""" Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: MIT-0 """ from cfnlint.rules import CloudFormationLintRule, RuleMatch class Modules(CloudFormationLintRule): """Check that Modules do not contain invalid data""" id = "E5001" shortdesc = "Check that Modules resources are valid" description = "Check that Modules resources are valid" source_url = "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/" tags = ["resources", "modules"] def match(self, cfn): matches = [] resource_properties = cfn.get_resources() resource_dict = { key: resource_properties[key] for key in resource_properties if isinstance(resource_properties[key], dict) } for resource_name, resource_values in resource_dict.items(): module = { "Type": v for (k, v) in resource_values.items() if str(v).endswith("::MODULE") is True } if module: matches.extend(self.check_metadata_keys(cfn)) matches.extend(self.check_tags(resource_name, resource_values)) matches.extend( self.check_policy("CreationPolicy", resource_name, resource_values) ) matches.extend( self.check_policy("UpdatePolicy", resource_name, resource_values) ) return matches def check_policy(self, policy, resource_name, resource_values): """Ensure invalid policies are not used""" matches = [] if resource_values.get(policy, {}): path = ["Resources", resource_name, policy] matches.append(RuleMatch(path, f"{policy} is not permitted within Modules")) return matches def check_tags(self, resource_name, resource_values): """Ensure invalid policies are not used""" matches = [] properties = resource_values.get("Properties", {}) if properties.get("Tags"): path = ["Resources", resource_name, "Properties", "Tags"] matches.append(RuleMatch(path, "Tags is not permitted within Modules")) return matches def check_metadata_keys(self, cfn): """Ensure reserved metadata key AWS::CloudFormation::Module is not used""" modules = cfn.get_modules().keys() matches = [] reserved_key = "AWS::CloudFormation::Module" refs = cfn.search_deep_keys(reserved_key) for ref in refs: if (ref[1] in modules) and (len(ref) > 3): if ref[0] == "Resources" and ref[2] == "Metadata": matches.append( RuleMatch(ref, f"The Metadata key {reserved_key} is reserved") ) return matches
Name | Type | Size | Permission | Actions |
---|---|---|---|---|
__pycache__ | Folder | 0755 |
|
|
backup | Folder | 0755 |
|
|
certificatemanager | Folder | 0755 |
|
|
cloudformation | Folder | 0755 |
|
|
cloudfront | Folder | 0755 |
|
|
codepipeline | Folder | 0755 |
|
|
dynamodb | Folder | 0755 |
|
|
ecs | Folder | 0755 |
|
|
ectwo | Folder | 0755 |
|
|
elasticache | Folder | 0755 |
|
|
elb | Folder | 0755 |
|
|
events | Folder | 0755 |
|
|
iam | Folder | 0755 |
|
|
lmbd | Folder | 0755 |
|
|
properties | Folder | 0755 |
|
|
rds | Folder | 0755 |
|
|
route53 | Folder | 0755 |
|
|
stepfunctions | Folder | 0755 |
|
|
updatepolicy | Folder | 0755 |
|
|
ApproachingLimitName.py | File | 686 B | 0644 |
|
ApproachingLimitNumber.py | File | 690 B | 0644 |
|
BothUpdateReplacePolicyDeletionPolicyNeeded.py | File | 1.74 KB | 0644 |
|
CircularDependency.py | File | 1.18 KB | 0644 |
|
Configuration.py | File | 6.97 KB | 0644 |
|
DeletionPolicy.py | File | 3.91 KB | 0644 |
|
DependsOn.py | File | 2.7 KB | 0644 |
|
DependsOnObsolete.py | File | 3.01 KB | 0644 |
|
HardCodedArnProperties.py | File | 4.71 KB | 0644 |
|
LimitName.py | File | 704 B | 0644 |
|
LimitNumber.py | File | 692 B | 0644 |
|
Modules.py | File | 2.8 KB | 0644 |
|
Name.py | File | 688 B | 0644 |
|
NoEcho.py | File | 3.2 KB | 0644 |
|
PreviousGenerationInstanceType.py | File | 4.2 KB | 0644 |
|
ResourceSchema.py | File | 1.74 KB | 0644 |
|
RetentionPeriodOnResourceTypesWithAutoExpiringContent.py | File | 6.42 KB | 0644 |
|
ServerlessTransform.py | File | 1.59 KB | 0644 |
|
UniqueNames.py | File | 924 B | 0644 |
|
UpdateReplacePolicy.py | File | 4.07 KB | 0644 |
|
UpdateReplacePolicyDeletionPolicyOnStatefulResourceTypes.py | File | 2.09 KB | 0644 |
|
__init__.py | File | 106 B | 0644 |
|