QuickStart specific rules for cfn-python-lint

Last update: Jul 30, 2022

Overview

AWS Quick Start cfn-lint rules

This repo provides CloudFormation linting rules specific to AWS Quick Start guidelines, for more information see the Contributors Guide..

Installation and Usage

cd ~/
git clone https://github.com/aws-quickstart/qs-cfn-lint-rules.git
cd qs-cfn-lint-rules
pip install -e .

To add the rules when running on the command line use the -a flag to add the additional rules:

cfn-lint my-cfn-template.yaml -a ~/qs-cfn-lint-rules/qs_cfn_lint_rules/

To use in your IDE install the relevant cfn-lint plugin and add the rules to your cfn-lint config file (~/.cfnlintrc) as follows:

append_rules:
- ~/qs-cfn-lint-rules/qs_cfn_lint_rules/

Vim Specfic Instructions (using vundle and syntastic)

Install the plugins:

Add to syntastic and vim-cfn your ~/.vimrc:

Add to vundle plugin section:

"---------------------------=== Cloudfromation  ===------------------------------
Plugin 'scrooloose/syntastic'        " Syntax checking plugin for Vim
Plugin 'speshak/vim-cfn'             "CloudFormation syntax checking/highlighting

Install plugins

vim +PluginInstall +qall

Set statusline and triggers:

Append to the bottom of your ~/.vimrc:

"cfn-lint
set statusline+=%#warningmsg#
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*

let g:syntastic_always_populate_loc_list = 1
let g:syntastic_auto_loc_list = 1
let g:syntastic_check_on_open = 1
let g:syntastic_check_on_wq = 0
let g:syntastic_cloudformation_checkers = ['cfn_lint']

Set FileTypes for vim-cfn:

Add to ~/.vim/bundle/vim-cfn/ftdetect/cloudformation.vim

autocmd BufNewFile,BufRead *.template setfiletype yaml.cloudformation
autocmd BufNewFile,BufRead *.template.yaml setfiletype yaml.cloudformation

Update syntastic pluging

Add the following to ~/.vim/after/plugin/syntastic.vim:

let g:syntastic_cloudformation_checkers = ['cfn_lint']

Comments

Add Child Stack parameter matching checks

Issue #, if available:

Adding support for AWS::CloudFormation::Stack to check for Parameter mismatching between parent and child templates.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

opened by gargana 4

Linting EncryptionKey problem

Hello, I added Actions:

kms:CancelKeyDeletion
kms:ConnectCustomKeyStore
kms:CreateAlias
kms:CreateCustomKeyStore
kms:CreateGrant
kms:CreateKey
kms:Decrypt
kms:DeleteAlias
...

And I get an error:

EIAMPolicyWildcardResource IAM policy should not allow * resource; This method in this in this policy support granular permissions

Following the official documentation, I tried this:

Effect: Allow
Principal:
  AWS: 'arn:aws:iam::111122223333:root'
Action: 'kms:*'
Resource: '*'

And I get an error:

EIAMPolicyActionWildcard IAM policy should not allow * Actions; List each required action explicitly instead matching actions for kms:* are: ["kms:GenerateDataKeyWithoutPlaintext", "kms:UpdatePrimaryRegion", "kms:CancelKeyDeletion", "kms:DisableKeyRotation", "kms:GenerateDataKey", "kms:EnableKeyRotation", "kms:GenerateDataKeyPairWithoutPlaintext", "kms:SynchronizeMultiRegionKey", "kms:EnableKey", "kms:ListKeyPolicies", "kms:DisableKey", "kms:DescribeKey", "kms:Decrypt", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:DescribeCustomKeyStores", "kms:ListKeys", "kms:GenerateDataKeyPair", "kms:GenerateRandom", "kms:ScheduleKeyDeletion", "kms:ImportKeyMaterial", "kms:Encrypt", "kms:GetPublicKey", "kms:CreateAlias", "kms:DeleteCustomKeyStore", "kms:Verify", "kms:CreateKey", "kms:Sign", "kms:ListGrants", "kms:RetireGrant", "kms:RevokeGrant", "kms:ListRetirableGrants", "kms:DeleteAlias", "kms:ReEncryptTo", "kms:PutKeyPolicy", "kms:UpdateCustomKeyStore", "kms:DisconnectCustomKeyStore", "kms:ReplicateKey", "kms:UntagResource", "kms:ListResourceTags", "kms:CreateCustomKeyStore", "kms:ConnectCustomKeyStore", "kms:UpdateKeyDescription", "kms:TagResource", "kms:GetParametersForImport", "kms:UpdateAlias", "kms:ListAliases", "kms:DeleteImportedKeyMaterial", "kms:ReEncryptFrom", "kms:CreateGrant"]

