Deion: I installed sam cli on ubuntu 22.04, created a new pr

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

Thank you for responding <a class="user-mention notranslate" data-hovercard-type="user

I just followed the instructions at <a href="https://docs.aws.amazon.com/serverless-ap

SamCli standard template with no modifications fails validation ,about aws/aws-sam-cli

Comments (6)

hawflau commented on August 16, 2024

Hi @d3cxxxx thanks for raising the issue.

I couldn't reproduce the error you saw.

Can you try directly calling cfn-lint on the template? eg cfn-lint -t template.yaml

I also wonder if you have an existing .cfnlintrc file somewhere that might have impacted the result

from aws-sam-cli.

d3cxxxx commented on August 16, 2024

Thank you for responding @hawflau
I don't seem to have cfn-lint in my system. Is that a pre-requisite? Didn't see that get mentioned anywhere.

$ cfn-lint -t template.yaml 
cfn-lint: command not found
$

from aws-sam-cli.

hawflau commented on August 16, 2024

I tried in a Ubuntu instance but still couldn't reproduce the issue. I used the Linux Installer so I used the bundled Python instead of having to install on my own.

How did you install SAM CLI in your environment? (as you mentioned you installed Python3.12)

It seems to me that it's an issue from cfn-lint. It seems like you're seeing the same error as this - aws-cloudformation/cfn-lint#3300

from aws-sam-cli.

d3cxxxx commented on August 16, 2024

I just followed the instructions at here
It doesn't really say anything about tieing it your python installation.

from aws-sam-cli.

d3cxxxx commented on August 16, 2024

I realized (embarrassingly enough) that I need to install cfn-lint using pip. I guess the install instructions of SAM cli should list it.
Anyway, after I installed cfn-lint in the system default python version (3.10),

~/code/aws/samcli/samtest$ cfn-lint -t template.yaml
~/code/aws/samcli/samtest$

ran without any complaints, but sam validate still gives me the same issue.

~/code/aws/samcli/samtest$ sam validate

Error: Rule already included: E2531
Traceback:
  File "click/core.py", line 1078, in main
  File "click/core.py", line 1688, in invoke
  File "click/core.py", line 1434, in invoke
  File "click/core.py", line 783, in invoke
  File "samcli/cli/cli_config_file.py", line 347, in wrapper
  File "click/decorators.py", line 92, in new_func
  File "click/core.py", line 783, in invoke
  File "samcli/lib/telemetry/metric.py", line 185, in wrapped
  File "samcli/lib/telemetry/metric.py", line 150, in wrapped
  File "samcli/lib/utils/version_checker.py", line 43, in wrapped
  File "samcli/cli/main.py", line 95, in wrapper
  File "samcli/commands/_utils/cdk_support_decorators.py", line 40, in wrapped
  File "samcli/commands/_utils/command_exception_handler.py", line 89, in wrapper_command_exception_handler
  File "samcli/commands/_utils/command_exception_handler.py", line 69, in wrapper_command_exception_handler
  File "samcli/commands/validate/validate.py", line 60, in cli
  File "samcli/commands/validate/validate.py", line 75, in do_cli
  File "samcli/commands/validate/validate.py", line 166, in _lint
  File "cfnlint/core.py", line 175, in get_matches
    (template, rules, errors) = get_template_rules(filename, args)
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "cfnlint/core.py", line 319, in get_template_rules
    _build_rule_cache(args)
  File "cfnlint/core.py", line 274, in _build_rule_cache
    __CACHED_RULES = cfnlint.core.get_rules(
                     ^^^^^^^^^^^^^^^^^^^^^^^
  File "cfnlint/core.py", line 160, in get_rules
    rules.create_from_directory(rules_path)
  File "cfnlint/rules/__init__.py", line 595, in create_from_directory
    self.extend(result)
  File "cfnlint/rules/__init__.py", line 304, in extend
    self.register(rule)
  File "cfnlint/rules/__init__.py", line 291, in register
    raise DuplicateRuleError(rule_id=rule.id)

