QuickStart specific rules for cfn-python-lint

Last update: Jul 30, 2022

Overview

AWS Quick Start cfn-lint rules

This repo provides CloudFormation linting rules specific to AWS Quick Start guidelines, for more information see the Contributors Guide..

Installation and Usage

cd ~/
git clone https://github.com/aws-quickstart/qs-cfn-lint-rules.git
cd qs-cfn-lint-rules
pip install -e .

To add the rules when running on the command line use the -a flag to add the additional rules:

cfn-lint my-cfn-template.yaml -a ~/qs-cfn-lint-rules/qs_cfn_lint_rules/

To use in your IDE install the relevant cfn-lint plugin and add the rules to your cfn-lint config file (~/.cfnlintrc) as follows:

append_rules:
- ~/qs-cfn-lint-rules/qs_cfn_lint_rules/

Vim Specfic Instructions (using vundle and syntastic)

Install the plugins:

Add to syntastic and vim-cfn your ~/.vimrc:

Add to vundle plugin section:

"---------------------------=== Cloudfromation  ===------------------------------
Plugin 'scrooloose/syntastic'        " Syntax checking plugin for Vim
Plugin 'speshak/vim-cfn'             "CloudFormation syntax checking/highlighting

Install plugins

vim +PluginInstall +qall

Set statusline and triggers:

Append to the bottom of your ~/.vimrc:

"cfn-lint
set statusline+=%#warningmsg#
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*

let g:syntastic_always_populate_loc_list = 1
let g:syntastic_auto_loc_list = 1
let g:syntastic_check_on_open = 1
let g:syntastic_check_on_wq = 0
let g:syntastic_cloudformation_checkers = ['cfn_lint']

Set FileTypes for vim-cfn:

Add to ~/.vim/bundle/vim-cfn/ftdetect/cloudformation.vim

autocmd BufNewFile,BufRead *.template setfiletype yaml.cloudformation
autocmd BufNewFile,BufRead *.template.yaml setfiletype yaml.cloudformation

Update syntastic pluging

Add the following to ~/.vim/after/plugin/syntastic.vim:

let g:syntastic_cloudformation_checkers = ['cfn_lint']

Comments

Add Child Stack parameter matching checks

Issue #, if available:

Adding support for AWS::CloudFormation::Stack to check for Parameter mismatching between parent and child templates.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

opened by gargana 4

Linting EncryptionKey problem

Hello, I added Actions:

kms:CancelKeyDeletion
kms:ConnectCustomKeyStore
kms:CreateAlias
kms:CreateCustomKeyStore
kms:CreateGrant
kms:CreateKey
kms:Decrypt
kms:DeleteAlias
...

And I get an error:

EIAMPolicyWildcardResource IAM policy should not allow * resource; This method in this in this policy support granular permissions

Following the official documentation, I tried this:

Effect: Allow
Principal:
  AWS: 'arn:aws:iam::111122223333:root'
Action: 'kms:*'
Resource: '*'

And I get an error:

EIAMPolicyActionWildcard IAM policy should not allow * Actions; List each required action explicitly instead matching actions for kms:* are: ["kms:GenerateDataKeyWithoutPlaintext", "kms:UpdatePrimaryRegion", "kms:CancelKeyDeletion", "kms:DisableKeyRotation", "kms:GenerateDataKey", "kms:EnableKeyRotation", "kms:GenerateDataKeyPairWithoutPlaintext", "kms:SynchronizeMultiRegionKey", "kms:EnableKey", "kms:ListKeyPolicies", "kms:DisableKey", "kms:DescribeKey", "kms:Decrypt", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:DescribeCustomKeyStores", "kms:ListKeys", "kms:GenerateDataKeyPair", "kms:GenerateRandom", "kms:ScheduleKeyDeletion", "kms:ImportKeyMaterial", "kms:Encrypt", "kms:GetPublicKey", "kms:CreateAlias", "kms:DeleteCustomKeyStore", "kms:Verify", "kms:CreateKey", "kms:Sign", "kms:ListGrants", "kms:RetireGrant", "kms:RevokeGrant", "kms:ListRetirableGrants", "kms:DeleteAlias", "kms:ReEncryptTo", "kms:PutKeyPolicy", "kms:UpdateCustomKeyStore", "kms:DisconnectCustomKeyStore", "kms:ReplicateKey", "kms:UntagResource", "kms:ListResourceTags", "kms:CreateCustomKeyStore", "kms:ConnectCustomKeyStore", "kms:UpdateKeyDescription", "kms:TagResource", "kms:GetParametersForImport", "kms:UpdateAlias", "kms:ListAliases", "kms:DeleteImportedKeyMaterial", "kms:ReEncryptFrom", "kms:CreateGrant"]

