""" Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: MIT-0 """ from cfnlint.rules import CloudFormationLintRule, RuleMatch class ImageId(CloudFormationLintRule): id = "W2506" shortdesc = "Check if ImageId Parameters have the correct type" description = ( "See if there are any refs for ImageId to a parameter " + "of inappropriate type. Appropriate Types are " + "[AWS::EC2::Image::Id, AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>]" ) source_url = "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html#parmtypes" tags = ["parameters", "ec2", "imageid"] def match(self, cfn): """Check CloudFormation ImageId Parameters""" matches = [] # Build the list of refs imageidtrees = cfn.search_deep_keys("ImageId") valid_refs = cfn.get_valid_refs() allowed_types = [ "AWS::EC2::Image::Id", "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>", ] # Filter only resoureces imageidtrees = [x for x in imageidtrees if x[0] == "Resources"] for imageidtree in imageidtrees: imageidobj = imageidtree[-1] if isinstance(imageidobj, dict): if len(imageidobj) == 1: for key, paramname in imageidobj.items(): if key == "Ref": if paramname in valid_refs: if valid_refs[paramname]["From"] == "Parameters": if ( valid_refs[paramname]["Type"] not in allowed_types ): message = ( f"Parameter {paramname} should be of type " f'[{", ".join(map(str, allowed_types))}]' ) tree = ["Parameters", paramname] matches.append(RuleMatch(tree, message)) else: message = f'Inappropriate map found for ImageId on {"/".join(map(str, imageidtree[:-1]))}' matches.append(RuleMatch(imageidtree[:-1], message)) return matches
Name | Type | Size | Permission | Actions |
---|---|---|---|---|
__pycache__ | Folder | 0755 |
|
|
AllowedPattern.py | File | 5.76 KB | 0644 |
|
AllowedValue.py | File | 4.8 KB | 0644 |
|
AtLeastOne.py | File | 4.11 KB | 0644 |
|
AvailabilityZone.py | File | 3.41 KB | 0644 |
|
BasedOnValue.py | File | 6.33 KB | 0644 |
|
Exclusive.py | File | 3.98 KB | 0644 |
|
ImageId.py | File | 2.37 KB | 0644 |
|
Inclusive.py | File | 3.7 KB | 0644 |
|
JsonSize.py | File | 6.08 KB | 0644 |
|
ListDuplicates.py | File | 4.39 KB | 0644 |
|
ListDuplicatesAllowed.py | File | 4.76 KB | 0644 |
|
ListSize.py | File | 4.88 KB | 0644 |
|
NumberSize.py | File | 4.88 KB | 0644 |
|
OnlyOne.py | File | 3.89 KB | 0644 |
|
Password.py | File | 3.63 KB | 0644 |
|
Properties.py | File | 27.49 KB | 0644 |
|
PropertiesTemplated.py | File | 2.44 KB | 0644 |
|
Required.py | File | 4.1 KB | 0644 |
|
RequiredBasedOnValue.py | File | 831 B | 0644 |
|
StringSize.py | File | 4.52 KB | 0644 |
|
UnwantedBasedOnValue.py | File | 837 B | 0644 |
|
ValuePrimitiveType.py | File | 11.6 KB | 0644 |
|
ValueRefGetAtt.py | File | 11.96 KB | 0644 |
|
__init__.py | File | 106 B | 0644 |
|