unbounce / laundry Goto Github PK
View Code? Open in Web Editor NEW๐ a CloudFormation template linter
License: MIT License
๐ a CloudFormation template linter
License: MIT License
Invalid template:
Condition:
StringEquals:
ssm:resourceTag/foo:bar
Valid template:
Condition:
StringEquals:
ssm:resourceTag/foo: bar
Disable Serverless specs for now
The main issue here is that CodeUri can be a string or an object, but the format
of the CloudFormation Resource Specification doesn't support specifying
"either or"
Template format error: Outputs count x is greater than max allowed 60
Malformed ARNs in the IAM Policy Resource property produce the following CloudFormation error:
The policy failed legacy parsing (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument ...)
Example malformed ARNs:
arn:aws:ssm:::session/${aws:username}-*
arn:aws:ssm:*:*session/${aws:username}-*
Valid:
arn:aws:ssm:*:*:session/${aws:username}-*
Root.Conditions.Foo.Equals.1.Sub: can not be used within Equals
Hi,
I'm receiving the above error message when trying to update CF's Resource Specification rules as instructed:
npm run update-resource-specification
The full error log is as follows:
0 verbose cli [
0 verbose cli '/Users/cig0/.nvm/versions/node/v16.4.2/bin/node',
0 verbose cli '/Users/cig0/.nvm/versions/node/v16.4.2/bin/npm',
0 verbose cli 'run',
0 verbose cli 'update-resource-specification'
0 verbose cli ]
1 info using [email protected]
2 info using [email protected]
3 timing npm:load:whichnode Completed in 1ms
4 timing config:load:defaults Completed in 2ms
5 timing config:load:file:/Users/cig0/.nvm/versions/node/v16.4.2/lib/node_modules/npm/npmrc Completed in 1ms
6 timing config:load:builtin Completed in 1ms
7 timing config:load:cli Completed in 3ms
8 timing config:load:env Completed in 0ms
9 timing config:load:project Completed in 2ms
10 timing config:load:file:/Users/cig0/.npmrc Completed in 1ms
11 timing config:load:user Completed in 1ms
12 timing config:load:file:/Users/cig0/.nvm/versions/node/v16.4.2/etc/npmrc Completed in 0ms
13 timing config:load:global Completed in 0ms
14 timing config:load:validate Completed in 0ms
15 timing config:load:credentials Completed in 2ms
16 timing config:load:setEnvs Completed in 1ms
17 timing config:load Completed in 12ms
18 timing npm:load:configload Completed in 12ms
19 timing npm:load:setTitle Completed in 18ms
20 timing npm:load:setupLog Completed in 3ms
21 timing npm:load:cleanupLog Completed in 2ms
22 timing npm:load:configScope Completed in 0ms
23 timing npm:load:projectScope Completed in 1ms
24 timing npm:load Completed in 37ms
25 timing config:load:flatten Completed in 3ms
26 timing command:run-script Completed in 48ms
27 verbose stack Error: Missing script: "update-resource-specification"
27 verbose stack
27 verbose stack To see a list of scripts, run:
27 verbose stack npm run
27 verbose stack at RunScript.run (/Users/cig0/.nvm/versions/node/v16.4.2/lib/node_modules/npm/lib/run-script.js:104:13)
28 verbose cwd /Users/cig0/w/poap/poap-infrastructure/AWS/CloudFormation/IAM/Users-User
29 verbose Darwin 20.5.0
30 verbose argv "/Users/cig0/.nvm/versions/node/v16.4.2/bin/node" "/Users/cig0/.nvm/versions/node/v16.4.2/bin/npm" "run" "update-resource-specification"
31 verbose node v16.4.2
32 verbose npm v7.19.1
33 error Missing script: "update-resource-specification"
33 error
33 error To see a list of scripts, run:
33 error npm run
34 verbose exit 1
I'm NVM and this is the Node stack:
{
npm: '7.19.1',
node: '16.4.2',
v8: '9.1.269.36-node.14',
uv: '1.41.0',
zlib: '1.2.11',
brotli: '1.0.9',
ares: '1.17.1',
modules: '93',
nghttp2: '1.42.0',
napi: '8',
llhttp: '6.0.2',
openssl: '1.1.1k+quic',
cldr: '39.0',
icu: '69.1',
tz: '2021a',
unicode: '13.0',
ngtcp2: '0.1.0-DEV',
nghttp3: '0.1.0-DEV'
}
I checked the provided AWS link but I didn't see any instructions related to Node/NPM. Should I install those rules manually? I'm kind of a bit lost here ๐
Laundry did not produce an error for:
Example template:
Resources:
Policy:
Type: AWS::IAM::Policy
Properties:
PolicyName: LoggingRolePolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Action:
- logs:CreateLogGroup
Effect: Allow
Resource:
- some-string
Error from CloudFormation:
Resource ... must be in ARN format or "*".