How can I solve the problem?

opened by grimmyson 1

Apply mixed-line-ending recommendations

Issue #, if available:

Description of changes: Apply mixed-line-ending pre-commit-hook recommendations

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
enhancement

opened by tlindsay42 1
Failing stack creation on certain error codes.

Hi,

We have developed a cicd pipeline for creating resources through cfn. As a security checks, we use cfn-lint and cfn-nag for testing the templates. Is there any flags to pass so that we can fail the build if certain error codes met ?

opened by sriram9707 1
Add custom dictionary words
For quickstart-amazon-eks

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-amazon-eks

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-amazon-eks

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-eks-gitlab

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Restrict cfn-lint version

Description of changes: Restrict cfn-lint version

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

opened by vsnyc 0
Add custom dictionary words
For quickstart-eks-gitlab

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Add custom dictionary words
For quickstart-eks-gitlab

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
opened by tlindsay42 0
Update EBSVolumeEncryption.py

Description of changes: Incorrect property is being checked, it should be Encrypted, not StorageEncrypted for AWS::EC2::Volume

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

opened by vsnyc 0
AWS::RDS::DBCluster/StorageEncrypted false positive

The AWS::RDS::DBCluster resource property StorageEncrypted is not property evaluated. When this value is set to true the lint rule violation persists.

opened by andrew-glenn 0

New rule for : Linting Rule for LABELS PARAMETERS in Param Label structure

Having bad indentation can break document generation:

    - Label:
        default: Aerospike configuration
      Parameters:
      - NumberOfInstances
      - Tenancy
      - EnableCloudWatch
      - InstanceType
      - EBS
      - NamespaceFile
      - FeatureKeyFile
    - Label:
        default: Linux bastion configuration
        Parameters:
          - BastionAMIOS
          - BastionInstanceType
          - NumBastionHosts

opened by gargana 0

Releases(v1.5)

v1.5(Oct 10, 2022)

Source code(tar.gz)
Source code(zip)
v1.4(Sep 27, 2022)

Source code(tar.gz)
Source code(zip)
v1.3(Sep 27, 2022)

Source code(tar.gz)
Source code(zip)
v1.2(Aug 31, 2022)

Source code(tar.gz)
Source code(zip)
v1.1(Mar 16, 2022)

null
Source code(tar.gz)
Source code(zip)
v1.0(Mar 4, 2022)

null
Source code(tar.gz)
Source code(zip)
v1.0.dev0(Nov 18, 2020)

Source code(tar.gz)
Source code(zip)

Owner

AWS Quick Start

Automated gold-standard deployments on AWS

GitHub Repository

SIGIT - Simple Information Gathering Toolkit

SIGIT - Simple Information Gathering Toolkit Features userrecon - username reconnaissance facedumper - dump facebook information mailfinder - find ema

437 Dec 29, 2022

A tool for exporting Telegram group chats into static websites, preserving chat history like mailing list archives.

tg-archive is a tool for exporting Telegram group chats into static websites, preserving chat history like mailing list archives. Preview The @fossuni

400 Dec 27, 2022

A bot that can play songs in Telegram group voice chats like AK 47

🎧 47Music Player 🎧 A bot that can play songs in Telegram group voice chats like AK 47 ✨ Easy To Deploy Pyrogram Session Config Vars API_ID : Assista

