"""
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0
"""
from cfnlint.rules import CloudFormationLintRule, RuleMatch
class ImageId(CloudFormationLintRule):
id = "W2506"
shortdesc = "Check if ImageId Parameters have the correct type"
description = (
"See if there are any refs for ImageId to a parameter "
+ "of inappropriate type. Appropriate Types are "
+ "[AWS::EC2::Image::Id, AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>]"
)
source_url = "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html#parmtypes"
tags = ["parameters", "ec2", "imageid"]
def match(self, cfn):
"""Check CloudFormation ImageId Parameters"""
matches = []
# Build the list of refs
imageidtrees = cfn.search_deep_keys("ImageId")
valid_refs = cfn.get_valid_refs()
allowed_types = [
"AWS::EC2::Image::Id",
"AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>",
]
# Filter only resoureces
imageidtrees = [x for x in imageidtrees if x[0] == "Resources"]
for imageidtree in imageidtrees:
imageidobj = imageidtree[-1]
if isinstance(imageidobj, dict):
if len(imageidobj) == 1:
for key, paramname in imageidobj.items():
if key == "Ref":
if paramname in valid_refs:
if valid_refs[paramname]["From"] == "Parameters":
if (
valid_refs[paramname]["Type"]
not in allowed_types
):
message = (
f"Parameter {paramname} should be of type "
f'[{", ".join(map(str, allowed_types))}]'
)
tree = ["Parameters", paramname]
matches.append(RuleMatch(tree, message))
else:
message = f'Inappropriate map found for ImageId on {"/".join(map(str, imageidtree[:-1]))}'
matches.append(RuleMatch(imageidtree[:-1], message))
return matches
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| __pycache__ | Folder | 0755 |
|
|
| AllowedPattern.py | File | 5.76 KB | 0644 |
|
| AllowedValue.py | File | 4.8 KB | 0644 |
|
| AtLeastOne.py | File | 4.11 KB | 0644 |
|
| AvailabilityZone.py | File | 3.41 KB | 0644 |
|
| BasedOnValue.py | File | 6.33 KB | 0644 |
|
| Exclusive.py | File | 3.98 KB | 0644 |
|
| ImageId.py | File | 2.37 KB | 0644 |
|
| Inclusive.py | File | 3.7 KB | 0644 |
|
| JsonSize.py | File | 6.08 KB | 0644 |
|
| ListDuplicates.py | File | 4.39 KB | 0644 |
|
| ListDuplicatesAllowed.py | File | 4.76 KB | 0644 |
|
| ListSize.py | File | 4.88 KB | 0644 |
|
| NumberSize.py | File | 4.88 KB | 0644 |
|
| OnlyOne.py | File | 3.89 KB | 0644 |
|
| Password.py | File | 3.63 KB | 0644 |
|
| Properties.py | File | 27.49 KB | 0644 |
|
| PropertiesTemplated.py | File | 2.44 KB | 0644 |
|
| Required.py | File | 4.1 KB | 0644 |
|
| RequiredBasedOnValue.py | File | 831 B | 0644 |
|
| StringSize.py | File | 4.52 KB | 0644 |
|
| UnwantedBasedOnValue.py | File | 837 B | 0644 |
|
| ValuePrimitiveType.py | File | 11.6 KB | 0644 |
|
| ValueRefGetAtt.py | File | 11.96 KB | 0644 |
|
| __init__.py | File | 106 B | 0644 |
|