QuickStart specific rules for cfn-python-lint

Last update: Jul 30, 2022

Overview

AWS Quick Start cfn-lint rules

This repo provides CloudFormation linting rules specific to AWS Quick Start guidelines, for more information see the Contributors Guide..

Installation and Usage

cd ~/
git clone https://github.com/aws-quickstart/qs-cfn-lint-rules.git
cd qs-cfn-lint-rules
pip install -e .

To add the rules when running on the command line use the -a flag to add the additional rules:

cfn-lint my-cfn-template.yaml -a ~/qs-cfn-lint-rules/qs_cfn_lint_rules/

To use in your IDE install the relevant cfn-lint plugin and add the rules to your cfn-lint config file (~/.cfnlintrc) as follows:

append_rules:
- ~/qs-cfn-lint-rules/qs_cfn_lint_rules/

Vim Specfic Instructions (using vundle and syntastic)

Install the plugins:

Add to syntastic and vim-cfn your ~/.vimrc:

Add to vundle plugin section:

"---------------------------=== Cloudfromation  ===------------------------------
Plugin 'scrooloose/syntastic'        " Syntax checking plugin for Vim
Plugin 'speshak/vim-cfn'             "CloudFormation syntax checking/highlighting

Install plugins

vim +PluginInstall +qall

Set statusline and triggers:

Append to the bottom of your ~/.vimrc:

"cfn-lint
set statusline+=%#warningmsg#
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*

let g:syntastic_always_populate_loc_list = 1
let g:syntastic_auto_loc_list = 1
let g:syntastic_check_on_open = 1
let g:syntastic_check_on_wq = 0
let g:syntastic_cloudformation_checkers = ['cfn_lint']

Set FileTypes for vim-cfn:

Add to ~/.vim/bundle/vim-cfn/ftdetect/cloudformation.vim

autocmd BufNewFile,BufRead *.template setfiletype yaml.cloudformation
autocmd BufNewFile,BufRead *.template.yaml setfiletype yaml.cloudformation

Update syntastic pluging

Add the following to ~/.vim/after/plugin/syntastic.vim:

let g:syntastic_cloudformation_checkers = ['cfn_lint']

Comments

Add Child Stack parameter matching checks

Issue #, if available:

Adding support for AWS::CloudFormation::Stack to check for Parameter mismatching between parent and child templates.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

opened by gargana 4

Linting EncryptionKey problem

Hello, I added Actions:

kms:CancelKeyDeletion
kms:ConnectCustomKeyStore
kms:CreateAlias
kms:CreateCustomKeyStore
kms:CreateGrant
kms:CreateKey
kms:Decrypt
kms:DeleteAlias
...

And I get an error:

EIAMPolicyWildcardResource IAM policy should not allow * resource; This method in this in this policy support granular permissions

Following the official documentation, I tried this:

Effect: Allow
Principal:
  AWS: 'arn:aws:iam::111122223333:root'
Action: 'kms:*'
Resource: '*'

And I get an error:

EIAMPolicyActionWildcard IAM policy should not allow * Actions; List each required action explicitly instead matching actions for kms:* are: ["kms:GenerateDataKeyWithoutPlaintext", "kms:UpdatePrimaryRegion", "kms:CancelKeyDeletion", "kms:DisableKeyRotation", "kms:GenerateDataKey", "kms:EnableKeyRotation", "kms:GenerateDataKeyPairWithoutPlaintext", "kms:SynchronizeMultiRegionKey", "kms:EnableKey", "kms:ListKeyPolicies", "kms:DisableKey", "kms:DescribeKey", "kms:Decrypt", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:DescribeCustomKeyStores", "kms:ListKeys", "kms:GenerateDataKeyPair", "kms:GenerateRandom", "kms:ScheduleKeyDeletion", "kms:ImportKeyMaterial", "kms:Encrypt", "kms:GetPublicKey", "kms:CreateAlias", "kms:DeleteCustomKeyStore", "kms:Verify", "kms:CreateKey", "kms:Sign", "kms:ListGrants", "kms:RetireGrant", "kms:RevokeGrant", "kms:ListRetirableGrants", "kms:DeleteAlias", "kms:ReEncryptTo", "kms:PutKeyPolicy", "kms:UpdateCustomKeyStore", "kms:DisconnectCustomKeyStore", "kms:ReplicateKey", "kms:UntagResource", "kms:ListResourceTags", "kms:CreateCustomKeyStore", "kms:ConnectCustomKeyStore", "kms:UpdateKeyDescription", "kms:TagResource", "kms:GetParametersForImport", "kms:UpdateAlias", "kms:ListAliases", "kms:DeleteImportedKeyMaterial", "kms:ReEncryptFrom", "kms:CreateGrant"]