An unexpected error was encountered while executing "sam validate".
Search for an existing issue:
https://github.com/aws/aws-sam-cli/issues?q=is%3Aissue+is%3Aopen+Bug%3A%20sam%20validate%20-%20DuplicateRuleError
Or create a bug report:
https://github.com/aws/aws-sam-cli/issues/new?template=Bug_report.md&title=Bug%3A%20sam%20validate%20-%20DuplicateRuleError
~/code/aws/samcli/samtest$

Let me try installing it in the python 3.12 installation as well and report back (although I don't think it'll help).

from aws-sam-cli.

d3cxxxx commented on August 16, 2024

Same error even after install cfn-lint in python 3.12.

Also, cfn-lint -l reports no errors and lists the rules:

~/code/aws/samcli/samtest$ cfn-lint -l
E0000: Parsing error found when parsing the template
Checks for JSON/YAML formatting errors in your template
E0001: Error found when transforming the template
Errors found when performing transformation on the template
E0002: Error processing rule on the template
Errors found when processing a rule on the template
E1001: Basic CloudFormation Template Configuration
Making sure the basic CloudFormation template components are properly configured
E1002: Validate if a template size is too large
Check the size of the template is less than the upper limit
E1003: Validate the max size of a description
Check if the size of the template description is less than the upper limit
E1004: Template description can only be a string
Template description can only be a string
E1010: GetAtt validation of parameters
Validates that GetAtt parameters are to valid resources and properties of those resources
E1011: FindInMap validation of configuration
Making sure the function is a list of appropriate config
E1015: GetAz validation of parameters
Making sure the GetAz function is properly configured
E1016: ImportValue validation of parameters
Making sure the ImportValue function is properly configured
E1017: Select validation of parameters
Making sure the Select function is properly configured
E1018: Split validation of parameters
Making sure the split function is properly configured
E1019: Sub validation of parameters
Making sure the sub function is properly configured
E1020: Ref validation of value
Making sure the Ref has a String value (no other functions are supported)
E1021: Base64 validation of parameters
Making sure the Base64 function is properly configured
E1022: Join validation of parameters
Making sure the join function is properly configured
E1024: Cidr validation of parameters
Making sure the function CIDR is a list with valid values
E1027: Check dynamic references secure strings are in supported locations
Dynamic References Secure Strings are only supported for a small set of resource properties.  Validate that they are being used in the correct location when checking values and Fn::Sub in resource properties. Currently doesn't check outputs, maps, conditions, parameters, and descriptions.
E1028: Check Fn::If structure for validity
Check Fn::If to make sure its valid.  Condition has to be a string.
E1029: Sub is required if a variable is used in a string
If a substitution variable exists in a string but isn't wrapped with the Fn::Sub function the deployment will fail.
E1030: Length validation of parameters
Making sure Fn::Length is configured correctly
E1031: ToJsonString validation of parameters
Making sure Fn::ToJsonString is configured correctly
E1032: Validates ForEach functions
Validates that ForEach parameters have a valid configuration
E1040: Check if GetAtt matches destination format
Validate that if source and destination format exists that they match
E1050: Validate the structure of a dynamic reference
Make sure dynamic reference strings have the correct syntax
E1051: Validate dynamic references to secrets manager are only in resource properties
Dynamic references from secrets manager can only be used in resource properties
E1052: Validate dynamic references to SSM are in a valid location
Dynamic references to SSM parameters are only supported in certain locations
E1101: Validate an item against additional checks
Use supplemental logic to validate properties against
E1103: Validate the format of a value
Parent rule for validating the format keyword in schemas
E1150: Validate security group format