How can I solve the problem?

opened by grimmyson 1

Apply mixed-line-ending recommendations

Issue #, if available:

Description of changes: Apply mixed-line-ending pre-commit-hook recommendations

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
enhancement

opened by tlindsay42 1
Failing stack creation on certain error codes.

Hi,

We have developed a cicd pipeline for creating resources through cfn. As a security checks, we use cfn-lint and cfn-nag for testing the templates. Is there any flags to pass so that we can fail the build if certain error codes met ?

opened by sriram9707 1
Add custom dictionary words
For quickstart-amazon-eks

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-amazon-eks

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-amazon-eks

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-eks-gitlab

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Restrict cfn-lint version

Description of changes: Restrict cfn-lint version

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

opened by vsnyc 0
Add custom dictionary words
For quickstart-eks-gitlab

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-eks-gitlab

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Update EBSVolumeEncryption.py

Description of changes: Incorrect property is being checked, it should be Encrypted, not StorageEncrypted for AWS::EC2::Volume

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

opened by vsnyc 0
AWS::RDS::DBCluster/StorageEncrypted false positive

The AWS::RDS::DBCluster resource property StorageEncrypted is not property evaluated. When this value is set to true the lint rule violation persists.

opened by andrew-glenn 0

New rule for : Linting Rule for LABELS PARAMETERS in Param Label structure

Having bad indentation can break document generation:

    - Label:
        default: Aerospike configuration
      Parameters:
      - NumberOfInstances
      - Tenancy
      - EnableCloudWatch
      - InstanceType
      - EBS
      - NamespaceFile
      - FeatureKeyFile
    - Label:
        default: Linux bastion configuration
        Parameters:
          - BastionAMIOS
          - BastionInstanceType
          - NumBastionHosts

opened by gargana 0

Releases(v1.5)

v1.5(Oct 10, 2022)

Source code(tar.gz)
Source code(zip)
v1.4(Sep 27, 2022)

Source code(tar.gz)
Source code(zip)
v1.3(Sep 27, 2022)

Source code(tar.gz)
Source code(zip)
v1.2(Aug 31, 2022)

Source code(tar.gz)
Source code(zip)
v1.1(Mar 16, 2022)

null
Source code(tar.gz)
Source code(zip)
v1.0(Mar 4, 2022)

null
Source code(tar.gz)
Source code(zip)
v1.0.dev0(Nov 18, 2020)

Source code(tar.gz)
Source code(zip)

Owner

AWS Quick Start

Automated gold-standard deployments on AWS

GitHub Repository

TFT Bot that automatically surrenders and allows finishing TFT Passes easily.

Image Based TFT Bot TFT Bot that automatically surrenders and allows finishing TFT Passes easily. Please read full file! You can check new releases he

1 Feb 06, 2022

Automatically kick deleted accounts

AntiDeletedAccountsBot (ADAB) Automatically kick deleted accounts Based on uniborg, a pluggable asyncio Telegram userbot based on Telethon. Installati

34 Jan 02, 2023

Allows you to easily share bookmarks from Raindrop.io in Telegram chats.