How can I solve the problem?

opened by grimmyson 1

Apply mixed-line-ending recommendations

Issue #, if available:

Description of changes: Apply mixed-line-ending pre-commit-hook recommendations

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
enhancement

opened by tlindsay42 1
Failing stack creation on certain error codes.

Hi,

We have developed a cicd pipeline for creating resources through cfn. As a security checks, we use cfn-lint and cfn-nag for testing the templates. Is there any flags to pass so that we can fail the build if certain error codes met ?

opened by sriram9707 1
Add custom dictionary words
For quickstart-amazon-eks

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-amazon-eks

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-amazon-eks

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-eks-gitlab

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Restrict cfn-lint version

Description of changes: Restrict cfn-lint version

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

opened by vsnyc 0
Add custom dictionary words
For quickstart-eks-gitlab

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-eks-gitlab

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Update EBSVolumeEncryption.py

Description of changes: Incorrect property is being checked, it should be Encrypted, not StorageEncrypted for AWS::EC2::Volume

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

opened by vsnyc 0
AWS::RDS::DBCluster/StorageEncrypted false positive

The AWS::RDS::DBCluster resource property StorageEncrypted is not property evaluated. When this value is set to true the lint rule violation persists.

opened by andrew-glenn 0

New rule for : Linting Rule for LABELS PARAMETERS in Param Label structure

Having bad indentation can break document generation:

    - Label:
        default: Aerospike configuration
      Parameters:
      - NumberOfInstances
      - Tenancy
      - EnableCloudWatch
      - InstanceType
      - EBS
      - NamespaceFile
      - FeatureKeyFile
    - Label:
        default: Linux bastion configuration
        Parameters:
          - BastionAMIOS
          - BastionInstanceType
          - NumBastionHosts

opened by gargana 0

Releases(v1.5)

v1.5(Oct 10, 2022)

Source code(tar.gz)
Source code(zip)
v1.4(Sep 27, 2022)

Source code(tar.gz)
Source code(zip)
v1.3(Sep 27, 2022)

Source code(tar.gz)
Source code(zip)
v1.2(Aug 31, 2022)

Source code(tar.gz)
Source code(zip)
v1.1(Mar 16, 2022)

null
Source code(tar.gz)
Source code(zip)
v1.0(Mar 4, 2022)

null
Source code(tar.gz)
Source code(zip)
v1.0.dev0(Nov 18, 2020)

Source code(tar.gz)
Source code(zip)

Owner

AWS Quick Start

Automated gold-standard deployments on AWS

GitHub Repository

Texting service to receive current air quality conditions and maps, powered by AirNow, Twilio, and AWS

The Air Quality Bot is generally available by texting a zip code (and optionally the word "map") to (415) 212-4229. The bot will respond with the late

8 Oct 16, 2022

Python Bot that attends classes, answers polls, and then again waits for classes to start.