Security groups have to ref/gettatt to a security group or has the valid pattern
E1151: Validate VPC id format
Check that a VPC id matches a pattern
E1152: Validate AMI id format
Check that a AMI id matches a pattern
E1153: Validate security group name
Security group names have to valid pattern
E2001: Parameters have appropriate properties
Making sure the parameters are properly configured
E2002: Parameters have appropriate type
Making sure the parameters have a correct type
E2003: Parameters have appropriate names
Check if Parameters are properly named (A-Za-z0-9)
E2010: Parameter limit not exceeded
Check the number of Parameters in the template is less than the upper limit
E2011: Validate the name for a parameter
Validate the name of a parameter with special handling of the max length length
E2015: Default value is within parameter constraints
Making sure the parameters have a default value inside AllowedValues, MinValue, MaxValue, AllowedPattern
E2529: Check for SubscriptionFilters have beyond 2 attachments to a CloudWatch Log Group
The current limit for a CloudWatch Log Group is they can have 2 subscription filters. We will look for duplicate LogGroupNames inside Subscription Filters and make sure they are within 2. This doesn't account for any other subscription filters getting set.
E2530: SnapStart supports the configured runtime
To properly leverage SnapStart, you must have a runtime of Java11 or greater
E2531: Validate if lambda runtime is deprecated
Check the lambda runtime has reached the end of life
E2532: Check State Machine Definition for proper syntax
Check the State Machine String Definition to make sure its JSON. Validate basic syntax of the file to determine validity.
E2533: Check if Lambda Function Runtimes are updatable
Check if an EOL Lambda Runtime is specified and you cannot update the function
E2540: CodePipeline Stages
See if CodePipeline stages are set correctly
E2541: CodePipeline Stage Actions
See if CodePipeline stage actions are set correctly
E3001: Basic CloudFormation Resource Check
Making sure the basic CloudFormation resources are properly configured
E3002: Resource properties are invalid
Making sure that resources properties are properly configured
E3003: Required Resource properties are missing
Make sure that Resources properties that are required exist
E3004: Resource dependencies are not circular
Check that Resources are not circularly dependent by DependsOn, Ref, Sub, or GetAtt
E3005: Check DependsOn values for Resources
Check that the DependsOn values are valid
E3006: Validate the CloudFormation resource type
Resource types are validated against the spec accounting for regions
E3007: Unique resource and parameter names
All resources and parameters must have unique names
E3008: Validate an array in order
Will validate arrays in order for schema validation
E3009: Check CloudFormation init configuration
Validate that the items in a CloudFormation init adhere to standards
E3010: Resource limit not exceeded
Check the number of Resources in the template is less than the upper limit
E3011: Check property names in Resources
Validate property names are property configured in Resources
E3012: Check resource properties values
Checks resource property values with Primitive Types for values that match those types.
E3013: CloudFront Aliases
CloudFront aliases should contain valid domain names
E3014: Validate only one of a set of required properties are specified
Make sure that Resources properties that are required exist. Along with other properties not being specified
E3015: Validate the resource condition is valid
Check the condition of a resource to make sure it exists inside the template
E3016: Check the configuration of a resources UpdatePolicy
Make sure a resources UpdatePolicy is properly configured
E3017: Check Properties that need at least one of a list of properties
Making sure CloudFormation properties that require at least one property from a list. More than one can be included.
E3018: Check Properties that need only one of a list of properties
Making sure CloudFormation properties that require only one property from a list. One has to be specified.
E3019: Validate that all resources have unique primary identifiers
Use the primary identifiers in a resource schema to validate that resources inside the template are unique
