Invalid FindInMap does not get picked up

[hoshsadiq]

Got the following mapping:

Mappings:
  CertificateMap:
    us-east-1:
      Arn: arn:aws:acm:us-east-1:<account>:certificate/<id>

Resources
  AppAlbListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      # ...
      Certificates:
        - CertificateArn:
            Fn::FindInMap: [CertificateMap, !Ref 'AWS::Region', id]

As you can see, Fn::FindInMap is referencing the id key instead of Arn. We should add a rule to fail in such a scenario.

[kddejong]

Agreed. This would be a great rule. Thanks.

[cmmeyer]

Agreed! @hoshsadiq -- if you feel like tackling this let us know! There are some tools in the docs/ directory to help bootstrap you on writing rules, and you can reach out to any of us if you get stuck.

We've also got a Slack channel I can invite you too for real-time discussion.

[hoshsadiq]

Yes please, would be good. I do have a few questions.

[cmmeyer]

Awesome -- send me your email either to cmmeyer@amazon.com or as a DM on twitter (@ChuckM) and I'll get you invited.

[kddejong]

I had ideas to create this rule a few times but I always paused when you realized you can use Ref for the MapName. But what we should have done is just punt in that scenario. Have some check for common scenarios of the map being a string is better than nothing.

[hoshsadiq]

Yeah I realised that. It was one of the reason I wanted to join the Slack, to see if you guys already have a way of resolving refs as best as possible, but haven't had a chance to ask it yet as I've been without internet everytime I've started looking at this.

[hoshsadiq]

Thanks @kddejong. I never did get a chance to do it. Sorry about that.

[kddejong]

No worries. Improvements welcome by the way. But this should get us get a lot closer.