LPU_myclass_Bot LPU_myclass_Bot is a Python bot that waits for class to start, attends class, answers polls, and then again waits for another class to

6 Apr 07, 2022

Telegram 隨機色圖，支援每日自動爬取

Telegram 隨機色圖機器人使用此原始碼的Bot 開放的隨機色圖機器人: @katonei_bot 已實現的功能爬取每日R18排行榜不夠色！再來一張 Tag 索引，指定Tag色圖將爬取到的色圖轉為 WebP 格式儲存，節省空間需要注意的事件好久之前的怪東西，代碼質量不保證請在使用A

15 Oct 18, 2021

⚡ PoC: Hide a c&c botnet in the discord client. (Proof Of Concept)

👨‍💻 Discord Self Bot 👨‍💻 A Discord Self-Bot in Python by natrix Installation Run: selfbot.bat Python: version : 3.8 Modules

37 Oct 21, 2022

This Lambda will Pull propagated routes from TGW and update VPC route table

AWS-Transitgateway-Route-Propagation This Lambda will Pull propagated routes from TGW and update VPC route table. Tested on python 3.8 Lambda AWS INST

4 Jan 20, 2022

Moderation By Pokemon Bot (Discord)

Moderation Bot By Pokémon Bot (Discord) Official Moderation Bot for Pokemon Bot functional and based in the Discord Server, the bot is written in Pyth

6 Jan 04, 2022

An Amazon Price Tracker app helps you to buy which product you want within sale price by sending an E-Mail.

Amazon Price Tracker An Amazon Price Tracker app helps you to buy which product you want within sale price by sending an E-Mail. Installing Download t

2 Feb 10, 2022

🥀 Find the start of the token !

Discord Token Finder Find half of your target's token with just their ID. Install 🔧 pip install -r requeriments.txt Gui Usage 💻 Go to Discord Setti

2 Dec 22, 2021

This is a Telegram Bot that tracks packages from the Brazilian Mail Service.

RastreioBot About Setup Run Contribute Contact About This is a Telegram Bot that tracks packages from the Brazilian Mail Service. It runs on Python 3

320 Dec 22, 2022

🤖 A fully featured, easy to use Python wrapper for the Walmart Open API

Wapy Wapy is a fully featured Python wrapper for the Walmart Open API. Features Easy to use, object oriented interface to the Walmart Open API. (Produ

43 Oct 14, 2022

Tickergram is a Telegram bot to look up quotes, charts, general market sentiment and more.

25 Nov 26, 2022

API generated by OpenAPI for nhentai.net

nhentai-api No description provided (generated by Openapi Generator https://github.com/openapitools/openapi-generator) This Python package is automati

1 Nov 01, 2021

Roblox-Account-Gen - A simple account generator not using paid solving services

Roblox Account Generator Star this if it helped to spread awareness! No 2captcha

1 Feb 17, 2022

Raphtory-client - The python client for the Raphtory project

Raphtory Client This is the python client for the Raphtory project Install via p

5 Apr 28, 2022

Instagram GiftShop Scam Killer

Instagram GiftShop Scam Killer A basic tool for Windows which kills acess to any giftshop scam from Instagram. Protect your Instagram account from the

1 Mar 31, 2022

Discord group chat spammer concept.

GC Spammer [Concept] GC-Spammer for https://discord.com/ Warning: This is purely a concept. In the past the script worked, however, Discord ratelimite

3 Feb 28, 2022

Um simples bot escrito em Python usando a lib pyTelegramBotAPI

Telegram Bot Python Um simples bot escrito em Python usando a lib pyTelegramBotAPI Instalação Windows: Download do Python 3 Aqui Download do ZIP do Có

1 May 07, 2022

Kyura-Userbot: a modular Telegram userbot that runs in Python3 with a sqlalchemy database

Kyura-Userbot Telegram Kyura-Userbot adalah userbot Telegram modular yang berjal

17 Oct 29, 2022

Tools for Twitter

Tools for Twitter Data This is a start of a collection of tools to use for collecting data via the Twitter API. If you do not have a Twitter Developer

36 Oct 13, 2022

Bifrost C2. Open-source post-exploitation using Discord API

Bifrost Command and Control What's Bifrost? Bifrost is an open-source Discord BOT that works as Command and Control (C2). This C2 uses Discord API for

38 Dec 05, 2022