E3020: Validate that when a property is specified another property should be excluded
When certain properties are specified other properties should not be included
E3021: Validate that when a property is specified that other properties should be included
When certain properties are specified it results in other properties to be required
E3022: Resource SubnetRouteTableAssociation Properties
Validate there is only one SubnetRouteTableAssociation per subnet
E3023: Validate Route53 RecordSets
Check if all RecordSets are correctly configured
E3024: Validate tag configuration
Validates tag values to make sure they have unique keys and they follow pattern requirements
E3025: Validates RDS DB Instance Class
Validates the RDS DB instance types based on region and data gathered from the pricing APIs
E3026: Check Elastic Cache Redis Cluster settings
Evaluate Redis Cluster groups to make sure automatic failover is enabled when cluster mode is enabled
E3027: Validate AWS Event ScheduleExpression format
Validate the formation of the AWS::Event ScheduleExpression
E3028: Validate the metadata section of a resource
The metadata section can be unstructured but we do validate the items we can
E3029: Validate Route53 record set aliases
When using alias records you can't specify TTL or certain types are allowed
E3030: Check if properties have a valid value
Check if properties have a valid value in case of an enumator
E3031: Check if property values adhere to a specific pattern
Check if properties have a valid value in case of a pattern (Regular Expression)
E3032: Check if a array has between min and max number of values specified
Check array for the number of items in the list to validate they are between the minimum and maximum
E3033: Check if a string has between min and max number of values specified
Check strings for its length between the minimum and maximum
E3034: Check if a number is between min and max
Check numbers (integers and floats) for its value being between the minimum and maximum
E3035: Check DeletionPolicy values for Resources
Check that the DeletionPolicy values are valid
E3036: Check UpdateReplacePolicy values for Resources
Check that the UpdateReplacePolicy values are valid
E3037: Check if a list has duplicate values
Certain lists don't support duplicate items. Check when duplicates are provided but not supported.
E3038: Check if Serverless Resources have Serverless Transform
Check that a template with Serverless Resources also includes the Serverless Transform
E3039: AttributeDefinitions / KeySchemas mismatch
Verify the set of Attributes in AttributeDefinitions and KeySchemas match
E3040: Validate we aren't configuring read only properties
Read only properties can be configured in a CloudFormation template but they aren't sent to the resource provider code and can cause drift.
E3041: RecordSet HostedZoneName is a superdomain of or equal to Name
In a RecordSet, the HostedZoneName must be a superdomain of or equal to the Name being validated
E3042: Validate at least one essential container is specified
Check that every TaskDefinition specifies at least one essential container
E3043: Validate parameters for in a nested stack
Evalute if parameters for a nested stack are specified and if parameters are specified for a nested stack that aren't required.
E3044: ECS service using FARGATE or EXTERNAL can only use SchedulingStrategy of REPLICA
When using a TargetType of Fargate or External the SchedulingStrategy has to be Replica
E3045: Validate AccessControl are set with OwnershipControls
When using AccessControl other than private you must also configure OwnershipControls. The default is bucket owner enforced which disables ACLs.
E3046: Validate ECS task logging configuration for awslogs
When 'awslogs' the options 'awslogs-group' and 'awslogs-region' are required
E3050: Check if REFing to a IAM resource with path set
Some resources don't support looking up the IAM resource by name. This check validates when a REF is being used and the Path is not '/'
E3503: ValidationDomain is superdomain of DomainName
In ValidationDomainOptions, the ValidationDomain must be a superdomain of the DomainName being validated
E3504: Check minimum 90 period is met between BackupPlan cold and delete
