by vsnyc 0
Add custom dictionary words
For quickstart-eks-gitlab

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-eks-gitlab

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Update EBSVolumeEncryption.py

Description of changes: Incorrect property is being checked, it should be Encrypted, not StorageEncrypted for AWS::EC2::Volume

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

opened by vsnyc 0
AWS::RDS::DBCluster/StorageEncrypted false positive

The AWS::RDS::DBCluster resource property StorageEncrypted is not property evaluated. When this value is set to true the lint rule violation persists.

opened by andrew-glenn 0

New rule for : Linting Rule for LABELS PARAMETERS in Param Label structure

Having bad indentation can break document generation:

    - Label:
        default: Aerospike configuration
      Parameters:
      - NumberOfInstances
      - Tenancy
      - EnableCloudWatch
      - InstanceType
      - EBS
      - NamespaceFile
      - FeatureKeyFile
    - Label:
        default: Linux bastion configuration
        Parameters:
          - BastionAMIOS
          - BastionInstanceType
          - NumBastionHosts

opened by gargana 0

Releases(v1.5)

v1.5(Oct 10, 2022)

Source code(tar.gz)
Source code(zip)
v1.4(Sep 27, 2022)

Source code(tar.gz)
Source code(zip)
v1.3(Sep 27, 2022)

Source code(tar.gz)
Source code(zip)
v1.2(Aug 31, 2022)

Source code(tar.gz)
Source code(zip)
v1.1(Mar 16, 2022)

null
Source code(tar.gz)
Source code(zip)
v1.0(Mar 4, 2022)

null
Source code(tar.gz)
Source code(zip)
v1.0.dev0(Nov 18, 2020)

Source code(tar.gz)
Source code(zip)

Owner

AWS Quick Start

Automated gold-standard deployments on AWS

GitHub Repository

Análise de dados abertos do programa Taxigov.

Análise de dados do Taxigov Este repositório contém os cadernos Jupyter usados no projeto de análise de dados do Taxigov. Conjunto de dados O conjunto

1 Jan 10, 2022

Tesseract Open Source OCR Engine (main repository)

Tesseract OCR About This package contains an OCR engine - libtesseract and a command line program - tesseract. Tesseract 4 adds a new neural net (LSTM

48.3k Jan 05, 2023

A telegram media to gofile bot

GoFile-Bot A telegram media to gofile bot Made with Python3 (C) @FayasNoushad Copyright permission under MIT License License - https://github.com/Fay

37 Nov 14, 2022

Discord Unverified Token Gen

Discord-Unverified-Token-Gen This is a token gen that was made in an hour and just generates unverified tokens, most will be locked. Usage: in cmd jus

2 Oct 23, 2022

To send an Instagram message using Python

To send an Instagram message using Python, you must have an Instagram account and install the Instabot library in your Python virtual environment.

1 Dec 18, 2021

Joins a specified server on all the tokens

Joins a specified server on all the tokens. Usage python -m pip install requests python joiner.py Note Your tokens must be located in a text file call

1 Dec 21, 2021

Telegram Group Management Bot based on phython !!!

How to setup/deploy. For easiest way to deploy this Bot click on the below button Mᴀᴅᴇ Bʏ Sᴜᴘᴘᴏʀᴛ Sᴏᴜʀᴄᴇ Find This Bot on Telegram A modular Telegram

5 Nov 17, 2021

Telegram Voice Chat Music Player UserBot Written with Pyrogram Smart Plugin and tgcalls

Telegram Voice Chat UserBot A Telegram UserBot to Play Audio in Voice Chats. This is also the source code of the userbot which is being used for playi

7 May 21, 2022

Bot SpaceCrypto - An automation (bot) to play the game SpaceCrypto, it automatically log in, send ships to fight, refresh the game, new map, etc

SpaceCrypto Bot [en-us] In order to change to english Readme version click here.

11 Sep 11, 2022

QuickStart specific rules for cfn-python-lint

Related tags

Overview

AWS Quick Start cfn-lint rules

Installation and Usage

Vim Specfic Instructions (using vundle and syntastic)

Install the plugins:

Set statusline and triggers:

Set FileTypes for vim-cfn:

Update syntastic pluging

Comments

Releases(v1.5)

v1.5(Oct 10, 2022)

v1.4(Sep 27, 2022)

v1.3(Sep 27, 2022)

v1.2(Aug 31, 2022)

v1.1(Mar 16, 2022)

v1.0(Mar 4, 2022)

v1.0.dev0(Nov 18, 2020)

Owner

AWS Quick Start

Análise de dados abertos do programa Taxigov.

Tesseract Open Source OCR Engine (main repository)

A telegram media to gofile bot

Discord Unverified Token Gen

To send an Instagram message using Python

Joins a specified server on all the tokens

Telegram Group Management Bot based on phython !!!

Telegram Voice Chat Music Player UserBot Written with Pyrogram Smart Plugin and tgcalls

Bot SpaceCrypto - An automation (bot) to play the game SpaceCrypto, it automatically log in, send ships to fight, refresh the game, new map, etc

Python wrapper for Wikipedia

This is a script to export logs from AWS CloudTrail to a local file.

Paginator for Dis-Snek Python Discord API wrapper

A simpler way to make forms, surveys, and reaction input using discord.py.

Built for streamlining development of Google Assistant Actions

Td-Ameritrade, Tradingview, Webhook, AWS Chalice

:spaghetti: Pastas is an open-source Python framework for the analysis of hydrological time series.

短信发送 Python 程序(包含1000+有效接口)

Trading bot rienforcement with python

iCloudPy is a simple iCloud webservices wrapper library written in Python

Translator based on Google API