Allows you to easily share bookmarks from Raindrop.io in Telegram chats. As well as save links/photos/longreads from Telegram right into Raindrop.io. Join us, we have a nice 'reader mode' :)

36 Dec 19, 2022

radiant discord anti nuke src leaked lol.

radiant-anti-wizz-leaked radiant discord anti nuke src leaked lol, the whole anti sucks but idc. sucks to suck thats tuff bro LMAOOOOOO join my server

15 Aug 06, 2022

StringSessionGenerator - A Telegram bot to generate pyrogram and telethon string session

⭐️ String Session Generator ⭐️ Genrate String Session Using this bot. Made by TeamUltronX 🔥 String Session Demo Bot: Environment Variables Mandatory

1 Dec 31, 2021

Pluggable Telethon - Telegram UserBot

A stable pluggable Telegram userbot, based on Telethon.

2.3k Dec 30, 2022

Python client for the Socrata Open Data API

sodapy sodapy is a python client for the Socrata Open Data API. Installation You can install with pip install sodapy. If you want to install from sour

368 Dec 09, 2022

Bot para automatizacao de registros no Vacivida para o COVID19

VACIBOT v.06 - Bot para automatizacao de registros no Vacivida para o COVID19 by Victor Fragoso - Prefeitura Municipal de Santo André Email:

22 Sep 19, 2022

Opencontactbook - Bulk-manage large numbers of vCard contacts with built-in geolocation

Open Contact Book Open Contact Book is a buiness-oriented, cross-platform, Pytho

2 Aug 08, 2022

A basic Ubisoft API wrapper created in python.

UbisoftAPI A basic Ubisoft API wrapper created in python. I will be updating this with more endpoints as time goes on. Please note that this is my fir

2 Oct 31, 2021

Python Markov Chain chatbot running on Telegram

Hanasubot Hanasubot (Japanese 話すボット, talking bot) is a Python chatbot running on Telegram. The bot is based on Markov Chains so it can learn your word

12 Dec 27, 2022

Ross Virtual Assistant is a programme which can play Music, search Wikipedia, open Websites and much more.

Ross-Virtual-Assistant Ross Virtual Assistant is a programme which can play Music, search Wikipedia, open Websites and much more. Installation Downloa

4 Nov 08, 2021

Discord Multitool made in python 3.9

XTool Discord Multitool 24 Features: Webhook Delete VC Lagger Fast Token Checker Mass Report [Not Done] Token rape 2K Characters Bypass Block bypass M

50 Dec 20, 2022

Easy to use phishing tool with 63 website templates. Author is not responsible for any misuse.

PyPhisher [+] Created By KasRoudra [+] Description : Ultimate phishing tool in python. Includes popular websites like facebook, twitter, instagram, gi

1.1k Jan 01, 2023

Faux is a chatbot bridge between urbit and discord.

Faux Faux is a chatbot bridge between urbit and discord. Whenever a member posts in your discord group, a bot will echo their message in your urbit gr

10 Dec 27, 2022

Set up recurring buys in Gemini

Overview Set up recurring buys in Gemini. Given some keys (Create API Keys), allows you to configure a recurring buy using the reduced API maker and t

3 Jan 06, 2022

Instagram - Instagram Account Reporting Tool

Instagram Instagram Account Reporting Tool Installation On Termux $ apt update $

6 Nov 18, 2022

Yes, it's true :yellow_heart: This repository has 326 stars.

Yes, it's true! Inspired by a similar repository from @RealPeha, but implemented using a webhook on AWS Lambda and API Gateway, so it's serverless! If

510 Dec 28, 2022

Telegram Bot Repo Capable of fetching the following Info via Anilist API inspired from AniFluid and Nepgear

Telegram Bot Repo Capable of fetching the following Info via Anilist API inspired from AniFluid and Nepgear Anime Airing Manga Character Scheduled Top

2 Apr 01, 2022

Telegram Bot to check covid vaccine slot availability on CoWin site

Cowin Assist Telegram Bot Check the bot here @cowinassistbot. This is a simple Telegram bot to Check slots availability Get an alert when slots become

32 Jun 21, 2022