Check that Backup plans with lifecycle rules have >= 90 days between cold and delete
E3510: Validate identity based IAM polices
IAM identity polices are embedded JSON in CloudFormation. This rule validates those embedded policies.
E3511: Validate IAM role arn pattern
Validate an IAM role arn pattern matches
E3512: Validate resource based IAM polices
IAM resources polices are embedded JSON in CloudFormation. This rule validates those embedded policies.
E3513: Validate ECR repository policy
Private ECR repositories have a policy. This rule validates those policies.
E3615: Validate CloudWatch Alarm using AWS metrics has a correct period
Period < 60 not supported for namespaces with the following prefix: AWS/
E3617: Validate ManagedBlockchain instance type
Validates the ManagedBlockchain instance types based on region and data gathered from the pricing APIs
E3620: Validate a DocDB DB Instance class
Validates the DocDB instance types based on region and data gathered from the pricing APIs
E3621: Validate the instance types for AppStream Fleet
Validates the AppStream Fleet instance types based on region and data gathered from the pricing APIs
E3628: Validate EC2 instance types based on region
Validates the EC2 instance types based on region and data gathered from the pricing APIs
E3633: Validate Lambda event source mapping StartingPosition is used correctly
When 'EventSourceArn' is associate to Kinesis, Kafka, or DynamoDB you must specify 'StartingPosition
E3634: Validate Lambda event source mapping starting position is used with SQS
When 'EventSourceArn' is associated to SQS don't specify 'StartingPosition'
E3635: Validate Neptune DB instance class
Validates the instance types for Neptune DB based on region and data gathered from the pricing APIs
E3638: Validate DynamoDB BillingMode pay per request configuration
When 'BillingMode' is 'PAY_PER_REQUEST' don't specify 'ProvisionedThroughput'
E3639: When BillingMode is Provisioned you must specify ProvisionedThroughput
When 'BillingMode' is 'Provisioned' 'ProvisionedThroughput' is required
E3640: Validate DynamoDB SSE Specification has required properties when using KMS
When doing KMS encryption in an AWS DynamoDB table there are required properties.
E3641: Validate GameLift Fleet EC2 instance type
Validates the GameLift Fleet EC2 instance types based on region and data gathered from the pricing APIs
E3647: Validate ElastiCache cluster cache node type
Validates the ElastiCache instance types based on region and data gathered from the pricing APIs
E3652: Validate Elasticsearch domain cluster instance
Validates the Elasticsearch instance types based on region and data gathered from the pricing APIs
E3660: RestApi requires a name when not using an OpenAPI specification
When using AWS::ApiGateway::RestApi you have to provide 'Name' if you don't provide 'Body' or 'BodyS3Location'
E3661: Validate Route53 health check has AlarmIdentifier when using CloudWatch
When 'Type' is 'CLOUDWATCH_METRIC' you must specify 'AlarmIdentifier'
E3667: Validate RedShift cluster node type
Validates the RedShift instance types based on region and data gathered from the pricing APIs
E3670: Validate the instance types for an AmazonMQ Broker
Validates the instance types for AmazonMQ broker based on region and data gathered from the pricing APIs
E3671: Validate block device mapping configuration
Certain volume types require Iops to be specified
E3672: Validate the cluster node type for a DAX Cluster
Validates the DAX cluster instance types based on region and data gathered from the pricing APIs
E3675: Validate EMR cluster instance type
Validates the EMR cluster instance types based on region and data gathered from the pricing APIs
E3676: Validate ELBv2 protocols that require certificates have a certificate specified
When using HTTP or TLS you must specify a certificate
E3677: Validate Lambda using ZipFile requires an allowable runtime
Using the ZipFile attribute requires a javascript or python runtime to be specified
E3678: Using the ZipFile attribute requires a runtime to be specified
Using the ZipFile attribute requires a runtime to be specified
E3679: Validate ELB protocols that require certificates have a certificate specified
When using HTTPS or SSL you must provide a certificate
E3680: Application load balancers require at least 2 subnets