23 Dec 07, 2022

A Recommendation System For Diabetes Detection And Treatment

Diabetes-detection-tg-bot A Recommendation System For Diabetes Detection And Treatment Данная система помогает определить наличие или отсутствие сахар

1 Nov 22, 2021

Python wrapper for Wikipedia

Wikipedia API Wikipedia-API is easy to use Python wrapper for Wikipedias' API. It supports extracting texts, sections, links, categories, translations

369 Dec 30, 2022

Activate exitlag trial accounts

Exitlag Account Activator Activate exitlag trial accounts (unlimited trial accounts) ⭐ If you want to support me, follow me on github and star the pro

173 Nov 10, 2022

Discord Bot that can translate your text, count and reply to your messages with a personalised text

2 Jan 26, 2022

This tool is created by Shahzain and is one of the best self bots out there!

Shahzain SelfBot This tool is created by Shahzain and is one of the best self bots out there! Features Token Destroyer! Server Nuker(50-100 Bans Per S

6 Apr 02, 2022

Tools ini hanya bisa digunakan untuk menyerang website atau http/s

☢️ Tawkun DoS ☢️ Tools ini hanya bisa digunakan untuk menyerang website atau http/s FITUR: [ ☯️ ] Proxy Mode [ 🔥 ] SOCKS Mode | Kadang Eror [ ☢️ ] Ht

9 Jul 19, 2022

Discord Selfbot, 90+ commands

Setting the bot up. STEP 1: copy the directory yook.club selfbot was downloaded and extracted into, open cmd and type "cd " then paste. STEP 2: python

1 Dec 12, 2021

A telegram bot that can upload telegram media files to anonfiles.com and give you direct download link

✯ AnonFilesBot ✯ Telegram Files to AnonFiles Upload Bot It will Also Give Direct Download Link Process : Fork This Repositry And Simply Cick On Heroku

38 Dec 30, 2022

Yes, it's true :heartbeat: This repository has 337 stars.

Yes, it's true! Inspired by a similar repository from @RealPeha, but implemented using a webhook on AWS Lambda and API Gateway, so it's serverless! If

512 Jan 01, 2023

um simples script para localizar IP

um simples script para localizar IP pkg install git (apt-get install git) pkg install python (apt-get install python) git clone https://github.com/byd

4 Nov 29, 2021

Бот Telegram для Школы в Капотне (ЦО № 1858)

co1858 Telegram Bot Активно разрабатывался в 2015-2016 году как учебный проект, с целью научиться создавать ботов для Telegram. Бот автоматически парс

4 Aug 30, 2022

A demo titiler for Sentinel 2 Digital Twin dataset

This is a DEMO custom api built on top of TiTiler to create Web Map Tiles from the Digital Twin Sentinel-2 COG created by Sinergise

26 May 21, 2022

Zipper-s-Father - A simple telegram bot that takes a list of files sent by the user and returns them zipped

ZIP files telegram bot A simple telegram bot that takes a list of files sent by

1 Jan 29, 2022

A Python Library to interface with LinkedIn API, OAuth and JSON responses

#Overview Here's another library based on the LinkedIn API, OAuth and JSON responses. Hope this documentation explains everything you need to get star

69 Dec 11, 2022

Python Library for Secp256k1 Bitcoin curve to do fast ECC calculation

secp256k1 Python Library for Secp256k1 Bitcoin curve to do fast ECC calculation Example Usage import secp256k1 as ice print('[C]',privatekey_to_addres

49 Jan 01, 2023

Frida-based ceserver.iOS analysis is possible with Cheat Engine.

frida-ceserver frida-based ceserver. iOS analysis is possible with Cheat Engine. Original by Dark Byte. Usage Install python library. pip install pack

87 Dec 30, 2022

Um bot simples para seguir as pessoas

Um bot simples para seguir pessoas no instagram, criado apeanas para testes. Utilizando o framework "Selenium", criei um bot para entrar em uma conta

1 Nov 05, 2021