You can use the following functions in the Fn::If condition:
Fn::Base64
Fn::FindInMap
Fn::GetAtt
Fn::GetAZs
Fn::If
Fn::Join
Fn::Select
Fn::Sub
Ref
You can use the following functions in all other condition functions, such as Fn::Equals and Fn::Or:
Fn::FindInMap
Ref
Other condition functions
Here are the incorrect errors I've noticed on these resource types:
AWS::WAFv2::WebACL
AWS::WAFv2::IPSet
AWS::WAFv2::WebACLAssociation
warn Root.Resources.WAFv2WebAcl.Properties.Rules: must be an Object, got [{"Name":"DefaultBlockRule","Priority":0,"Action":{"Block":{}},"VisibilityConfig":{"SampledRequestsEnabled":true,"CloudWatchMetricsEnabled":true,"MetricName":"DefaultBlockRuleMetric"},"Statement":{"IPSetReferenceStatement":{"GetAtt":"DefaultIPSet.Arn"}}}] [ResourcePropertyValidator]
warn Root.Resources.WAFv2WebAcl.Properties.Tags: must be an Object, got [{"Key":"project","Value":{"Ref":"Project"}},{"Key":"environment","Value":{"Ref":"Environment"}}] [ResourcePropertyValidator]
warn Root.Resources.DefaultIPSet.Properties.Name: is required [RequriedResourcePropertyValidator]
warn Root.Resources.DefaultIPSet.Properties.Addresses: must be an Object, got ["127.0.0.0/32"] [ResourcePropertyValidator]
warn Root.Resources.DefaultIPSet.Properties.Tags: must be an Object, got [{"Key":"project","Value":{"Ref":"Project"}},{"Key":"environment","Value":{"Ref":"Environment"}}] [ResourcePropertyValidator]
warn Root.Resources.WAFv2WebAclAssociation.Type: invalid type AWS::WAFv2::WebACLAssociation, did you mean AWS::WAFRegional::WebACLAssociation? [ResourceTypeValidator
Ignore a specific property:
Metadata:
LaundryIgnore:
'MyTopic.Properties.Name':
- RequriedResourcePropertyValidator
Resources:
MyTopic:
Type: AWS::SNS::Topic
Ignore with glob:
Metadata:
LaundryIgnore:
'Resources.MyTopic.*':
- RequriedResourcePropertyValidator
'*.Name.*':
- RequriedResourcePropertyValidator
Resources:
MyTopic:
Type: AWS::SNS::Topic
Ignore for everything:
Metadata:
LaundryIgnore:
'*':
- RequriedResourcePropertyValidator
Resources:
MyTopic:
Type: AWS::SNS::Topic
Ignore for a resource:
Resources:
MyTopic:
Metadata:
LaundryIgnore:
- RequriedResourcePropertyValidator
Type: AWS::SNS::Topic
Laundry did not produce an error for:
Example template:
Resources:
LambdaFunction:
Type: AWS::Lambda::Function
Properties:
Handler: index.handler
FunctionName: !Ref AWS::StackName
Role: some-string
Runtime: nodejs8.10
Timeout: 10
Code:
ZipFile: ''
Error from CloudFormation:
1 validation error detected: Value
'some-string' at 'role' failed to
satisfy constraint: Member must satisfy regular expression
pattern:
arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+
CloudFormation will not produce an error if two inline policies of an IAM Role (or user or group?) are the same. When the resource is created, only one of the policies will be applied to the resource, and which policy that gets applied will not be deterministic. Validate that inline policies of an IAM resource have unique names.
Policies can be attached via the Policies
property of a resource or via a separate AWS::IAM::Policy
which references the resource.
Conditions:
Bar: true
Baz: true
Foo: !And [Bar, Baz]
Produces:
Root.Conditions.Foo.And.0: must be a Boolean, got "Bar"
Root.Conditions.Foo.And.1.Not.0: must be a Boolean, got "Baz"
AWS::IAM::Policy.PolicyDocument
is specified in the Cloud Formation Resource Specification as Json
, which is very loose. Fully validate all properties of this property.
Cannot use Fn::ImportValue in Conditions
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.