E3682: Validate when using Aurora certain properies aren't required
When creating an aurora DBInstance don't specify 'AllocatedStorage', 'BackupRetentionPeriod', 'CopyTagsToSnapshot', 'DeletionProtection', 'EnableIAMDatabaseAuthentication', 'MasterUserPassword', or 'StorageEncrypted'
E3686: Validate allowed properties when using a serverless RDS DB cluster
Validate that when EngineMode is 'serverless' or 'provisioned' that the appropriate allowed properties are provided. If 'EngineMode' is not provided make sure serverless properties don't exist at all.
E3687: Validate to and from ports based on the protocol
When using  icmp, icmpv6, tcp, or udp you have to specify the to and from port ranges
E3688: Validate that to and from ports are both -1
When ToPort or FromPort are -1 the other one must also be -1
E3689: Validate MonitoringInterval and MonitoringRoleArn are used together
When MonitoringInterval is greater than 0 you need to specify MonitoringRoleArn. If MonitoringRoleArn is specified MonitoringInterval has to be greather than 0.
E3690: Validate DB Cluster Engine and Engine Version
Validate the DB Cluster engine along with the engine version
E3691: Validate DB Instance Engine and Engine Version
Validate the DB Instance engine along with the engine version
E3692: Validate Multi-AZ DB cluster configuration
When creating a Multi-AZ DB Cluster there are required fields and the allowed values are different
E3693: Validate Aurora DB cluster configuration
When creating an Aurora DB Cluster there are required fields and the allowed values are different
E3694: Validates RDS DB Cluster instance class
Validates the RDS DB Cluster instance types based on region and data gathered from the pricing APIs
E4001: Metadata Interface have appropriate properties
Metadata Interface properties are properly configured
E4002: Validate the configuration of the Metadata section
Validates that Metadata section is an object and has no null values
E5001: Check that Modules resources are valid
Check that Modules resources are valid
E6001: Check the properties of Outputs
Validate the property structure for outputs
E6002: Outputs have required properties
Making sure the outputs have required properties
E6003: Check the type of Outputs
Validate the type of properties in the Outputs section
E6004: Outputs have appropriate names
Check if Outputs are properly named (A-Za-z0-9)
E6005: Validate the Output condition is valid
Check the condition of an output to make sure it exists inside the template
E6010: Output limit not exceeded
Check the number of Outputs in the template is less than the upper limit
E6011: Check property names in Outputs
Validate property names are property configured in Outputs
E6101: Validate that outputs values are a string
Make sure that output values have a type of string
E6102: Validate that output exports have values of strings
Make sure output exports have a value of type string
E7001: Mappings are appropriately configured
Check if Mappings are properly configured
E7002: Check property names in Mappings
Validate property names are property configured in Mappings
E7010: Max number of properties for Mappings
Check the number of Mappings in the template is less than the upper limit
E8001: Conditions have appropriate properties
Check if Conditions are properly configured
E8002: Check if the referenced Conditions are defined
Making sure the used conditions are actually defined in the Conditions section
E8003: Check Fn::Equals structure for validity
Check Fn::Equals is a list of two elements
E8004: Check Fn::And structure for validity
Check Fn::And is a list of two elements
E8005: Check Fn::Not structure for validity
Check Fn::Not is a list of one element
E8006: Check Fn::Or structure for validity
Check Fn::Or is a list of two elements
E8007: Check Condition structure for validity
Check Condition has a value of another condition
I1002: Validate approaching the template size limit
Check the size of the template is approaching the upper limit
I1003: Validate if we are approaching the max size of a description
Check if the size of the template description is approaching the upper limit
I1022: Use Sub instead of Join
Prefer a sub instead of Join when using a join delimiter that is empty
I2010: Parameter limit
Check the number of Parameters in the template is approaching the upper limit
I2011: Parameter name limit
Check the size of Parameter names in the template is approaching the upper limit
I2530: Validate that SnapStart is configured for >= Java11 runtimes
SnapStart is a no-cost feature that can increase performance up to 10x. Enable SnapStart for Java 11 and greater runtimes
I3010: Resource limit
Check the number of Resources in the template is approaching the upper limit
I3011: Check stateful resources have a set UpdateReplacePolicy/DeletionPolicy
The default action when replacing/removing a resource is to delete it. This check requires you to explicitly set policies
I3012: Resource name limit
Check the size of Resource names in the template is approaching the upper limit
I3013: Check resources with auto expiring content have explicit retention period
The behaviour for data retention is different across AWS Services.If no retention period is specified the default for some services is to delete the data after a period of time.This check requires you to explicitly set the retention period for those resources to avoid unexpected data losses
I3037: Check if a list that allows duplicates has any duplicates
Certain lists support duplicate items.Provide an alert when list of strings or numbers have repeats.
I3042: ARNs should use correctly placed Pseudo Parameters
Checks Resources if ARNs use correctly placed Pseudo Parameters instead of hardcoded Partition, Region, and Account Number
I3100: Checks for legacy instance type generations
New instance type generations increase performance and decrease cost
I6010: Output limit
Check the number of Outputs in the template is approaching the upper limit
I6011: Output name limit
Check the size of Output names in the template is approaching the upper limit
I7002: Mapping name limit
Check the size of Mapping names in the template is approaching the upper limit
I7010: Mapping limit
Check the number of Mappings in the template is approaching the upper limit
W1001: Ref/GetAtt to resource that is available when conditions are applied
Check the Conditions that affect a Ref/GetAtt to make sure the resource being related to is available when there is a resource condition.
W1011: Instead of REFing a parameter for a secret use a dynamic reference
Instead of REFing a parameter for a secret use a dynamic reference. Solutions like SSM parameter store and secrets manager provide better security of sercrets
W1019: Validate that parameters to a Fn::Sub are used
Validate that Fn::Sub Parameters are used
W1020: Sub isn't needed if it doesn't have a variable defined
Checks sub strings to see if a variable is defined.
W2001: Check if Parameters are Used
Making sure the parameters defined are used
W2010: NoEcho parameters are not masked when used in Metadata and Outputs
Using the NoEcho attribute does not mask any information stored in the following: Metadata, Outputs, Resource Metadata
W2030: Check if parameters have a valid value
Check if parameters have a valid value in case of an enumator. The Parameter's allowed values is based on the usages in property (Ref)
W2031: Check if parameters have a valid value based on an allowed pattern
Check if parameters have a valid value in a pattern. The Parameter's allowed pattern is based on the usages in property (Ref)
W2501: Check if Password Properties are correctly configured
Password properties should not be strings and if parameter using NoEcho
W2506: Check if ImageId Parameters have the correct type
See if there are any refs for ImageId to a parameter of inappropriate type. Appropriate Types are [AWS::EC2::Image::Id, AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>]
W2511: Check IAM Resource Policies syntax
See if the elements inside an IAM Resource policy are configured correctly.
W2530: Validate that SnapStart is properly configured
To properly leverage SnapStart, you must configure both the lambda function and attach a Lambda version resource
W2531: Check if EOL Lambda Function Runtimes are used
Check if an EOL Lambda Runtime is specified and give a warning if used. 
W2533: Check required properties for Lambda if the deployment package is a .zip file
When the package type is Zip, you must also specify the `handler` and `runtime` properties.
W3002: Warn when properties are configured to only work with the package command
Some properties can be configured to only work with the CloudFormationpackage command. Warn when this is the case so user is aware.
W3005: Check obsolete DependsOn configuration for Resources
Check if DependsOn is specified if not needed. A Ref or a Fn::GetAtt already is an implicit dependency.
W3010: Availability zone properties should not be hardcoded
Check if an Availability Zone property is hardcoded.
W3011: Check resources with UpdateReplacePolicy/DeletionPolicy have both
Both UpdateReplacePolicy and DeletionPolicy are needed to protect resources from deletion
W3034: Check if parameter values are between min and max
Check if parameter values value being between the minimum and maximum
W3037: Check IAM Permission configuration
Check for valid IAM Permissions
W3045: Controlling access to an S3 bucket should be done with bucket policies
Nearly all access control configurations can be more successfully achieved with bucket policies. Consider using bucket policies instead of access control.
W3687: Validate that ports aren't specified for certain protocols
When using a protocol other than icmp, icmpv6, tcp, or udp the port ranges properties are ignored
W3688: When restoring DBCluster certain properties are ignored
When creating a DBCluster extra properties are ignored and could result in drift
W3689: When using a source DB certain properties are ignored
When creating a DBCluster from a source certain properties are ignored and could result in drift
W4001: Metadata Interface parameters exist
Metadata Interface parameters actually exist
W4005: Validate cfnlint configuration in the Metadata
Metadata cfn-lint configuration has many values and we want to validate that
W6001: Check Outputs using ImportValue
Check if the Output value is set using ImportValue, so creating an Output of an Output
W7001: Check if Mappings are Used
Making sure the mappings defined are used
W8001: Check if Conditions are Used
Making sure the conditions defined are used
W8003: Fn::Equals will always return true or false
Validate Fn::Equals to see if its comparing two strings or two equal items. While this works it may not be intended.
~/code/aws/samcli/samtest$

from aws-sam-cli.

SamCli standard template with no modifications fails validation about aws-sam-cli HOT 6 OPEN

Comments (6)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent