- Change state machine schema based on query language by @kddejong in #4045
- Commonize how SAM transform checks are done by @kddejong in #4043
- Update CloudFormation schemas to
2025-03-24by @github-actions in #4046 - Deal with JSONata differences in choices by @kddejong in #4051
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.32.0...v1.32.1
- Update IAM Resource policy pattern by @kddejong in #4040
- Update rule W3037 to limit services and actions when using a resource policy by @kddejong in #4040
- Add rule E3514 to validate resource policy resource ARNs by @kddejong in #4040
- Update CloudFormation schemas to
2025-03-20by @github-actions in #4021 - Change transform check in W3037 by @kddejong in #4041
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.31.3...v1.32.0
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.31.2...v1.31.3
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.31.1...v1.31.2
- Update I3510 to not fail on resources that start with asterisk by @kddejong in #4029
- Fix merge for yaml parsing by @kddejong in #4028
- Add rule W1100 to validate if using YAML merge which requires the AWS cli to deploy by @kddejong in #4028
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.31.0...v1.31.1
- Update CloudFormation schemas to
2025-03-17by @github-actions in #4004 - New rule I3510 to validate action and resources match by @kddejong in #4019
- Update W3037 to skip non strings by @kddejong in #4023
- Update I3510 to not alert on asterisk resources by @kddejong in #4024
- Update W3037 to use regex when
?or*in action by @kddejong in #4026
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.30.0...v1.31.0
- Allow conditions in foreach by @kddejong in #4009
- Allow
_in condition names by @kddejong in #4008 - Remove experimental from W3037 by @kddejong in #3680
- Add in
patternfor CodePipeline action names by @kddejong in #4012 - Support GetAtts for nested stacks and outputs by @kddejong in #4011
- Add rule I2003 to validate
AllowedPatternby @kddejong in #4013 - Validate identity base SIDs by @kddejong in #4016
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.29.1...v1.30.0
- Update CloudFormation schemas to
2025-03-10by @github-actions in #3999 - Update E3701 to keep artifact names uniquely by the resource name by @kddejong in #4002
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.29.0...v1.29.1
- Add rule W3660 to validate mixing API body definitions in
AWS::ApiGateway::*resources by @kddejong in #3989 - Add rule E3505 to validate timeouts when connection
AWS::Lambda::FunctionandAWS::SQS::Queueby @kddejong in #3990 - Add rule E3636 to validate
AWS::CodeBuild::Projects3 locations by @kddejong in #3991 - Add rule E3061 to validate
AWS::S3::Buckettiering configurations by @kddejong in #3994 - Deprecate E2540 for new v1 version rules by @kddejong in #3993
- Deprecate E2541 for new v1 version rules by @kddejong in #3993
- Add rule E3700 to validate
AWS::CodePipeline::PipelineSourceactions are only in the first stage by @kddejong in #3993 - Add rule E3701 to validate
AWS::CodePipeline::Pipelineartifact names shared betweenInputArtifactsandOutputArtifactsby @kddejong in #3993 - Add rule E3702 to validate
AWS::CodePipeline::Pipelinecounts forInputArtifacts,OutputArtifactsbased on action type by @kddejong in #3993 - Add rule E3703 to validate
AWS::CodePipeline::Pipelineconfiguration of an action by @kddejong in #3993 - Additional general schema updates to complete the rest of the validation in rules E2540 and E2541 by @kddejong in #3993
- Update CloudFormation schemas to
2025-03-07by @github-actions in #3988 - Add
ConditiontoChoicein state machine by @kddejong in #4000
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.28.0...v1.29.0
- Add
uniqueKeysforSidin IAM policies by @kddejong in #3982 - Create ipv4 and ipv6 network formats by @kddejong in #3981
- Add rule E3059 to validate if
AWS::EC2::SubnetCIDRs are in aAWS::EC2::VPCby @kddejong in #3985 - Add rule E3060 to validate if
AWS::EC2::SubnetCIDRs overlap with each other by @kddejong in #3985 - Update CloudFormation schemas to
2025-03-04by @github-actions in #3980
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.27.0...v1.28.0
- Provide configuration for exceptions to E3019 by @kddejong in #3972
- Deprecate py3.8 by @kddejong in #3975
- Update lambda eol dates by @kddejong in #3977
- Update CloudFormation schemas to
2025-02-28by @github-actions in #3967 - Support major version for aurora-postgresql by @kddejong in #3978
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.26.1...v1.27.0
- Switch EC2 subnet
requiredXortorequiredOrby @kddejong in #3970
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.26.0...v1.26.1
- Update I1022 to allow functions by @kddejong in #3961
- Update CloudFormation schemas to
2025-02-24by @github-actions in #3960 - Add rule W1051 to validate if dynamic reference when ARN by @kddejong in #3962
- Ignore custom resource Ref by @kddejong in #3965
- Update custom resource schema by @kddejong in #3966
- Fix EC2 Subnet allowing ipv6 only by @kddejong in #3969
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.25.1...v1.26.0
- No maximum number of
Conditionsby @kddejong in #3958 - Update CloudFormation schemas to
2025-02-13by @github-actions in #3956
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.25.0...v1.25.1
- Don't do boto work on the
AWS::CloudFormation::Stackby @kddejong in #3951 - Add rule E3501 to validate AWS::SQS::Queue properties based on the queue type by @kddejong in #3952
- Add rule E3502 to validate AWS::SQS::Queue DLQ types match by @kddejong in #3952
- Add
TRUEto list of strings that can be boolean true by @kddejong in #3953 - Allow asterisks for rule I3042 by @kddejong in #3954
- Update CloudFormation schemas to
2025-02-11by @github-actions in #3948
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.24.0...v1.25.0
- Cleanup boto patching and include min/max by @kddejong in #3939
- Fix
formaterror messaging when no pattern by @kddejong in #3943 - Update CloudFormation schemas to
2025-02-04by @github-actions in #3945
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.23.1...v1.24.0
- Put in fixes for ECS
LogDriverconfigs by @kddejong in #3937 - Update CloudFormation schemas to
2025-01-30by @github-actions in #3936 - Backwards compatibility
formatcomparing by @kddejong in #3940
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.23.0...v1.23.1
- Add rule E1041 to validate
Refformat by @kddejong in #3914 - Update rule E2015 to have the
Defaultvalue be astrby @kddejong in #3931 - Update CloudFormation schemas to
2025-01-29by @github-actions in #3929
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.22.7...v1.23.0
- Allow
Fn::Transformalongside keys in mappings by @kddejong in #3920 - Remove Sagemaker domain patch and run update specs by @kddejong in #3922
- Update CloudFormation schemas to
2025-01-23by @github-actions in #3917
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.22.6...v1.22.7
- Fix resolver logic for better context logic by @kddejong in #3915
- Update CloudFormation schemas to
2025-01-16by @github-actions in #3913
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.22.5...v1.22.6
- Patch out bad types in DMS DataProvider by @kddejong in #3905
- Improve join performance by @kddejong in #3906
- Only replace parameter values in Resources by @kddejong in #3908
- Add JSONata to state machine definitions by @kddejong in #3909
- Update scripts to have better region support by @kddejong in #3910
- Update CloudFormation schemas to 2025-01-14 by @github-actions in #3904
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.22.4...v1.22.5
- Add
ap-southeast-7Asia Pacific (Thailand)Region by @kddejong in #3897 - Allow for debug in
.cfnlintrcfile by @kddejong in #3898 - Don't fail when ignore templates is empty or not findable by @kddejong in #3900
- Update CloudFormation schemas to
2025-01-09by @github-actions in #3901
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.22.3...v1.22.4
SnapStartis okay with new python dotnet by @kddejong in #3890- Update CloudFormation schemas to
2024-12-30by @github-actions in #3883
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.22.2...v1.22.3
- Update regex for FnSub by @kddejong in #3878
- Update fargate cpu memory schema by @kddejong in #3880
- Update CloudFormation schemas to 2024-12-16 by @github-actions in #3877
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.22.1...v1.22.2
- Add
patternfor SNSTopicNameby @kddejong in #3869 - Don't replace
Defaultvalues inSAMwhen SSM parameter by @kddejong in #3874 - Update CloudFormation schemas to
2024-12-12by @github-actions in #3868 - Dont guess at mappings when values are static in language extension transform by @kddejong in #3875
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.22.0...v1.22.1
- Replace parameters when both transforms are used by @kddejong in #3861
- Fix returning
NonefromFn::FindInMapby @kddejong in #3866 - Switch back to raising bad path errors by @kddejong in #3862
- Update CloudFormation schemas to
2024-12-10by @github-actions in #3863
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.21.0...v1.22.0
- Pass parameters to
ForEachCollectionprocessing by @kddejong in #3854 - Update rule W8003 to include always false by @kddejong in #3855
- Skip
Fn::FindInMapresolution when hitting aFn::Subby @kddejong in #3856 - Add
Assignto appropriate state machine options by @kddejong in #3859 - Update CloudFormation schemas to
2024-12-09by @github-actions in #3853
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.20.2...v1.21.0
- Add SES exception for boto
MatchingEventTypesby @kddejong in #3843 - Allow for major versions for
postgresby @kddejong in #3850 - Update CloudFormation schemas to
2024-12-02by @github-actions in #3844
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.20.1...v1.20.2
- Update CloudFormation schemas to 2024-11-23 by @github-actions in #3832
- Add
nodejs22.xtoAWS::Lambda::FunctionRuntimeenum by @JamesKyburz in #3841 - Add
maxItemsforPathPatternConfiginAWS::ElasticLoadBalancingV2::ListenerRuleby @kddejong in #3835
- @JamesKyburz made their first contribution in #3841
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.20.0...v1.20.1
- Update CloudFormation schemas to
2024-11-18by @github-actions in #3828 - Update error messagings from json schema by @kddejong in #3798
- Create rule E3695 to validate cache cluster engines by @kddejong in #3824
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.19.0...v1.20.0
- Update CloudFormation schemas to
2024-11-07by @github-actions in #3811 - Fix E3006 when both True and False are returned from
build_scenerios_on_regionby @kddejong in #3813 - Fix an issue when printing the graph overwriting the graph by @kddejong in #3814
- Update E1010 lang ext function support by @kddejong in #3817
- Increase logic of boto automation by @kddejong in #3818
- Allow
cloudfrontto be used in ARNs for account ID by @kddejong in #3821
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.18.4...v1.19.0
- Add
AutoRetryLimitforAWS::CodeBuild::Projectby @kddejong in #3809 - Fix validating min/maxLength whena property has an array for keyword
typeby @kddejong in #3805 - Update CloudFormation schemas to
2024-11-01by @github-actions in #3807
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.18.3...v1.18.4
- Enhanced monitoring can be configured on aurora clusters by @kddejong in #3801
- Update CloudFormation schemas to
2024-10-30by @github-actions in #3799
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.18.2...v1.18.3
- Update more tests for condition keys by @kddejong in #3781
- Update
Fn::FindInMapresolver to handleRefto psedueparams by @kddejong in #3785 - Create a new jsonschema keyword
enumCaseInsensitiveby @kddejong in #3789 - Trim comma delimited lists for context by @kddejong in #3790
- Update E1029 to support
Definitionin exceptions by @kddejong in #3792 - Allow
5.7/8.0for DB Engine Version by @kddejong in #3796 - Update CloudFormation schemas to
2024-10-28by @github-actions in #3795
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.18.1...v1.18.2
- Fix policy schema condition key patterns by @kddejong in #3779
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.18.0...v1.18.1
- Add
additionalPropertiesfalse to IAM conditions by @kddejong in #3767 - Update E3601 to handle substitutions in rule by @kddejong in #3768
- Update E3601 to skip state machine validation when using a function by @kddejong in #3770
- Add
^.*$to exceptions for boto pattern detection by @kddejong in #3772 - Bump
docker/library/pythonfrom3.12-alpine3.20to3.13-alpine3.20by @dependabot in #3773 - Expand boto auto detection to include sub properties by @kddejong in #3763
- Update CloudFormation schemas to
2024-10-21by @github-actions in #3758 - Add logic for
AWS::EC2::Subnet.Idformat by @kddejong in #3761
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.17.2...v1.18.0
- Update language extensions
Fn::ForEachfor empty lists by @kddejong in #3764 - Support Python 3.13 by @michael-k in #3765
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.17.1...v1.17.2
- Make an exception for DocDB Cluster Port return type by @kddejong in #3759
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.17.0...v1.17.1
- Update test results for
py3.8deprecation by @kddejong in #3745 - Add automation to creating boto patches by @kddejong in #3742
- Update
Dockerfileimage location to ECR by @kddejong in #3746 - Dynamically determine Account ID during transform by @kddejong in #3749
- Update graph labels by @kddejong in #3752
- Update lambda lifecycle runtimes by @kddejong in #3753
- Update
HealthCheckTypeenum forAWS::AutoScaling::AutoScalingGroupby @kddejong in #3755 - Update CloudFormation schemas to
2024-10-17by @github-actions in #3748
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.16.1...v1.17.0
- Move
requireXortoSpotFleetRequestConfigDataby @stevengubler in #3737 - Update CloudFormation schemas to
2024-10-10by @github-actions in #3736
- @stevengubler made their first contribution in #3737
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.16.0...v1.16.1
- Switch SAM validation E3031 to use pre-transform by @kddejong in #3726
- Bring back stateful resources json by @kddejong in #3728
- Update GetAtt type checking by @kddejong in #3731
- Add
MinActiveInstancesPercenttoAutoScalingRollingUpdateby @kddejong in #3733 - Update CloudFormation schemas to
2024-10-03by @github-actions in #3732 and #3723 - Update
requiredXorfor Vpc and Subnets by @kddejong in #3734
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.15.2...v1.15.3
- Exception for lambda authorizer uri by @kddejong in #3720
- Update CloudFormation schemas to 2024-09-30 by @github-actions in #3709
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.15.1...v1.15.2
- Switch FN support inside Rules by @kddejong in #3712
- Add equal vars for Rules to cnf building by @kddejong in #3714
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.15.0...v1.15.1
- Update state machine to support
StringMatchesby @kddejong in #3705 - Add rules for
Rulessection by @kddejong in #3703 - Allow for secretsmanager dynamic refs in
Parameterdefaults by @kddejong in #3707 - Update CloudFormation schemas to
2024-09-23by @github-actions in #3702
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.14.2...v1.15.0
- Move KMS validation for
SSESpecificationon Tables by @kddejong in #3700 - Update CloudFormation schemas to
2024-09-19by @github-actions in #3698
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.14.1...v1.14.2
- Add W3693 for aurora cluster properties by @kddejong in #3695
- Update ARN AWS regex in E3601 by @kddejong in #3696
- Update CloudFormation schemas to
2024-09-17by @github-actions in #3692
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.14.0...v1.14.1
- Cloud9 ImageIds can be an alias by @kddejong in #3679
- Exceptions for hardcoded authorizer uri in I3042 by @kddejong in #3684
- Associate[CarrierIpAddress|PublicIpAddress] not with
NetworkInterfaceIdby @kddejong in #3685 - Escape pattern matching when using SAM and SSM parameter default value by @kddejong in #3686
- Switch event rule
requiredXortorequiredOrby @kddejong in #3688 - Bump peter-evans/create-pull-request from 6 to 7 by @dependabot in #3689
- Bump pypa/gh-action-pip-audit from 1.0.8 to 1.1.0 by @dependabot in #3690
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.13.0...v1.14.0
- Add rule E3674 to validate instance
PrivateIpAddressby @kddejong in #3657 - Update schemas to not allow
Ipv6AddressesandIpv6AddressCountonAWS::EC2::NetworkInterfacetogether by @kddejong in #3656 - Update E3044 to allow
EXTERNALto not haveREPLICAby @kddejong in #3670 - Add rule E3056 to validate
HealthCheckGracePeriodSecondsonAWS::ECS::Serviceby @kddejong in #3671 - Update CloudFormation schemas to 2024-09-09 by @github-actions in #3647
- Fail gracefully if no templates match wildcard by @thecodingsysadmin in #3603
- @thecodingsysadmin made their first contribution in #3603
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.12.4...v1.13.0
- Return Symbol instead of None on Fn::Equals logic by @kddejong in #3663
- Remove handlers and tagging/permissions from specs by @kddejong in #3661
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.12.3...v1.12.4
- Allow for patch in place by @kddejong in #3649
- Add integration tests for AZ schema changes by @kddejong in #3655
- Better support for rule Equals when static by @kddejong in #3659
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.12.2...v1.12.3
- Don't resolve pseudoparams in findinmap by @kddejong in #3653
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.12.1...v1.12.2
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.12.0...v1.12.1
- GetAtts to array returns a string by @kddejong in #3639
- Add Condition logic for template Rules by @kddejong in #3634
- Another fix to pretty printer by @kddejong in #3641
- Add ap-southeast-5 by @kddejong in #3624
- Bring back better findinmap resolution by @kddejong in #3579
- Prevent infinite loops in conditions by @kddejong in #3645
- Update CloudFormation schemas to 2024-09-03 by @github-actions in #3644
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.11.1...v1.12.0
- Fix an issue with
dict_nodegetby @kddejong in #3628 - Add params to findinmap value by @kddejong in #3629
- Allow
Fn::LengthinFn::Selectby @kddejong in #3633 - Allow resource version to be an
integerby @kddejong in #3637 - Add more exceptions E1040 by @kddejong in #3636
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.11.0...v1.11.1
- Create rule E3055 to validate CreationPolicy by @kddejong in #3609
- Update CloudFormation schemas to 2024-08-21 by @github-actions in #3602
- Generate schema artifacts on release by @kddejong in #3611
- Fix integration tests by @kddejong in #3615
- Add assumed role to policy AWS by @kddejong in #3621
- Fix pretty print with pipes by @kddejong in #3622
- Require at least one element in LSI
ifby @kddejong in #3623
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.10.3...v1.11.0
- Look at
OriginGroupstoo for rule E3057 by @kddejong in #3607 - Continue on template decode errors by @kddejong in #3605
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.10.2...v1.10.3
- Fix an issue when scanning metadata by @kddejong in #3596
- Update getatt resolution for better regional support by @kddejong in #3597
- anyOf only returns Ws and Is when there are Es by @kddejong in #3600
- Update CloudFormation schemas to 2024-08-15 by @github-actions in #3591
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.10.1...v1.10.2
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.10.0...v1.10.1
- Add rule E3052, E3053, E3054 to validate ECS configs by @kddejong in #3546
- Add rule to E3057 to validate TargetOriginId in a DefaultCacheBehavior by @kddejong in #3561
- Update CloudFormation schemas to 2024-08-12 by @github-actions in #3581
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.9.7...v1.10.0
- Add Value to path in E6101 as we descend by @kddejong in #3582
- Smarter flow to rule E6101 by @kddejong in #3583
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.9.6...v1.9.7
- Update schema patching and fix some issues by @kddejong in #3570
- Update regex pattern for rule I3042 by @kddejong in #3572
- Better logic for empty yaml files by @kddejong in #3574
- Update pre-commit to 2024-08-08 by @kddejong in #3575
- Update CloudFormation schemas to 2024-08-08 by @github-actions in #3569
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.9.5...v1.9.6
- Increase the max value of
AWS::Cognito::UserPoolClient#RefreshTokenValidityto315360000by @BR0kEN- in #3567 - Update CloudFormation schemas to 2024-08-05 by @github-actions in #3539
- @BR0kEN- made their first contribution in #3567
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.9.4...v1.9.5
- Add logic to handle Ref
AWS::NoValuein list by @kddejong in #3563
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.9.3...v1.9.4
- Update schema filtering to use new condition logic by @kddejong in #3552
- Update E3615 to validate all CloudWatch Alarm periods by @kddejong in #3556
- Better type checking for
nulltypes by @kddejong in #3557 - Add
dependentExcludedforAbortIncompleteMultipartUploadinAWS::S3::Bucketby @kddejong in #3558
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.9.2...v1.9.3
- Update W3663 to skip validation when Sub by @kddejong in #3548
- Update E3673 to return the rule in
ValidationErrorby @kddejong in #3548
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.9.1...v1.9.2
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.9.0...v1.9.1
- Better iam policies by @kddejong in #3530
- Create rule W3663 to validate lmbd permission account by @kddejong in #3523
- Context condition logic by @kddejong in #3532
- Create rule E3673 to validate ImageId being required on an instance by @kddejong in #3513
- Create rule E3049 to validate ECS Task/Service and LB target configuration with dynamic host ports by @kddejong in #3513
- Allow more types in Metadata by @kddejong in #3536
- Update CloudFormation schemas to 2024-07-29 by @github-actions in #3533
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.8.2...v1.9.0
AutoMinorVersionUpgradecan be used with Aurora clusters by @kddejong in #3522- A bunch of fixes for state machines by @kddejong in #3528
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.8.1...v1.8.2
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.8.0...v1.8.1
- Add rule E3663 to validate lambda fn env vars by @kddejong in #3505
- Allow for vCPU and GB in ECS task rules E3047 and E3048 by @kddejong in #3515
- Update CloudFormation schemas to 2024-07-17 by @github-actions in #3504
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.7.2...v1.8.0
- Add 1.0 to SSM document versions by @kddejong in #3511
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.7.1...v1.7.2
- Fix sub regex resolver to always return a string by @kddejong in #3508
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.7.0...v1.7.1
- Don't validate W2001 when using Transform by @kddejong in #3501
- Fix an issue with endless loops in Fn::Sub by @kddejong in #3503
- Move rule to E2532 to E3601 by @kddejong in #3502
- Add start to SSM json schemas by @kddejong in #3471
- Add two new rules to validate fargate tasks by @kddejong in #3464
- Update CloudFormation schemas to 2024-07-15 by @github-actions in #3494
- Convert resolver errors to warnings by @kddejong in #3493
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.6.1...v1.7.0
- SAM transform replace AutoPublishCodeSha256 by @kddejong in #3497
- Change return type of conditions
build_scenerios_on_regionto be alist[bool]by @kddejong in #3498
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.6.0...v1.6.1
- Update CloudFormation schemas to 2024-07-11 by @github-actions in #3484
- Return all errors from resolution by @kddejong in #3489
- Disable W1020 when using SAM by @kddejong in #3491
- Use region when looking for a resolver being satisfied by @kddejong in #3490
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.5.3...v1.6.0
- Load registry schemas before implementing patching by @kddejong in #3486
- Force resolve validation to not use strict types by @kddejong in #3488
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.5.2...v1.5.3
- Update CloudFormation schemas to 2024-07-09 by @github-actions in #3457
- Update logging configuration to not log when used as a library by @kddejong in #3479
- Add
AWS::ServiceCatalog::CloudFormationProvisionedProductto exceptions for E1040 by @kylekluever in #3481 - Allow ICMP to have
FromPortother than -1 withToPort-1 by @kddejong in #3482
- @kylekluever made their first contribution in #3481
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.5.1...v1.5.2
- Switch type comparison in BaseFn to use is_types_compatible by @kddejong in #3461
- Update E2015 to split defaults on comma by @kddejong in #3466
- Don't fail
anyOfon warnings by @kddejong in #3469 - Allow
Transformsection to have the full transform def by @kddejong in #3470 - Update
GetAttlogic forAWS::ServiceCatalog::CloudFormationProvisionedProductby @kddejong in #3475 - Remove
requiredXorforAWS::EC2::Instanceby @kddejong in https://github.com/aws-cloudformation/cfn-lint/pull/#3477
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.5.0...v1.5.1
- Update mappings to support transforms at the root level by @kddejong in #3439
- Update
CfnLintJsonSchemabased rules for dynamic references by @kddejong in #3442 - Fix tagging examples by @michael-k in #3448
- Add
fullkeyword to optional dependencies by @kddejong in #3454 - Load registry schemas if type match by @kddejong in #3450
- Update helpers.py with DocDB snapshot type by @marty-sullivan in #3455
- Update CloudFormation schemas to 2024-07-02 by @github-actions in #3447
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.4.2...v1.5.0
- Fix JSON based tags for many types by @kddejong in #3437
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.4.1...v1.4.2
- Fix JSON based tags for many of the Glue types by @kddejong in #3434
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.4.0...v1.4.1
- Default
EngineModefor E3686 isprovisionedby @kddejong in #3425 - Update docdb engine version to have
5.0.0by @kddejong in #3428 - In legacy RulesCollection validate the rule is enabled before returning result by @kddejong in #3429
- Convert all json properties to support
stringandobjectby @kddejong in #3423 - Patch in better validation for
Tagsproperties that just havetypeobjectby @kddejong in #3423
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.3.7...v1.4.0
- Consider output conditions in E6101 by @kddejong in #3414
- Bring back
Transformafter SAM removes them by @kddejong in #3417 - Handle
Fn::Transforms inside Mappings by @kddejong in #3419 - Add logic to update E3682 to require
Engineby @kddejong in #3419
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.3.6...v1.3.7
- Remove falsy issues with FindInMap resolution by @kddejong in #3410
- Remove resolution errors when default value Ref AWS::NoValue and bad mappings in FindInMap by @kddejong in #3410
- Patch AWS::ImageBuilder::ContainerRecipe.InstanceConfiguration by @kddejong in #3413
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.3.5...v1.3.6
- Allow Ref AWS::NoValue in FindInMap parameters by @kddejong in #3399
- Update policy principal validation logic by @kddejong in #3400
- Add Fn::Cidr as Fn::Join supported function by @kddejong in #3401
- Update CloudFormation schemas to 2024-06-25 by @github-actions in #3313
- Return resolution errors by @kddejong in #3402
- Don't issue dynamicref issues in other fns by @kddejong in #3404
- Greatly simplify
FindInMapresolution by @kddejong in #3406
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.3.4...v1.3.5
- Clean up errors in the schemas by @kddejong in #3375
- Relax E3041 to support DNS root records by @jakob-keller in #3377
- Allow
AllowedPatternwith AWS type parameters by @kddejong in #3388 - Default fn validator context will be not strict type checking by @kddejong in #3386
- Update IAM resource ARN patterns by @kddejong in #3389
- Update resolution validation to only return an error if there are no valid values by @kddejong in #3390
- Better resolution of mappings in transform by @kddejong in #3392
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.3.3...v1.3.4
- Remove rule setting in
PropertyNamesrule by @kddejong in #3365 - update logic in rule E3686 by @kddejong in #3367
- Patch
AWS::Glue::SecurityConfigurationand other resource issues by @kddejong in #3371 - Parameter of
List<Number>can have an integer default by @kddejong in #3372 - Better comparison of json schema types for cfn usage by @kddejong in #3373
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.3.2...v1.3.3
- Switch max condition logic to attemptes over returned by @kddejong in #3359
- Update maintenance job to get data from boto by @kddejong in #3361
- Update md5 creation to work better on FIPS compliant OSes by @kddejong in #3362
- Add in awslogs-create-group to ECS task logging by @kddejong in #3363
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.3.1...v1.3.2
- Update some docs by @kddejong in #3314
- Update policy can have non strict types by @kddejong in #3315
- Add AWS::SSM::Parameter::Value to use AllowedPattern by @kddejong in #3332
- Allow
Fn::GetAttto be an array in Join by @kddejong in #3333 - Skip empty strings in action validation by @kddejong in #3337
- Don't validate dynamic references inside fn by @kddejong in #3335
- Only escape type checking for pkg params when strict types is false by @kddejong in #3338
- Remove additionalItems in prefix validation by @kddejong in #3339
- Remove pattern from tag key/value validation by @kddejong in #3341
- Add logic to ImageId format for SSM by @kddejong in #3340
- Remove Refs to yourself in Fn::Sub by @kddejong in #3342
- Update resource pattern for policy validation by @kddejong in #3343
- Update logic on GetAtts for resources that have all attrs by @kddejong in #3344
- Allow capital letters for rule W3687 by @kddejong in #3345
- Skip getatt validation with custom resources by @kddejong in #3346
- Remove AWS::EC2::LaunchTemplate requiredXor value for data by @kddejong in #3347
- Update Null conditions to be scalar or singular by @kddejong in #3349
- Condition satisfaction checks to raise error when unknown by @kddejong in #3350
- Remove / as valid escape in yaml by @kddejong in #3331
- Update CodeBuild::Project FilterGroup types by @kddejong in #3351
- Update SQS MessageRetentionPeriod minimum by @kddejong in #3355
- Backwards compatiblity for cloudformation-cli module validation by @kddejong in #3354
- Allow OAI IDs in IAM policies by @kddejong in #3357
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.3.0...v1.3.1
- Allow IAM principal to be str or a list by @kddejong in #3306
- Update CloudFormation schemas to 2024-06-18 by @github-actions in #3309
- Array of strings are allowed as output value types by @kddejong in #3312
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.2.5.a11...v1.3.0
- Update CloudFormation schemas to 2024-06-17 by @kddejong in #3299
- Cleanup rule pytest logic to make life easier by @kddejong in #3285
- Cleanup
cfn_pathgeneration by @kddejong in #3287 - Add error catching to better handle rule issues by @kddejong in #3289
- Fix an issue with SSM params for ForEach by @kddejong in #3294
- V1 - more typing and cleanup by @kddejong in #3296
- Update resolver logic to see if parameter will result in applied conditions still being valid by @kddejong in #3303
- Update rule W2531 to validate when the specified runtime is deprecated by @kddejong in #3304
- Update rule E2531 to validate when you can no longer create a lambda function with the specified runtime by @kddejong in #3304
- Create rule E2533 to validate when you can no longer update a lambda function with the specified runtime by @kddejong in #3304
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.2.5.a10...v1.2.5.a11
- Update CloudFormation schemas to
2024-06-07by @kddejong in (pull #3249) - Add rule E3040 to validate a developer isn't using a read only property by @kddejong in (pull #3275)
- Add AWS custom
formattypesAWS::EC2::SecurityGroup.GroupId,AWS::EC2::SecurityGroup.GroupNameby @kddejong in (pull #3274) - Add AWS custom
formattypesAWS::EC2::VPC.Id,AWS::EC2::Image.Idby @kddejong in (pull #3271) - Break resolver functionality into its own package by @kddejong in (pull #3271)
- Remove
awsTypeand convert them tocfnLintkeyword by @kddejong in (pull #3262)
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.2.5.a9...v1.2.5.a10
- Update CloudFormation schemas to 2024-05-14 by @kddejong in (pull #3234)
- Upgrade more rules to v1 by @kddejong (pull #3243), (pull #3237), (pull #3222)
- Enumerate FindInMap when can't be resolved (pull #3247)
- Cleanup Rules from
__init__by @kddejong (pull #3235) - Add ability for child rule to claim who their parent is by @kddejong (pull #3231)
- Make
cfnLintkeyword dynamic by @kddejong (pull #3225) - Remove rule E2504 and add back in E3671 by @kddejong (pull #3220)
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.2.5.a8...v1.2.5.a9
- Update CloudFormation schemas to 2024-05-03 by @kddejong in (pull #3192)
- Fix issue in I3013 with multiple resources (#) by @kddejong (pull #3212)
- Allow
Fn::Transforminside aFn::Sub(pull #3213)
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.2.5.a7...v1.2.5.a8
- Update CloudFormation schemas to 2024-04-24 by @kddejong in (pull #3159)
- Fix config of regions in TemplateRunner by @kddejong in (pull #3164)
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.2.5.a6...v1.2.5.a7
- Add a bunch of DynamoDB rules and schema changes by @kddejong in (pull #3133)
- Don't support resources in a FindInMap by @kddejong (pull #3120)
- Create rules W3689 and W3688 to do validation of AWS::RDS::DBCluster by @kddejong (pull #3118)
- Create rules E3660 to do validation of Rest API configuration with OpenAPI by @kddejong (pull #3117)
- Update specs to 2024/04/15 (pull #3146)
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.2.5.a5...v1.2.5.a6
- Show all errors in a validation schema by @kddejong in (pull #3097)
- Remove
descriptionfrom schemas (pull #3094) - Update specs to 2024/03/14 (pull #3094)
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.2.5.a4...v1.2.5.a5
- New rules for RDS DBCluster E3692,E3694,E3694 by @kddejong in (pull #3094)
- New rule E3689 to validate DBCluster monitoring config by @kddejong in (pull #3089)
- New rule W4005 to validate cfn-lint config in metadata @kddejong in (pull #3088)
- Update specs to 2024/03/11 (pull #3094)
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.2.5.a3...v1.2.5.a4
- Increased validation of dynamic references by @kddejong in (pull #3064)
- Increased GetAtt and Sub typing support by @kddejong in (pull #3075)
- Add requiredXor for CloudFront distribution cache behavior by @kddejong in (pull #3078)
- Update specs to 2024/02/28 (pull #3081)
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.2.5.a2...v1.2.5.a3
- Set Application location when its a string by @kddejong in (pull #3060)
- Add getatt support for registry schemas by @kddejong in (pull #3061)
- Remove some extra unneeded code by @kddejong in (pull #3062)
- Remove rule W1011 (pull #3055)
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.2.5.a1...v1.2.5.a2
- Fix an issue when determining if it is supposed to be nested
json@kddejong (pull #3050) - Fix an issue where Resource
Typevalidation was happening twice @kddejong (pull #3050)
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.2.4.a1...v1.2.5.a1
- Switch from
awsTypetocfnLint@kddejong - Update rule to W3037 for json schema based validation @kddejong
- Update rule E3025 to validate RDS instance class by license @kddejong
- Remove need for
sub_node
Full Changelog: https://github.com/aws-cloudformation/cfn-lint/compare/v1.2.3.a1...v1.2.4.a1
- Add rule E3019 to validate primaryIdentifiers are unique (pull #3023)
- Add rule E3687 to validate ToPort and FromPort (pull #E3026)
- Add rule W3687 to validate ToPort and FromPort (pull #E3026)
- Add rule E3688 to validate both ToPort,FromPort are -1 (pull #E3026)
- Add rule E3021 for validate tagging values (pull #3031)
- Update
ResourcePathpatternto check for starting/(pull #3019)
- Handle refs in REF type checks (pull #3024)
- Ignore_checks was being ignored when the rule was a parent (pull #3032)
- Additional GetAtt support for non registry resources (pull #3027)
- Add rule E3046 to validate ECS log config when AWS (pull #2990)
- Add
dependentExcludedkeyword to json schema validation (pull #3002) - Add
requiredXorkeyword to json schema validation (pull #2997) - Add
requiredOrkeyword to json schema validation (pull #2997) - Add
uniqueKeyskeyword to json schema validation (pull #2992)
- Make context more effecient (pull #3007)
- Pass through all errors from `Fn::If`` (pull #2583)
- Redo AWS::CloudFormation::Init validation (pull #2583)
- Redo runner logic and keep backwards compatibility of the API (pull #2583)
- Fix
FnGetAttto better validate GetAtt types against JSON Schemas (pull #2583)
- Convert Outputs, Parameters, and Mappings validationg to JSON Schema rules (pull #2583)
- Update CloudFormation schemas from 2023/11/13 (pull #2583)
- Update CloudFormation schemas from 2023/06/21 (pull #2774)
- Move required field for lambda eventsource mappings (pull #2775)
- Internalize json schema work and customize for CloudFormation purposes (pull #2730)
- Fix an issue where disabled rules will result in an error (pull #2739)
- Fix an issue where GetAtts of arrays are dropped (pull #2740)
- Switch to pyproject.toml and pre-commit for lint (pull #2749)
- Move
cfnSchemainto patching as needed (pull #2752) - Rework how we handle CloudFormation functions (pull #2760)
- Rewrite JSON schema validators to better handle CloudFormation functions (pull #2730)
- Fix an issue when the resource type isn't available for an output (pull #2730)
- Update JSON schema for resource configuration to handle Language Extensions for
DeletionPolicy(pull #2730) - Update condition logic to include resource level conditions (pull #2737)
- Test schemas and patch as needed (pull #2725)
- Large rewrite and simplification to JSON Schema validation (pull #2606)
- Allow for integration the configuration of additional registry schemas (pull #2710)
- Validate schema configuration (pull #2708)
- Add in
enumvalues from botocore (pull #2705 and #2702) - Add many JSON schemas to provide additional validation (pull #2693 and #2687)
- Add json schema for CW Alarm period when in the AWS namespace (pull #2685)
- Include launch template security group schema (pull #2681)
- Update rule E3033 to include minLength (pull #2680)
- Fix packaging missing new json files (pull #2606)
- Large re-write to migrate from CloudFormation specs to CloudFormation resource provider schemas (pull #2606)
- Update CloudFormation specs to
172.0.0(pull #3181)
- Continue to walk the FindInMap components in transform (pull #3203)
- Fix an issue with refs in registry schemas (pull #3189)
- Add
AWS::Kinesis::Streamto be a stateful resource (pull #3188)
- Update CloudFormation specs to
171.0.0(pull #3160)
- When using a list param in foreach pass back select statements when no allowed value (pull #3176)
- Fix an issue with graphs and pydot and not quoting attrs (pull #3177)
- Update I3013 as read replicas don't need backup period (pull #3171)
- Change filenames to be OS specific paths (pull #3170)
- Update E8001 to validate null Condition section (pull #3169)
- Update CloudFormation specs to
170.0.0(pull #3149)
- Only pick up
.jsonfiles when using registry schemas (pull #3150) - Update IAM policy validation to not allow
ActionandNotAction(pull #3145) - Update IAM policy validation to not allow
PrincipalandNotPrincipal(pull #3145) - Update IAM policy validation to not allow
ResourceandNotResource(pull #3145)
- Update CloudFormation specs to
169.0.0(pull #3135) - Support
db2-aeanddb2-seRDS engines forAWS::RDS::DBInstance.Engine(pull #3139)
- Safely get
readOnlyProperties(pull #3141)
- Update CloudFormation specs to
168.0.0(pull #3127) - Remove
AWS::RDS::DBClusterfrom exclusive checks (pull #3119)
- When doing a transform pass back FindInMap when resolution failure (pull #3131)
- Update deprecated Lambda runtimes (pull #3113)
- Update CloudFormation specs to
165.0.0(pull #3092)
- RDS DB Cluster remove MasterUserPassword from exclusion with MasterUsername (pull #3106)
- fix an issue when searching for Ref in tojsonstring (pull #3107)
- Disable and configure certain rules when template is from CDK (pull #2971)
- Update CloudFormation specs to
163.0.0(pull #3076)
- Update CloudFormation specs to
162.0.0(pull #3069)
- Raise error if any key in a mapping is null (pull #3073)
- Add getatt support for registry schemas (pull #3061)
- Set Application location when its a string in SAM transform (pull #3060)
- Update CloudFormation specs to
160.0.0(pull #3054)
- Update CloudFormation specs to
158.0.0(pull #3039)
- Fix an issue with using SAM and a GetAtt (pull #3042)
- Update rule E3027 to validate rate periods (pull #3017)
- Add support new language extension foreach capabilities
&{parameter}(pull #3033) - Passthrough metadata into SAM translator (pull #3030)
- Switch to using path and resource names for directives (pull #3035)
- Update CloudFormation specs to
156.0.0(pull #3029)
- Update CloudFormation specs to
154.0.0(pull #3005) - Add db.serverless to neptune instance classes (pull #3009)
- Drop python 3.7 support (pull #3005)
- Update CloudFormation specs to
153.0.0(pull #2986)
- Remove rule E2506 which results in false positive (pull #3001)
- Return dict str_node when doing transform (pull #2996)
- Update CloudFormation specs to
151.0.0(pull #2969)
- Fix LanguageTransformer to better handle
Fn::GetAttdot notation inFn::Sub(pull #2974) - Update rule E2530 and I2530 to support regionality of the
SnapStartfeature (pull #2973)
- Update CloudFormation specs to
150.0.0(pull #2963) - Patch in
TargetObjectKeyFormatforAWS::S3::Bucket(pull #2966)
- Update CloudFormation specs to
149.0.0(pull #2951) - Add
KeyIDas a target forTargetKeyId(pull #2953)
- Update CloudFormation specs to include
python3.12(pull #2947)
- Update CloudFormation specs to
148.0.0(pull #2942) - Add in
LoadBalancerArntoLoadBalancerV2Arn(pull #2936)
- Update CloudFormation specs to
146.0.0(pull #2921)
- Update E3036 and E3035 to allow more FNs (pull #2928)
- Update I3037 to have exceptions
Command(pull #2927)
- Add rule E3045 to validate
AccessControls are specified when usingAccessControl(pull #2906) - Add rule W3045 to alert on usage of legacy capability
AccessControl(pull #2906)
- Update CloudFormation specs to
145.0.0(pull #2909)
- Add rule W2530 to warn when
SnapStartisn't configured correctly (pull #2905) - Add rule I2530 to warn when
SnapStartisn't configured on newer Java runtimes (pull #2905) - Add rule E2530 to error when
SnapStartis configured on an unsupported runtime (pull #2905)
- Update CloudFormation specs to
144.0.0(pull #2898)
- Update CloudFormation specs to
143.0.0(pull #2893)
- Update language transformation to pass through empty objects (pull #2899)
- Update rule E1017 to allow
Fn::Selectto allowFn::Select(pull #2900) - Update rule E2532 to support
ToleratedFailurePercentageandItemBatchertoMap(pull #2901)
- Update CloudFormation specs to
142.0.0(pull #2889)
- Update CloudFormation specs to
141.0.0(pull #2879)
- Update rule E2532 to include
CausePathandErrorPathkey types toFailstate (pull #2884) - Update rule E2520 to better match exclusive properties (pull #2886)
- Update CloudFormation specs to
140.0.0(pull #2870) - Add
OriginAccessControlIdtoOnlyOne(pull #2878)
- Allow
jsonschemato be from v3.0.0 to v5 (pull #2838)
- Update E3031 so all regex checks are run (pull #2873)
- Update E2520 to better skip properties we don't care about (pull #2875)
- Update CloudFormation specs to
139.0.0(pull #2865)
- Force regex to be at least 2022 for typing parameter (pull #2867)
- Update CloudFormation specs to
138.0.0(pull #2857)
- Fix
AWS::LanguageExtensionsto have regex escape for string replacement (pull #2862)
- Update CloudFormation specs to
136.0.0(pull #2848)
- Added
ItemReaderkey to StateMachineMapstate (pull #2850) - Update rule E2503 to allow network load balancers to use security groups (pull #2850)
- Allow for
RetainExceptOnCreateforDeletionPolicy(pull #2834) - Fix language extension transform to resolve foreach refs in Sub parameters (pull #2846)
- Fix language extension transform to allow
Fn::FindInMapto return arrays (pull #2845)
- Fix
AWS::Glue::Job.Nameto use string min/max instead of number min/max (pull #2831)
- Update schema to spec conversions to include include a default string minimum value of 0 if not specified (pull #2824)
- Update CloudFormation specs to
132.0.0(pull #2824)
- Fix
AWS::LanguageExtensionsto not empty out a hardcoded stringFn::FindInmapthat cannot be resolved (pull #2827)
- Fix
AWS::LanguageExtensionsto not fully resolveFn::FindInMapunless inFn::ForEachcollection (pull #2822) - Update
convert_dictto includeMarkinstead of tuple for default value (pull #2821)
- Fix
Conditionslogic to not crash on a condition that isn't found (pull #2814) - Update rule E1011 to better handle
Fn::FindInMapwithAWS::LanguageExtensions(pull #2814) - Update rule W2001 to better handle
RefwithAWS::LanguageExtensions(pull #2814)
- Fix
AWS::LanguageExtensionsregex for sub removal to handle pseudo parameters (pull #2812)
- Add support for
Fn::ForEachwhen usingAWS::LanguageExtensions(pull #2801)
- Add
testfunction to test conditions given a scenario (pull #2801)
- Update CloudFormation specs to
131.0.0(pull #2795) - Updated
DocumentDBEngineVersionAllowedValues(pull #2800)
- Update rule E1018 to flag splitting dynamic references (pull #2786)
- New rule W2533 to validate lambda zip deployment configuration (pull #2682)
- Supporting intrinsic function in
DeletionPolicyandUpdateReplacePolicy(pull #2784)
- Update CloudFormation specs to
130.0.0(pull #2783)
- Pin
jsonschemato be under4.18(pull #2792) - Fix using
include_experimentalin metadata (pull #2785) - Fix rule E1024 to better handle conditions (pull #2780)
- Large re-write to migrate from CloudFormation specs to CloudFormation resource provider schemas (pull #2606)
- Update CloudFormation specs to
127.0.0(pull #2763)
- Fix an issue with SSM patching (pull #2765)
- Update CloudFormation specs to
126.0.0(pull #2753)
- Fix usage of comments and new lines in custom rules(pull #2757)
- Update CloudFormation specs to
124.0.0(pull #2736) - Add
AWS::KMS::Keyto stateful resource list (pull #2751)
- Update CloudFormation specs to
121.0.0(pull #2723)
- Update CloudFormation specs to
120.0.0(pull #2714)
- Fix Conditions logic when checking a condition against a region. Now return True and False when the condition has no basis on region (pull #2721)
- Rebuild conditions inside the Template class when doing a Transform (pull #2721)
- Update CloudFormation specs to
119.2.0(pull #2703)
- GetAtt can return objects along with FindInMap (pull #2709)
- Add custom operators for regex, gt, lt (pull #2694)
- Update CloudFormation specs to
119.1.0(pull #2698)
- Update CloudFormation specs to
119.1.0(pull #2678) - Update allowed values for
AWS::RDS::DBInstance.PerformanceInsightsRetentionPeriod(pull #2696)
- Update CloudFormation specs to
119.0.0(pull #2660) - Patch
AWS::S3::Bucket.InventoryConfiguration.OptionalFieldsto includeChecksumAlgorithm(pull #2666) - Patch
AWS::Cognito::UserPool.UserPollTagsto be a map of strings (pull #2671)
- Update SAM translation to substitute for a sub in
CodeUri(pull #2661) - Update language extensions to validate if a ref is iterable before assuming it is (pull #2665)
- Update rule E3001 to consider a resource level condition when evaluating if the resource type exists (pull #2668)
- Update rule E3012 to validate if a map is actually a map (pull #2669)
- Update CloudFormation specs to
118.1.0(pull #2644)
- Fix an issue with Conditions when a
Fn::Equalshas a string that isn't in a ParametersAllowedValues(pull #2649)
- Update CloudFormation specs to
117.0.0(pull #2642)
- Fix SAM templates treated as normal by api (pull #2646)
- Update CloudFormation specs to
116.0.0(pull #2620) - Add string length for
AWS::WAFRegional::RegexPatternSet.RegexPatternStringsandAWS::WAFv2::RegexPatternSet.RegularExpressionList(pull #2637, (pull #2639)
- Read the default region from Env Vars (pull #2618)
- Update rule W2031, E3031, E3030, E3034, and E3033 to read
ValueTypesfromus-east-1whenCACHED(pull #2628)
- Update CloudFormation specs to
115.0.0(pull #2616)
- Update CloudFormation specs to
114.0.0(pull #2601) - Remove
AWS::Logs::LogGroup.RetentionInDaysAllowedValues(pull #2604)
- Update CloudFormation specs to
113.0.0(pull #2591)
- Updated condition logic to limit the number of conditions that are processed (pull #2598)
- Update CloudFormation specs to
112.0.0(pull #2580)
- Updated rule E2532 by adding
ItemProcessortoMap(pull #2577) - Relax
networkxdependency (pull #2584) - Validate sub string checks are strings before running regex in graph and template (pull #2589)
- Update SAM transform pre-work to include
DefinitionBodywhenDisableExecuteApiEndpointis specified (pull #2590)
- Patch back in
TargetRoleforAWS::RDS::DBProxyEndpoint(pull #2581)
- Update CloudFormation specs to
111.0.0(pull #2572) - Add region
ap-southeast-4(pull #2568) - Remove
AWS::RDS::DBClusterMasterUsernameandMasterUserPasswordfrom Inclusive (pull #2571)
- Update SAM Translator version based on the SAM CLI requirement (pull #2570)
- Update CloudFormation specs to
108.0.0(pull #2557) - Add
AWS::Organizations::AccounttoStatefulResources(pull #2560)
- Update CloudFormation specs to
107.0.0(pull #2546)
- Support
Fn::FindInMapenhancements when template is declared withAWS::LanguageExtensions(pull #2512)
- Update CloudFormation specs to
106.0.0(pull #2546)
- Update rule E1030 to include
Fn::FindInMapwhen usingFn::Length(pull #2547) - Update rule E3002 to allow a
Fn::GetAttfor an object (pull #2548) - Update rule E2532 to include current task properties (pull #2549)
- Update CloudFormation specs to
105.0.0(pull #2530)
- Use a clean copy of the
cli_valueeach time when merging config to avoid leaking config from one template to another (pull #2536)
- Update CloudFormation specs to
102.0.0(pull #2523)
- Update
Templatefunctionget_valid_getattsto better return None when a property type doesn't exist (pull #2527)
- Update rule E2015 to support the
AllowedValuesandAllowedPatternattributes forCommaDelimitedListparameters (pull #2521)
- Update CloudFormation specs to
101.0.0(pull #2517) - Update
get_valid_getattsto account for changes in the CloudFormation spec (pull #2520)
- Update CloudFormation specs to
100.0.0(pull #2493)
- Add
ap-south-2region (pull #2503)
- Rebuild the graph after doing the transform (pull #2502)
- Add more info into the graph including outputs and parameters(pull #2452)
- Make sure regex patterns with
\ware validating against ASCII (pull #2487)
- Reduce storage on disk by reducing regional specs to only have differences from
us-east-1spec (pull #2457)
- Update CloudFormation specs to
96.0.0(pull #2461)
- Fix an issue with junit/pretty formatter/core process to get all rules even on parse failure (pull #2462)
- Fix an issue when use stdin to pass a template and cfn-lint with parameters giving
E0000(pull #2470)
- Add support for Python 3.11 (pull #2463)
- Fix an issue with
--list-rulesfailing (pull #2466)
- Add rule W8003 to check if
Fn::Equalswill always be true or false (pull #2426) - Allow you to configure how exit codes work (pull #2436)
- Update CloudFormation specs to
95.0.0(pull #2440) - Remove check for string size of
Lambda::Function.Code.Zipfile(pull #2447)
- Update rule E3012 to validate bad functions (pull #2441)
- Update rule E3016 to make checks less restrictive (pull #2453)
- Updated string max value to
Lambda::Function.Code.Zipfileto 4MB (pull #2444)
- Update decode of yaml/json to report on all duplicates (pull #2428)
- Patch in
db.serverlessintoAWS::RDS::DBInstance.DBInstanceClass(pull #2430) - Added string max value to
Lambda::Function.Code.Zipfile(pull #2431)
- Don't replace location for resource
AWS::Serverless::Applicationin SAM transform when its a string (pull #2425)
- Patch in
db.serverlessintoAWS::RDS::DBInstance.DBInstanceClass(pull #2424) - Update CloudFormation specs to
94.0.0(pull #2420)
- Ability to override location of the finding (pull #2410)
- Patch in
DBClusterResourceIdfor as an Attribute ofAWS::RDS::DBCluster(pull #2407) - Update CloudFormation specs to
93.0.0(pull #2409) - Update
AllowedPatternRegexforAWS::CloudWatch::Alarm.MetricDataQuery.Id(pull #2414 - Add GetAtt to AWS::KMS::ReplicaKey.Arn for KmsKey.Arn (pull #2417)
- Support child rules allowing rules to add another rule in their match responses (pull #2393)
- Update CloudFormation specs to
92.0.0(pull #2399)
- Update CloudFormation specs to
91.0.0(pull #2392)
- Update E8003, E1018, E1019 to allow
Fn::ToJsonStringinsideEquals,Split, andSub(pull #2397) - Update I3013 to allow https and s3 (pull #2394)
- Update CloudFormation specs to
90.0.0(pull #2376) - Add in allowed values for oracle cdb engine types to
AWS::RDS::DBInstance.Engine(pull #2381) - Add in allowd value
PredictiveScalingtoAWS::AutoScaling::ScalingPolicy.PolicyType(pull #2378)
- Update W3002 to validate values aren't already S3 paths (pull #2382)
- Update I3013 to not regex check if a function (pull #2386)
- Update CloudFormation specs to
89.0.0(pull #2366) - Add support for
customRDSEnginetypes on resource typeAWS::RDS::DBInstance(pull #2370) - Remove extra spacing in specs reducing overall size (pull #2371)
- Update
AllowedValuesforRetentionInDayson resource typeAWS::Logs::LogGroup(pull #2372)
- Add
--forceoption on--update-specsso cache isn't used (pull #2334) - Add support for Python 3.10 (pull #2365)
- Update CloudFormation specs to
88.0.0(pull #2361)
- Add in
mypytesting and do a bunch of cleanup based on the results (pull #2328) - Update rule I1022 to not suggest
Fn::Subon complextFn::Joins (pull #2364)
- Make
me-central-1ExtendedSpecsa module (pull #2359)
- Update
jsonschemato be able to use version 3.0 and 4.0 (pull #2336) - Remove support for python 3.6 and add python 3.9 (pull #2347)
- Disable the SAM validation checks when transforming a template (pull #2350)
- Patch in attributes for
AWS::RDS::DBCluster(pull #2344)
- Update CloudFormation specs to
86.0.0(pull #2335)
- support for AWS::LanguageExtensions transform features including DeletionPolicy, UpdateReplacePolicy, Fn::Length and Fn::ToJsonString docs (pull #2339)
- Add rule E1030 to validate Fn::Length is configured correctly (pull #2339)
- Add rule E1031 to validate Fn::Length is configured correctly (pull #2339)
- Fix an issue with
RulesCollectionin which configurations would carry over between templates (pull #2331) - Add used rules into
RulesCollectionso we can print all the used rules in JUnit and Pretty formatting (pull #2330) - Update error message on E3002 (pull #2059)
- Update error description on E1020 (pull #2329)
- Update CloudFormation specs to
83.0.0(pull #2316)
- Update rule I3100 have proper path to resource (pull #2309)
- Update rule E2503 by removing
AllowedValuesforAWS::ElasticLoadBalancingV2::LoadBalancer.LoadBalancerAttribute(pull #2184) - Update rule E3002 to include
<CommaDelimitedListin SSM parameters (pull #2320) - Update rule I3013 to not flag on Aurora instances (pull #2317)
- Update CloudFormation specs to
81.1.0(pull #2308)
- Update CloudFormation specs to
81.0.0(pull #2306) - Add
AWS::EC2::KeyPairas aReffor the value typeKeyPair(pull #2305)
- Update CloudFormation specs to
78.1.0(pull #2292)
- Add
utf-8encoding to allopencalls (pull #2298)
- Update CloudFormation specs to
76.0.0(pull #2282)
- Suppress
PendingDeprecationWarningforpydotin thepygraphvizpackage (pull #2289) - Update descriptiosn on rule E1021, E1015, E1016, E1020, and E1017 (pull #2284)
- Update rule E3033 to ignore dynamic references for string length (pull #2281)
- Update CloudFormation specs to
73.1.0(pull #2275) - Add
AWS::OpenSearchService::Domain.AccessPoliciesto IAM rules (pull #2269)
- Reduce the calculated scenarios used when conditions match and one condition has many variants (pull #2277)
- Update SARIF output to point to the general "Rules" documentation when a rule doesn't specify a
source_url(pull #2276)
- Update CloudFormation specs to
72.0.0(pull #2272)
- Don't allow regex expressions that result in a warning (pull #2272)
- Move null checks from the parsing engine into rules (pull #2242)
- Add rule E4002 to validate metadata config (pull #2242)
- Update rule E2001 to error on null values (pull #2242)
- Update rule E3012 to validate for null values in properties (pull #2242)
- Update CloudFormation specs to
69.0.0(pull #2261)
- Update CloudFormation specs to
66.1.0(pull #2255)
- Lambda runtime deprecation updates (python3.6) (pull #2252)
- Update rule E3002 to consider a list as valid JSON (pull #2253)
- Update
aws-sam-translatorto1.45.0(pull #2245) - Remove dependency on
six(pull #2204) - New rule E3504 to validate resources with
AWS::Backup::BackupPlan. The propertyDeleteAfterDayscannot be less than 90 days fromMoveToColdStorageAfterDays(pull #2230)
- Update CloudFormation specs to
66.0.0(pull #2245)
- Update CloudFormation specs to
61.0.0(pull #2232)
- Update SAM Transform pre work to add
ImageUriwhen usingImageasPackageTypeinAWS::Serverless::Function(pull #2236)
- Update CloudFormation specs to
59.0.0(pull #2225) - Remove allowed values for
AWS::Config::ConfigurationRecorder.ResourceTypes(pull #2231)
- Wrap creating a YAML map with try/except and create lint error on failure (pull #2226)
- Update CloudFormation specs to
58.0.0(pull #2217)
- W2506: Avoid false positives when using a
Refagainst a resource (pull #2210) - E3502: Blank out functions in JSON size check to prevent false positives (pull #2222)
- Update CloudFormation specs to
56.0.0(pull #2207)
- Update rule E3020 to validate that TTL isn't added for Alias records (pull #2195)
- Remove imports to
pathlib2with deprecation of Python 2.7, 3.4, and 3.5 (pull #2205) - Improvements to json parsing code (pull #2199)
- Update CloudFormation specs to
54.0.0(pull #2202)
- Fix an issue checking values of
falsein custom rules (pull #2208)
- EOL of Python 2.7, 3.4, and 3.5 support (pull #2195)
- Update CloudFormation specs to
53.0.0(pull #2196) - Fix an issue with rule E2001 to allow string parameter constraints for all AWS specific types (pull #2193)
- Update
aws-sam-translatorto1.42.0(pull #2183)
- Update CloudFormation specs to
50.0.0(pull #2180)
- Update CloudFormation specs to
49.0.0(pull #2178) - Expand
StatefulResourcesto includeAWS::OpenSearchService::Domain(pull #2179) - Add
AWS::EKS::Cluster.ClusterSecurityGroupIdtoGetAttlist ofAWS::EC2::SecurityGroup.NameOrGroupId(pull #2177)
- Update CloudFormation specs to
48.0.0(pull #2170) - Add
AWS::OpenSearchService::Domainto be in the list forEnableVersionUpgrade(pull #2174)
- Update
aws-sam-translatorto1.40.0(pull #2165)
- Update CloudFormation specs to
47.0.0(pull #2164)
- Switching logging level for
samtranslatortoCRITICAL(pull #2168)
- Adds support for outputting results in SARIF (pull #2126)
- Update CloudFormation specs to
46.0.0(pull #2158)
- Update CloudFormation specs to
45.0.0(pull #2153) - Add
AWS::DynamoDB::GlobalTabletoAWS::Lambda::EventSourceMapping.EventSourceArn(pull #2151) - Expand stateful resource types to include
AWS::SecretsManager::Secret(pull #2154)
- Add
InstanceRefreshto allowed values forSuspendProcessesin rule E3016 (pull #2160) - Strip conditions completely from
CodePipelinedefinitions in rule E2541 (pull #2152)
- Update CloudFormation specs to
44.0.0(pull #2124) - Update
AllowedValuesforAWS::CloudTrail::Trail.DataResourceType(pull #2134)
- Add support for
Fn::Ifinside rule E1024 (pull #2140) - Update
aws-sam-translatorto1.39.0(pull #2129)
- Update CloudFormation specs to
41.2.0(pull #2119)
- Update
Serverless/ManagedPolicies.jsonand create automation to keep it up to date going forward (pull #2116)
- Update default configuration on rule E3012 to no be strict (pull #2103)
- Add rule E3043 to validate nested stack parameters (pull #2074)
- Update CloudFormation specs to
41.0.0(pull #2111) - Add
AWS::KMS::ReplicaKeyas aRef/GetAttforAWS::KMS::Alias.TargetKeyId(pull #2110)
- Update resource specs to
40.1.0(pull #2105) AWS::ElasticLoadBalancingV2::LoadBalancer.LoadBalancerAttributeAllowedValuesexpansion (pull #2101)
- Update
aws-sam-translatorto1.38.0(pull #2082) - Signal the end of life for Python 3.5 (pull #2052)
- Allow configuration of top level sections in rule E1001 (pull #2090)
- Update resource specs to
39.8.0(pull #2087) - Add
StringMaxtoAWS::SNS::Topic.TopicName,AWS::IAM::Role.Name,AWS::SNS::Topic.TopicName,AWS::Lambda::FunctionpropertiesHandler,Description,FunctionName, andAWS::Lambda::LayerVersionpropertiesLayerName(pull #2089)
- Update
RetentionPeriodHoursforAWS::Kinesis::Streamto8760(pull #2071) - Expand
expanding likely_stateful_resource_typesto includeAWS::DynamoDB::GlobalTable(pull #2079)
- End support for Python 3.4 (pull #2048)
- New rule I3013 to validate retention period settings on applicable resources (pull #2054)
- Update resource specs to
39.3.0(pull #2047)
- Update
ManagedPolicies.jsonto includeAWSLambda_FullAccessandAWSLambda_ReadOnlyAccess(pull #2062) - Fix a warning in setuptools with
description-fileneeded to bedescription_file(pull #2051) - Update the
schema.jsonfor.cfnlintrcfiles to have the correct format forcustom_rules(pull #2055) - Update rule E1029 to
notlook atTemplatyBodysince it can be a nested template (pull #2057) - Update rule E3012 to think of a list as json (pull #2067)
- A new sub class to make working with
Fn::Subeasier (pull #2003)
- Update resource specs to
39.1.0(pull #2044)
- Fix an issue with
networkxpackage nesting in the graph function (pull #2035) - Update rule E1029 to only alert when the value found is a parameter or a resource (pull #2031)
- Update rule E2507 to validate resource configuration in an IAM policy (pull #2023)
- Update
aws-sam-translatorto1.36.0(pull #2027)
- Update resource specs to
37.1.0(pull #2012) - Update Lambda EOL for
dotnetcore2.1(pull #2015) - UPdate Lambda EOL for
nodejs10.xandruby2.5(pull #2033)
- Fix an issue with rule E7003 when a
Fn::Transformwas in a mapping (pull #2017) - Fix an issue when finding duplicate keys where the 2nd error wasn't to the key (pull #2011)
- Update resource specs to
35.2.0(pull #1998)
- Update resource specs to
35.0.0(pull #1986) - Patch in Glue resources into
us-gov-west-1(pull #1993)
- Require pyyaml to be at least
5.4for versions of Python that support it (pull #1992) - Update
aws-sam-translatordependency to be at least1.35.0(pull #1991) - Update rule W1001 to not validate
Globalswhen looking at Refs and GetAtts (pull #1989)
- Update resource specs to
33.0.0(pull #1981) - Remove
AWS::AmazonMQ::Broker.EngineVersion AllowedValuesfrom manual upkeep based on amount of change (pull #1975)
- Update rule E3502 to convert strings into json before checking the size of the json (pull #1982)
- Update rule E2504 to check for Iops when type is
io1orio2(pull #1978)
- Update resource specs to
32.0.0(pull #1962) - Add
AWS::Kinesis::StreamConsumeras a REF forAWS::Lambda::EventSourceMapping.EventSourceArn(pull #1961)
- Add regex pattern for
AWS::CloudWatch::Alarm.MetricDataQueryId(pull #1948)
- Update update IAM policies to not fail on changing upstream IAM policies (pull #1954)
- Switch RegexDict to only string match based on if the type is Module (pull #1956)
- Allow writing of custom rules in plain text (pull #1702)
- Update resource specs to
31.1.0(pull #1942)
- Update resource specs to
31.0.0(pull #1939) - Only flag rule I3042 when the ARN is inside a
Fn::Sub(pull #1928)
- Update resource specs to
30.1.0(pull #1936) - Add
AnalyticstoAWS::CDK::Metadata(pull #1937) - Patch in
OutputsintoAttributesforAWS::ServiceCatalog::CloudFormationProvisionedProduct(pull #1934)
- Add rule I3042 to check for hardcoded partitions, account IDs, and regions in an ARN (pull #1805)
- Allow for merging of list configurations using
--merge-configs(pull #1915)
- Update resource specs to
30.0.0(pull #1911) - Add Kinesis Data Firehose to permitted SNS subscription protocols (pull #1924)
- Changed DMS endpoint engine name for
DocumentDBtodocdb(pull #1920)
- Update rule E2532 to add
ResultSelectorfield to Task, Parallel & Map in step functions (pull #1912) - Update rule E1017 to add
Fn::Selectto allowed value in index field ofFn::Select(pull #1922)
- Update resource specs to
28.1.0(pull #1905)
- Update
aws-sam-translatorto1.34.0(pull #1910) - Return two errors when finding duplicates in the decode phase (pull #1900)
- Get value constraints from AWS CloudFormation registry types (pull #1867)
- Update resource specs to
28.0.0(pull #1899)
- Update resource specs to
27.0.0(pull #1892)
- Fix an issue with rule E3037 when certain types aren't serializable and forcing them to strings (pull #1887)
- Update resource specs to
26.0.0(pull #1884)
- Fix an issue when directives are checked and resources aren't a dict (pull #1877)
- Update resource specs to
25.0.0(pull #1873)
- Update resource specs to
24.0.0(pull #1863) - Update
AWS::DataBrew::Recipe.ActionParametersTypetoMap(pull #1871)
- Fix an issue when we parse a json string in E2507 and used the parsed json to append to the location (pull #1864)
- Update spec files as of 2021.01.08 (pull #1846)
- Update
AWS::Lambda::Function.MemorySizeto new service limits (pull #1858)
- Replace
ContentUrito a s3 path when doing a SAM transform (pull #1853) - Add
RouteSelectionExpressionto exludes on rule E1029 (pull #1852) - Remove newlines from parseable format messages (pull #1854)
- Expand Allowed Values for
AWS::AmazonMQ::Broker.EngineVersion(pull #1841) - Update spec files as of 2020.12.30 (pull #1831)
- Update
AWS::Lambda::EventSourceMapping.EventSourceArnto allowStreamARNandConsumerARN(pull #1850)
- Reinitialize E3022 on every template (pull #1848)
- Update rule E3008 to allow for lists in getatt allowed values (pull #1850)
- Reinitialize the limits in rule E3021 (pull #1834)
- Add
registry_schemasto be supported in the.cfnlintrc(pull #1836)
- Cache all rules to speed up reloading rules when scanning multiple templates (pull #1789)
- Update FSx Storage Capacity to a minimum of 32 (pull ##1827)
- Update spec files as of 2012.12.14 (pull #1821)
- Loosen version requirements for python package six (pull #1825)
- Add support to validate private types from the CloudFormation Registry (pull #1732)
- Update allowed values for AWS::DocDB::DBCluster.EngineVersion (pull #1810)
- Updated specs as of 2020.12.3 (pull #1804)
- Fix an issue with RegexDict to return the longest matched value (pull #1815)
- Fix rule E3008 to not fail when using
AWS::ServiceCatalog::CloudFormationProvisionedProductOutputs(pull #1809) - Loosen version constraints on
importlib_resources(pull #1808)
- Add support for modules (pull #1800 and pull #1801)
- Colored Output and Pretty Formatting (pull #1742)
- Update CloudFormation specs to 21.0.0 (pull #1799)
- Patch AWS::EC2::CarrierGateway for Tags (pull #1790)
- Make sure types are strings before assuming they are (pull #1791)
- Add all for certain availability zone items (pull #1798)
- Remove rules W2509, E2004, E2505, E2510 and move logic to rules E3030, E3031, and E3008 (pull #1750)
- Remove rule E2530 and move logic to W2030 and E3030 (pull #1749)
- Remove rule E3028 and move logic to E3018 (pull #1769)
- Remove rule E3029 and move logic to E3018 (pull #1770)
- Remove rule E3024 and move logic to E3018 (pull #1771)
- Update rule E3002 to error when a singular function is used when a list is needed (pull #1773)
- Update dates for Python 2.7 Lambda runtime support (pull #1777)
- Update rule E2503 to include more attributes for application load balancers and protocols (pull #1783 and pull #1784)
- Update CloudFormation specs to 20.3.0 (pull #1781)
- Expand Allowed Values for
AWS::AmazonMQ::BrokerEngineVersion(pull #1778)
- Update rule E2529 to allow for two subscriptions per log group (pull #1767)
- Allow SAM translation for
AutoPublishAliasinGlobals(pull #1768) - Allow numbers and booleans when doing a
Fn::Subparameter (pull #1774)
- Add rule E3017 to validate when properties are required based on a value of another property (pull #1746)
- Add rule E3018 to validate when properties are unwanted based on the value of another property (pull #1759)
- Remove rule E3040 and replace with rule E3031 (pull #1754)
- Remove rule E3023 and replace with rule E3017 (pull #1758)
- Update CloudFormation specs to 20.0.0 (pull #1760)
- Add allowed values for
AWS::Lambda::EventSourceMapping(pull #1748)
- Allow ignoring of E0000 and E0001 (pull #1580)
- Update rule E3005 to include resource based conditions (pull #1738)
- Update template limits to new standards (pull #1747)
- Update CloudFormation specs to 19.0.0 (pull #1751)
- Add
ap-northeast-2dto the list of approved Availibility Zones (pull #1739) - Add AllowedValues to
AWS::CloudFormation::StackSet.PermissionModelfrom botocore (pull #1741)
- Expand
likely_stateful_resource_typesfor explicit UpdateReplacePolicy/DeletionPolicy rule I3011 to includeAWS::SQS::Queue(pull #1736)
- Update CloudFormation specs to 18.7.0 (pull #1734)
- Update CloudFormation specs to 18.6.0 (pull #1726)
- Add
AllowedValuesforAWS::DMS::Endpoint.EngineName(pull #1725)
- Update CloudFormation specs to 18.5.0 (pull #1715)
- Get
AllowedValuesfrom Botocore during--update-specs(pull #1682) - Add string length requirements for
AWS::Config::ConfigRule.Description(pull #1712) - Patch
AWS::StepFunctions::Activityto includeNameand removeArn(pull #1722)
- Fix an issue with rule
E3002to better handle when conditions are used at the root level of a list (pull #1714) - Update core node libraries to remove
Ref: AWS::NoValuefrom returned properties (pull #1716)
- Update CloudFormation specs to 18.4.0 (pull #1707)
- Add
ap-northeast-3toscripts/update_specs_services_from_ssm.py(pull #1703)
- Update rule E2541 to validate that input artifacts are output artifacts from a previous action and that output artifact names are unique in the pipeline (pull #1690)
- New rule E3007 to validate parameter and resource names are unique (pull #1698)
- Update CloudFormation specs to 18.3.0 (pull #1697)
- Expand
AllowedValuesforAWS::AmazonMQ::Broker.EngineVersionandAWS::Glue::Trigger.Condition.State(pull #1680, #1681)
- Expand
templated_exceptionsproperty types that require package command for rule E3002 and W3002 (pull #1684) - Pin pyrsistent to
0.16.0with Python versions less than3.5(pull #1693) - Fix an issue with SSM Spec patching that resulted in resource
PropertyTypesnot being added to the spec patches (pull #1696) - Update directives to use the resource name key as the start (pull #1692)
- Update CloudFormation specs to 18.1.0 (pull #1671)
- Expand
AllowedValuesforAWS::CloudFront::Distribution.MinimumProtocolVersion,AWS::Config::ConfigurationRecorder.ResourceTypes, andAWS::Glue::Connection.ConnectionInput.ConnectionType(pull #1661, #1664, #1673) - Add localzone
us-west-2-lax-1b(pull #1670)
- Update rule E2503 to include
routing.http.desync_mitigation_mode(pull #1660) - Update excludes for rule E1029 to include
ResponseMappingTemplate(pull #1667) - Update rule E1019 and E1010 to handle resource attributes of type
Map(pull #1659)
- Update CloudFormation specs to 17.0.0 (pull #1653)
- Fix ElasticMapReduce and ManagedBlockchain InstanceType patching (pull #1654)
- Include a regex pattern to check MetricValue is either a number or starts with
$(pull #1647) - Add more types to
AWS::ApplicationAutoScaling::ScalingPolicy.PredefinedMetricSpecification.PredefinedMetricType(pull #1652) - Add more values to
AWS::Lambda::Function.Runtime(pull #1651 and pull #1649) - Add more values to
AWS::Budgets::Budget.BudgetType(pull #1643)
- Update rule E3031 to convert int or float to string before doing an allowed pattern match on it (pull #1647)
- Add exceptions to rule E1029 (pull #1646 and pull #1648)
- Update rule E8003 to look for string based parameters (pull #1640)
- Update CloudFormation specs to 16.3.0 (pull #1635)
- Update rule E3001 to catch when Resource
Typeis not a string (pull #1631) - Update rule E1029 to handle
${}in Step Function State Machines and Definition Substitutions (pull #1628) - Update rule W4002 to only look at
RefandSub(pull #1627)
- Update CloudFormation specs to 16.1.0 (pull #1622)
- Remove
AWS::EC2::LaunchTemplate.BlockDeviceMappingfromOnlyOne(pull #1617) - Add more
AllowedValuestoAWS::Glue::Trigger.Predicate.Logical(pull #1616) - Add more
AllowedValuestoAWS::ApplicationAutoScaling::ScalingPolicy.PredefinedMetricSpecification.PredefinedMetricType(pull #1604) - Add more
AllowedValuestoAWS::S3::Bucket.TopicConfiguration.Event(pull #1606) - Add more
AllowedValuestoAWS::EC2::CapacityReservation.InstancePlatform(pull #1605) - Fix an issue for applying
AllowedValuestoAWS::RDS::DBInstance MonitoringIntervalandPerformanceInsightsRetentionPeriod(pull #1607) - Fix an issue for applying
MaximumandMinimumtoAWS::ElasticLoadBalancingV2::ListenerRule.Priority(pull #1608)
- Upgrade SAM Translator to v1.25.0 (pull #1594)
- Update CloudFormation specs to 15.3.0 (pull #1600)
- Update CloudFormation specs to 15.1.0 (pull #1593)
- Add additional allowed values for
AWS::SecretsManager::SecretTargetAttachment.TargetType(pull #1573) - Add property types for
AvailabilityZonein theAWS::DMS::ReplicationInstanceandAWS::EC2::Subnetresources (pull #1585) - Expand allowed values for
AWS::CodeBuild::Project.Environment.Type(pull #1589)
- Update rule E2004 to not check AllowedValues when the Type is
AWS::SSM::Parameter::Value<String>(pull #1571) - Update Transform logic to not update DefinitionUri to S3 when not using DefinitionUri originally (pull #1576)
- Upgrade SAM Translator to v1.24.0 (pull #1562)
- Warning messages for Python 3.4 and 2.7 (pull #1337)
- Add
--output-fileparameter to output the results into a file (pull #1511) - Remove usage of jsonpointer (pull #1546)
- Add rule E3042 that checks AWS::ECS::TaskDefinition.ContainerDefinition has at least one essential container (pull #1548)
- Update CloudFormation specs to 14.4.0 (pull #1555)
- Add allowed patterns and values for properties in
AWS::S3::Bucket.InventoryConfiguration(pull #1551)
- Update Transform logic to support local files for the state machine defintion (pull #1562)
- New rule E3041 to check if
HostedZoneNameis a super domain forName(pull #1483) - Update SAM Translator dependency to
1.23.0(pull #1536) - Move Template and Runner classes into their own files (pull #1523)
- Update CloudFormation specs to 14.3.0 (pull #1538)
- Add instance type allowed values to ElastiCache, Elasticsearch, ElasticMapReduce, ManagedBlockchain, GameLift, and AppStream (pull #1535 and #1541)
- Exempting resource types AWS::Serverless transform creates that violated rule W3011 (pull #1529)
- Add support for
.cfnlintrc.yamland.cfnlintrc.yml(pull #1504) - Add JUnit XML output format (pull #1506)
- Update CloudFormation specs to 14.2.0 (pull #1526)
- Update
AWS::AutoScaling::LaunchConfigurationSecurityGroupsto support GroupID and Names (pull #1505) - Add min max and allowed values for multiple WAFv2 rate rules
Limitrules (pull #1507)
- Add the ability to specify a config file using parameter
--config-file(pull #1462) - Speed up
--update-specsto not download files if they haven't updated (pull #1383)
- Add region
eu-south-1(pull #1496) - Add region
af-south-1(pull #1494) - Update CloudFormation specs to 14.0.0 (pull #1494)
- Add new Config supported types
AWS::SecretsManager::SecretandAWS::SNS::Topic(pull #1492)
- Update rule E1029 to have an exception for
RequestMappingTemplatein AppSync (pull #1488) - Update rule E1029 to have an exception for
ConnectionIDin API Gateway (pull #1493)
- Update Lambda runtimes to support
dotnetcore3.1(pull #1469) - Update DMS Engine approved values with multiple items (pull #1472)
- Add description allowed value regex to
AWS::EC2::SecurityGroupIngress/Egress (pull #1476) - Update CloudFormation specs to 13.0.0 (pull #1480)
- Set
importlib_resourcesto 1.4 for all Pythons except 3.4 (pull #1479)
- Update CloudFormation specs to 12.3.0 (pull #1464)
- Fix an issue when including
cfn-lintand needingnetworkx(pull #1458)
- Add
--build-graphparameter to create a graph of dependencies (pull #1411)
- Update CloudFormation specs to 12.1.0 (pull #1455)
- Add
found unknown escape characterto start of err problem to determine when to use json parsing (pull #1454)
- Update CloudFormation specs to 12.0.0 (pull #1448)
- Add region
ca-central-1d(pull #1447)
- Switch DB Instance Engine check from E3030 to E3040 so the comparison is case insensitive (pull #1441)
- Update CloudFormation specs to 11.6.0 (pull #1433)
- Add
ruby2.7to supported list of ruby runtimes (pull #1436)
- Update SAM Translator package to 1.21.0 (pull #1406)
- Update rule E3027 to check that either Day of Month or Day of Week is a question mark (pull #1405)
- New rule E3029 to check
AWS::RDS::DBInstanceAuroradatabases don't have certain properties (pull #1409) - Build a resource graph for checking circular dependencies (pull #1391)
- Update Exclusive and Only One specs to include additional rules around Security Group Rules (pull #1407)
- Update CloudFormation specs to 11.5.0 (pull #1416)
- Patch spec so that TTL is Long on Route53 Change Record Sets (pull #1417)
- Update CloudFormation specs to 11.4.0 (pull #1403)
- Properly display yaml parse errors when the error was a tab (pull #1402)
- Define an initial Docker file (pull #1361)
- Update CloudFormation specs to 11.2.0 (pull #1390)
- Add allowed values for
AWS::RDS::DBInstanceEngine(pull #1398)
- Update rule E3039 to properly filter down attributes before checking values (pull #1392)
- Update rule E1019 to not join GetAtt if they aren't strings (pull #1389)
- Consolidate region and spec information into singular item (pull #1357)
- Update CloudFormation specs to 11.1.0 (pull #1380)
- Patch specs from updated SSM and pricing data as of 2020.02.21 (pull #1380)
- Update AWS Config supported types to those active on 2020.02.20 (pull #1378)
- Update condition logic to return dict_node instead of the standard dict node (pull #1375)
- Fix
--update-specson Windows to have the appropriate seperator (pull #1371) - Update the documentation for
--update-documentation(pull #1374)
- Update decode node class to pass back an empty list when default is None and the key doesn't exist (pull #1364)
- Add rule E3028 to check that
ScalingConfigurationis only specified with Aurora databases (pull #1338) - Add rule E3039 to check that
AttributeDefinitionsmatchKeySchemas(pull #1284)
- Add
AFTER_7_DAYStoTransitionToIAas accepted value (pull #1352) - Update CloudFormation specs to 11.0.0 (pull #1355)
- Patch specs from updated SSM and pricing data as of 2020.02.15 (pull #1356)
- Add scripts to build an offline installer (pull #1307)
- Update CloudFormation specs to 10.5.0 (pull #1347)
- Patch specs from updated SSM and pricing data as of 2020.02.09 (pull #1348)
- Patch specs from updated SSM service data as of 2020.01.30 (pull #1339)
- Patch more wafv2 resources (pull #1343)
- Pin version of jsonpatch for Python 3.4 (pull #1336)
- Update CloudFormation specs to 10.4.0 (pull #1330)
- Update CloudFormation patches to include pricing and SSM data from 2020.01.20 (pull #1322)
- Add additional configuration checks to rule E2001 (pull #1301)
- Add additional configuration checks to rule E6001 (pull #1301)
- Move
ExportNamerequired fromOutputsin rule E6002 to E6001 (pull #1301) - Move checking for list in
OutputsValuein rule E6003 to E6001 (pull #1301) - Add rules I1002, I1003, I2010, I2011, I2012, I3010, I3011, I6010, I6011, I6012, I7010, I7011, I7012 to alert when approaching limits (pull #1271)
- Update CloudFormation specs to 10.3.0 (pull #1317)
- Patch wafV2 Resources in the CloudFormation spec (pull #1313)
- Update rules E6001, E6002, E6003 to filter out unneeded columns when processing conditions (pull #1316)
- Update rule E1029 to allow for exlusions in
NotResource(pull #1315) - Update rule E3020 to check for string types before doing regex (pull #1311)
- Move
AWS::S3::Bucket.RoutingRuleConditionproperties from OnlyOne to AtLeastOne (pull #1283) - Add
AWS::SSM::Parameter.Valueto theAWS::EC2::VPC.Idtype (pull #1288) - Add
CNAMEas an allowed value toServiceDiscoveryDnsType(pull #1296) - Patch
AWS::WAFv2::RegexPatternSet.RegularExpressionListremoving extra layer (pull #1300) - Add
LambdaProvisionedConcurrencyUtilizationas allowed value to Application Autoscaling Metric (pull #1303) - Add some exclusive attributes to
AWS::CloudWatch::AlarmforMetricsandThreshold(pull #1306)
- pyyaml has ended support for Python 3.4. Pin pyyaml to version 5.2 for Python 3.4 (pull #1290)
- Convert from using imp to importlib for python 3.x (pull #1292)
- Update
aws-sam-translatorto1.19.1(pull #1275)
- New rule I3011 to check stateful resources have a set UpdateReplacePolicy/DeletionPolicy (pull #1232)
- Update CloudFormation specs to 10.1.0 (pull #1255)
- Add
ALLOW_values toExplicitAuthFlows(pull #1261)
- Update rule W3011 to ignore W3011 if explicit DeletionPolicy/UpdateReplacePolicy value is Delete (pull #1253)
- Update rule E1029 to not alert when looking at Parameters (pull #1256)
- Update rule E2504 to allow for ephemeral(0-23) (pull #1260)
- Created a new
mandatory-checksparameter to require rules to be reported on and not ignored (pull #1243) - Allow using modules when doing
append-rules(pull #1216) - Add support for the new zone
us-west-2-lax-1a(pull #1241)
- Update CloudFormation specs to 10.0.0 (pull #1247)
EnableVersionUpgradeadded to the recognized values forUpdatePolicy(pull #1231)- Include
pathlib2in python 3.4 requirements (pull #1236) - Look at the top level Condition operator (pull #1235)
- Include more testing for using cfn-lint as a module (pull #1234)
- Update rule E2001 to look for required properties (pull #1227)
- Update rule E2503 to allow
routing.http.drop_invalid_header_fields.enabledfor application load balancers (pull #1220) - Update rule E1028 to check that Fn::If value is a list of length 3 (pull #1226)
- Change DocDB allowed EngineVersion value to 3.6.0 (pull #1213)
- Update rule E3002 to handle nested IFs when looking at lists (pull #1212)
- Update rule W2501 to only look at a Resource Properties (pull #1214)
- Add capacityOptimized to spot fleet allocation strategy (pull #1200)
- Update Lambda runtime options to be valid as of 2019.11.19 (pull #1204)
- Update allowed values for AWS Config types (pull #1197)
- Update CloudFormation specs to 8.1.0 (pull #1197)
- Add rule I1022 to recommend Sub over Join when join is using empty delimiter (pull #1067)
- Remove setuptools requirement (pull #1188)
- Update Lambda runtime versions EOL date (pull #1180)
- Update CloudFormation specs to 8.0.0 (pull #1187)
- Update Pricing and SSM data to 2019.11.08 (pull #1187)
- Update rule W2501 to include more properties to validate security of a parameter (pull #1181)
- Fix YAML parsing to not fail on merging and aliases (pull #1182)
- Fix an issue with SAM when CORS is present in pre-transformed template (pull #1185)
- Update rule W7001 to look at pre-transformed FindInMaps (pull #1186)
- Update CloudFormation specs to 7.2.0 (pull #1177)
- Update Pricing and SSM data to 2019.11.01 (pull #1177)
- Consolidate PSEUDOPARAMS into cfnlint.helpers (pull #1172)
- Update SAM Translator to 1.15.1 (pull #1166)
- Update CloudFormation specs to 7.1.0 (pull #1163)
- Update Pricing and SSM data to 2019.10.21 (pull #1163)
- Update rule E2532 to support parameters inside a map type (pull #1164)
- Update rule E2510 to allow SSM parameter types for CIDR blocks (pull #1162)
- Update CloudFormation specs to 6.3.0 (pull #1155)
- Update Pricing and SSM data to 2019.10.05 (pull #1155)
- Update Update CloudWatch alarm comparison operators (pull #1154)
- Update CloudFormation specs to 6.2.0 (pull #1145)
- Update Pricing and SSM data to 2019.09.28 (pull #1145)
- Remove manual patches that are no longer needed (pull #1146)
- Update CloudFormation spec links for a few regions that using old links (pull #1148)
- Update rule E3001 to allow
DeletionPolicyandUpdateReplacePolicyto be allowed on all resources (pull #1139) - Update rule W2030 to not check Paramter default values when using a Resource Condition (pull #1140)
- Update rule E2532 to allow new types in Step Functions (pull #1143)
- Add missing values for LifecyclePolicy API (pull #1128)
- Update CloudFormation specs to 6.1.0 (pull #1134)
- Update Pricing and SSM data to 2019.09.20 (pull #1134)
- Update E1029 to include cognito-identity keys to list of excluded resourse when checking if Fn sub is needed (pull #1136)
- Update CloudFormation specs to 6.0.0 (pull #1126)
- Update AWS::SQS::Queue.ReceiveMessageWaitTimeSeconds to allow 0 value (pull #1123)
- AWS::EC2::SecurityGroup.Description StringMin and StringMax should be integers (pull #1125)
- AWS::ApiGateway::GatewayResponse.ResponseType typo (pull #1126)
- Move rule classes from cfnlint into cfnlint.rules (pull #1098)
- Update IAM policies as of 2019.09.03 (pull #1120)
- Update CloudFormation specs from pricing and SSM data as of 2019.09.03 (pull #1120)
- Add a lot of min/max values to the specs (pull #1110 and pull #1116)
- Add me-south-1 to supported regions (pull #1113)
- Fix an issue where the spec file was referencing instance profiles for Glue Resources (pull #1114)
- Switch AWS Batch SpotIamFleetRole to Role Arn (pull #1111)
- Update CloudFormatin specs to 5.3.0 (pull #1108)
- Update CloudFormatin specs from pricing and SSM data on 2019.08.22 (pull #1104)
- Add 416 to the CloudFront Error Codes (pull #1100)
- Move a lot of types into separate files (pull #1074)
- Don't fail getting directives when resources are malformed (pull #1099)
- Add me-east-1 CloudFormation spec (pull #1095)
- Update CloudFormatin specs to 5.1.0 (pull #1093)
- Update spec patching from SSM and pricing to 2019.08.13 (pull #1093)
- Remove requests and switch to urllib(2) (pull #1093)
- Fix rule E3003 to not fail when running into a basic property in the CloudFormation spec (pull #1096)
- Update CloudFormation spec to version 5.0.0 (pull #1087)
- Remove Ref check from IAM Policy Name (pull #1087)
- Fix an issue where anything piped into cfn-lint would result in ignoring the templates parameter (pull #1081)
- Add support for regions cn-north-1 and cn-northwest-1 (pull #1051)
- Add rule E3027 to validate the format of AWS Event ScheduleExpression (pull #1028)
- Update SAM Translator support to release 1.13.0 (pull #1054)
- Extend rule W2509 and E2004 to check for more types of CIDR properties (pull #1058)
- Add Availability Zones for me-south-1 region (pull #1070)
- Update README to document using cfn-lint with github actions (pull #1072)
- Restructure some of the patching to make organization easier (pull #1030)
- Update specs from pricing and SSM data as of 2019.08.01 (pull #1078)
- Remove IAM::User Tags and move IAM::Role Tag support to regions where it works (pull #1077)
- Apply SAM Transform when template Transforms are a list (pull #1056)
- Fix an issue where templates provided via stdin where not getting linted (pull #1060)
- Fix rule E2015 to convert integers to string when testing min/max length (pull #1063)
- Update excludes for E1029 to include TopicRulePayload (pull #1066)
- Add ALL_REGIONS option for -r flag (pull #1026)
- Add SSM parameter type values to E2510 (pull #1036)
- Add allowed values for AWS::IAM Resources (pull #1027)
- Update CloudFormation spec to version 4.3.0 (pull #1048)
- Update specs from pricing and SSM data as of 2019.07.25
- Removed duplicate from list of Availability Zones (pull #1035)
- Fixed example regex in CIDR rule (pull #1029)
- Support for Serverless transform when it's in a list of one Transforms (pull #1042)
- Don't fail rules that include a Transform (pull #1041)
- Don't fail when AWS::NoValue used when we're looking for a list (pull #1039)
- Fixed E3002 to support AWS::NoValue (pull #1038)
- Added FindInMap as valid function within Fn::Cidr (pull #1034)
- Patch in
AWS::SageMaker::CodeRepositoryto the CloudFormation spec (issue #1005) - Patch in Tags into IAM Roles and Users (issue #1015)
- Update CloudFormation spec to version 4.2.0 (pull #1023)
- Update specs from pricing and SSM data as of 2019.07.13
- Add more Availability Zones (pull #1021)
- Patch in
AWS::Cognito::UserPoolresource information forap-south-1andap-southeast-1(issue #1002) - Remove manual patching for
AWS::Backup::BackupPlanresource information and fix a few spec issues (pull #1006) - Fix a few spec regex patterns that were missing escapes of
-inside[](issue #997) - Update pricing script to include bare metal instance types (issue #998)
- Create a regex pattern for IAM Policy Names (issue #996)
- Patch CloudFormation specs from SSM data on 2019.07.10
- Fix a warning when loading resources using a
\in the prefix (issue #1009)
- Add
INSTANCEtoDLMPolicyResourceTypeallowed values (pull #995) - Update specs from weird 4.1.0 release (pull #994)
- Update instance types and patches from SSM to date 2019.07.04 (pull #1001)
- Add all the allowed values of the AWS::EFS Resources (pull #990)
- Fix an issue where rules were being loaded twice (pull #980)
- Fix an issue with rule E1010 to split GetAtt strings into two values (issue #986)
- Update rules E8004, E8003, E8005, and E8006 to not flag functions used in Service Catalog rules section (issue #979)
- Patched testing for Lambda Runtime EOL and end dates to test as if a specific date (pull #999)
- Update specs to 4.1.0
- Added LaunchTemplateId/LaunchTemplateName of the AutoScalingGroup to the OnlyOne
- Patch resource AWS::EC2::LaunchTemplate property TagSpecifications
- Add AWS::EC2::LaunchTemplate property to LaunchTemplateName min/max/pattern
- Add AWS::EC2::LaunchTemplate allowed values for the ResourceType property
- Remove/Add services to region tables based on SSM endpoints
- Update JsonSchem to 3.0 to support the new version 1.12.0 of aws-sam-translator
- Update rule E2503 to allow NLBs to use UDP
- Update rule E3020 to include many special characters for DNS records
- Sort filenames when getting a bunch of templates from a folder
- Fix typos in the integration documentation
- Update specs to 3.4.0
- Add all the allowed values of the AWS::ECS Resources.
- Update CloudFormation Spec to include the Backup Resources
- Add Cognito RefreshTokenValidity number limits
- Fix copy-paste typo in Not function check
- Don't fail when conditions are used with parameters and allowed values
- More IAM Resource exceptions for Sub Needed check
- Update rule E3001 to validate that a Resource Condition is a string
- Add all the allowed values of the AWS::EC2 CapacityReservation Resources
- Update Launch Configuration IamInstanceProfile to support Ref or GetAtt to an IAM Instance Profile
- Fix
lessthantype in a bunch of rules - Update rule E2507 to handle intrinsics when testing the values for
Effect - Fix rule E8002 to not error when the Condition isn't a string
- Include more resource types in W3037
- Add Resource Type
AWS::CDK::Metadata
- Uncap requests dependency in setup.py
- Check Join functions have lists in the correct sections
- Pass a parameter value for AutoPublishAlias when doing a Transform
- Show usage examples when displaying the help
- Support dumping strings for datetime objects when doing a Transform
- Update CloudFormation specs to 3.3.0
- Update instance types from pricing API as of 2019.05.23
- Add
Infologging capability and set the default logging toNotSet
- Only do rule logging (start/stop/time) when the rule is going to be called
- Update rule E1019 to allow
Fn::Transforminside aFn::Sub - Update rule W2001 to not break when
Fn::Transforminside aFn::Sub - Update rule E2503 to allow conditions to be used and to not default to
networkload balancer when an object is used for the Load Balancer type
- New rule E3038 to check if a Serverless resource includes the appropriate Transform
- New rule E2531 to validate a Lambda's runtime against the deprecated dates
- New rule W2531 to validate a Lambda's runtime against the EOL dates
- Update rule E2541 to include updates to Code Pipeline capabilities
- Update rule E2503 to include checking of values for load balancer attributes
- Update CloudFormation specs to 3.2.0
- Update instance types from pricing API as of 2019.05.20
- Include setuptools in setup.py requires
- Update instance types from pricing API as of 2019.05.16
- Update E7001 to allow float/doubles for mapping values
- Update W1020 to check pre-transformed Fn::Sub(s) to determine if a Sub is needed
- Pin requests to be below or equal to 2.21.0 to prevent issues with botocore
- Add support for List Parameter types
- Add allowed values for AWS::EC2 EIP, FlowLog, CustomerGateway, DHCPOptions, EC2Fleet
- Create new property type for Security Group IDs or Names
- Add new Lambda runtime environment for NodeJs 10.x
- Move AWS::ServiceDiscovery::Service Health checks from Only One to Exclusive
- Update Glue Crawler Role to take an ARN or a name
- Remove PrimitiveType from MaintenanceWindowTarget Targets
- Add Min/Max values for Load Balancer Ports to be between 1-65535
- Include License file in the pypi package to help with downstream projects
- Filter out dynamic references from rule E3031 and E3030
- Convert Python linting and Code Coverage from Python 3.6 to 3.7
- Update rule E8003 to support more functions inside a Fn::Equals
- Allow a rule's exception to be defined in a resource's metadata
- Add rule configuration capabilities
- Update rule E3012 to allow for non strict property checking
- Add rule E8003 to test Fn::Equals structure and syntax
- Add rule E8004 to test Fn::And structure and syntax
- Add rule E8005 to test Fn::Not structure and syntax
- Add rule E8006 to test Fn::Or structure and syntax
- Include Path to error in the JSON output
- Update documentation to describe how to install cfn-lint from brew
- Update CloudFormation specs to version 3.0.0
- Add new region ap-east-1
- Add list min/max and string min/max for CloudWatch Alarm Actions
- Add allowed values for EC2::LaunchTemplate
- Add allowed values for EC2::Host
- Update allowed values for Amazon MQ to include 5.15.9
- Add AWS::Greengrass::ResourceDefinition to GreenGrass supported regions
- Add AWS::EC2::VPCEndpointService to all regions
- Update AWS::ECS::TaskDefinition ExecutionRoleArn to be a IAM Role ARN
- Patch spec files for SSM MaintenanceWindow to look for Target and not Targets
- Update ManagedPolicyArns list size to be 20 which is the hard limit. 10 is the soft limit.
- Fix rule E3033 to check the string size when the string is inside a list
- Fix an issue in which AWS::NotificationARNs was not a list
- Add AWS::EC2::Volume to rule W3010
- Fix an issue with W2001 where SAM translate would remove the Ref to a parameter causing this error to falsely trigger
- Fix rule W3010 to not error when the availability zone is 'all'
- Fix core Condition processing to support direct Condition in another Condition
- Fix the W2030 to check numbers against string allowed values
- Add NS and PTR Route53 record checking to rule E3020
- New rule E3050 to check if a Ref to IAM Role has a Role path of '/'
- New rule E3037 to look for duplicates in a list that doesn't support duplicates
- New rule I3037 to look for duplicates in a list when duplicates are allowed
- Add Min/Max values to AWS::ElasticLoadBalancingV2::TargetGroup HealthCheckTimeoutSeconds
- Add Max JSON size to AWS::IAM::ManagedPolicy PolicyDocument
- Add allowed values for AWS::EC2 SpotFleet, TransitGateway, NetworkAcl NetworkInterface, PlacementGroup, and Volume
- Add Min/max values to AWS::Budgets::Budget.Notification Threshold
- Update RDS Instance types by database engine and license definitions using the pricing API
- Update AWS::CodeBuild::Project ServiceRole to support Role Name or ARN
- Update AWS::ECS::Service Role to support Role Name or ARN
- Update E3025 to support the new structure of data in the RDS instance type json
- Update E2540 to remove all nested conditions from the object
- Update E3030 to not do strict type checking
- Update E3020 to support conditions nested in the record sets
- Update E3008 to better handle CloudFormation sub stacks with different GetAtt formats
- Update CloudFormation Specs to 2.30.0
- Fix IAM Regex Path to support more character types
- Update AWS::Batch::ComputeEnvironment.ComputeResources InstanceRole to reference an InstanceProfile or GetAtt the InstanceProfile Arn
- Allow VPC IDs to Ref a Parameter of type String
- Fix E3502 to check the size of the property instead of the parent object
- New rule E3032 to check the size of lists
- New rule E3502 to check JSON Object Size using definitions in the spec file
- New rule E3033 to test the minimum and maximum length of a string
- New rule E3034 to validate the min and max of a number
- Remove Ebs Iops check from E2504 and use rule E3034 instead
- Remove rule E2509 and use rule E3033 instead
- Remove rule E2508 as it replaced by E3032 and E3502
- Update rule E2503 to check that there are at least two 2 Subnets or SubnetMappings for ALBs
- SAM requirement upped to minimal version of 1.10.0
- Extend specs to include:
ListMinandListMaxfor the minimum and maximum size of a listJsonMaxto check the max size of a JSON ObjectStringMinandStringMaxto check the minimum and maximum length of a StringNumberMinandNumberMaxto check the minimum and maximum value of a Number, Float, Long
- Update State and ExecutionRoleArn to be required on AWS::DLM::LifecyclePolicy
- Add AllowedValues for PerformanceInsightsRetentionPeriod for AWS::RDS::Instance
- Add AllowedValues for the AWS::GuardDuty Resources
- Add AllowedValues for AWS::EC2 VPC and VPN Resources
- Switch IAM Instance Profiles for certain resources to the type that only takes the name
- Add regex pattern for IAM Instance Profile when a name (not Arn) is used
- Add regex pattern for IAM Paths
- Add Regex pattern for IAM Role Arn
- Update OnlyOne spec to require require at least one of Subnets or SubnetMappings with ELB v2
- Fix serverless transform to use DefinitionBody when Auth is in the API definition
- Fix rule W2030 to not error when checking SSM or List Parameters
- Update rule E2503 to make sure NLBs don't have a Security Group configured
- Add all the allowed values of the
AWS::GlueResources - Update OnlyOne check for
AWS::CloudWatch::Alarmto onlyMetricNameorMetrics - Update Exclusive check for
AWS::CloudWatch::Alarmfor properties mixed withMetricsandStatistic - Update CloudFormation specs to 2.29.0
- Fix type with MariaDB in the AllowedValues
- Update pricing information for data available on 2018.3.29
- Fix rule E1029 to not look for a sub is needed when looking for iot strings in policies
- Fix rule E2541 to allow for ActionId Versions of length 1-9 and meets regex
[0-9A-Za-z_-]+ - Fix rule E2532 to allow for
Parametersinside aPassaction - Fix an issue when getting the location of an error in which numbers are causing an attribute error
- Add new rule E3026 to validate Redis cluster settings including AutomaticFailoverEnabled and NumCacheClusters. Status: Released
- Add new rule W3037 to validate IAM resource policies. Status: Experimental
- Add new parameter
-e/--include-experimentalto allow for new rules in that aren't ready to be fully released
- Update Spec files to 2.28.0
- Add all the allowed values of the AWS::Redshift::* Resources
- Add all the allowed values of the AWS::Neptune::* Resources
- Patch spec to make AWS::CloudFront::Distribution.LambdaFunctionAssociation.LambdaFunctionARN required
- Patch spec to make AWS::DynamoDB::Table AttributeDefinitions required
- Remove extra blank lines when there is no errors in the output
- Add exception to rule E1029 to have exceptions for EMR CloudWatchAlarmDefinition
- Update rule E1029 to allow for literals in a Sub
- Remove sub checks from rule E3031 as it won't match in all cases of an allowed pattern regex check
- Correct typos for errors in rule W1001
- Switch from parsing a template as Yaml to Json when finding an escape character
- Fix an issue with SAM related to transforming templates with Serverless Application and Lambda Layers
- Fix an issue with rule E2541 when non strings were used for Stage Names
- Add rule E3031 to look for regex patterns based on the patched spec file
- Remove regex checks from rule E2509
- Add parameter
ignore-templatesto allow the ignoring of templates when doing bulk linting
- Update Spec files to 2.26.0
- Add all the allowed values of the AWS::DirectoryService::* Resources
- Add all the allowed values of the AWS::DynamoDB::* Resources
- Added AWS::Route53Resolver resources to the Spec Patches of ap-southeast-2
- Patch the spec file with regex patterns
- Add all the allowed values of the AWS::DocDb::* Resources
- Update rule E2504 to have '20000' as the max value
- Update rule E1016 to not allow ImportValue inside of Conditions
- Update rule E2508 to check conditions when providing limit checks on managed policies
- Convert unicode to strings when in Py 3.4/3.5 and updating specs
- Convert from
awslabstoaws-cloudformationorganization - Remove suppression of logging that was removed from samtranslator >1.7.0 and incompatibility with samtranslator 1.10.0
- Add scaffolding for arbitrary Match attributes, adding attributes for Type checks
- Add rule E3024 to validate that ProvisionedThroughput is not specified with BillingMode PAY_PER_REQUEST
- Update Spec files to 2.24.0
- Update OnlyOne spec to have BlockDeviceMapping to include NoDevice with Ebs and VirtualName
- Add all the allowed values of the AWS::CloudFront::* Resources
- Add all the allowed values of the AWS::DAX::* Resources
- Update config parsing to use the builtin Yaml decoder
- Add condition support for Inclusive E2521, Exclusive E2520, and AtLeastOne E2522 rules
- Update rule E1029 to better check Resource strings inside IAM Policies
- Improve the line/column information of a Match with array support
- Update CloudFormation Specs to version 2.23.0
- Add allowed values for AWS::Config::* resources
- Add allowed values for AWS::ServiceDiscovery::* resources
- Fix allowed values for Apache MQ
- Update rule E3008 to not error when using a list from a custom resource
- Support simple types in the CloudFormation spec
- Add tests for the formatters
- Add rule E3035 to check the values of DeletionPolicy
- Add rule E3036 to check the values of UpdateReplacePolicy
- Add rule E2014 to check that there are no REFs in the Parameter section
- Update rule E2503 to support TLS on NLBs
- Update CloudFormation spec to version 2.22.0
- Add allowed values for AWS::Cognito::* resources
- Update rule E3002 to allow GetAtts to Custom Resources under a Condition
- Introducing the cfn-lint logo!
- Update SAM dependency version
- Fix CloudWatchAlarmComparisonOperator allowed values.
- Fix typo resoruce_type_spec in several files
- Better support for nested And, Or, and Not when processing Conditions
- Add allowed values for AWS::CloudTrail::Trail resources
- Patch spec to have AWS::CodePipeline::CustomActionType Version included
- Fix conditions logic to use AllowedValues when REFing a Parameter that has AllowedValues specified
- New rule W1011 to check if a FindInMap is using the correct map name and keys
- New rule W1001 to check if a Ref/GetAtt to a resource that exists when Conditions are used
- Removed logic in E1011 and moved it to W1011 for validating keys
- Add property relationships for AWS::ApplicationAutoScaling::ScalingPolicy into Inclusive, Exclusive, and AtLeastOne
- Update rule E2505 to check the netmask bit
- Include the ability to update the CloudFormation Specs using the Pricing API
- Update to version 2.21.0
- Add allowed values for AWS::Budgets::Budget
- Add allowed values for AWS::CertificateManager resources
- Add allowed values for AWS::CodePipeline resources
- Add allowed values for AWS::CodeCommit resources
- Add allowed values for EC2 InstanceTypes from pricing API
- Add allowed values for RedShift InstanceTypes from pricing API
- Add allowed values for MQ InstanceTypes from pricing API
- Add allowed values for RDS InstanceTypes from pricing API
- Fixed README indentation issue with .pre-commit-config.yaml
- Fixed rule E2541 to allow for multiple inputs/outputs in a CodeBuild task
- Fixed rule E3020 to allow for a period or no period at the end of a ACM registration record
- Update rule E3001 to support UpdateReplacePolicy
- Fix a cli issue where
--templatewouldn't be used when a .cfnlintrc was in the same folder - Update rule E3002 and E1024 to support packaging of AWS::Lambda::LayerVersion content
- Add AWS::WorkSpaces::Workspace.WorkspaceProperties ComputeTypeName, RunningMode allowed values
- Fix AWS::CloudWatch::Alarm to point Metrics at AWS::CloudWatch::Alarm.MetricDataQuery
- Update rule E1024 to support Fn::Sub inside Fn::Cidr
- Update rule E1019 to not allow for lists directly when doing a Ref or GetAtt to a list
- Move parameter checks from rule E3030 to a new rule W2030
- Updated to version 2.19.0
- Add S3 Bucket Allowed Values
- Add Route53 Allowed Values
- Add CodeDeploy Allowed Values
- Add AWS::SecretsManager::SecretTargetAttachment TargetType Allowed Values
- Add AWS::SES::ReceiptRule.Rule TlsPolicy Allowed Values
- Add AWS::AutoScaling::AutoScalingGroup, AWS::Route53::RecordSetGroup, and AWS::AutoScaling::AutoScalingGroup to OnlyOne
- Improve W7001 error message
- Support Ref to IAM::Role or IAM::InstanceProfile with values looking for an ARN
- AWS::Batch::ComputeEnvironment InstanceRole is an InstanceProfile not Role
- Add debug options to print a stack trace for rule E0002
- Update rule E2015 to include a try/catch around AllowedPattern testing to catch errors caused by non Python supported regex
- Add rule E3030 to use the newly patched spec to check resource properties values. Update the following rules replaced by E3030.
- Add rule E3008 to use the newly patched spec to check a resource properties Ref and GetAtt. Update the following rules replaced by E3008.
- Improve rule E3020 to check MX records
- Update CloudFormation specs to 2.18.1
- Append the CloudFormation spec to include:
- AllowedValues for resource properties
- Allowed Ref/GetAtts for resource properties
- Add specs for regions
eu-north-1,us-gov-east-1,us-gov-west-1 - Add
AWS::StepFunctions::StateMachinein all supported regions - Add
AWS::CloudWatch::Alarm.Metric,AWS::CloudWatch::Alarm.MetricDataQueryandAWS::CloudWatch::Alarm.MetricStatin all supported regions - Add
AWS::Lambda::LayerVersion,AWS::Lambda::LayerVersion.Content, andAWS::Lambda::LayerVersionPermissionin all supported regions
- Fix description on rule W2501 to be more informative
- Update rule E2532 to allow
Parametersin aTaskin a Step Function - Fix rule E1010 to allow Refs in the GetAtt attribute section
- Add
AWS::CloudFormation::Initas an exception for rule E1029 - Add
Informationalerror messages to JSON outputs - Fix file searching
**/*to recursively search in Python 3.5 and greater - Update CopyRight from 2018 to 2019
- Code coverage testing integrated into the CI process
- Update CloudFormation specs to 2.18.0
- Fix rule E2505 to allow for SSM parameters when checking Cidr and Tenancy parameters
- Fix rule E1029 to not error on API Gateway stageVariables
- Support stdin for reading and testing templates
- Remove dependency on regex package as it requires gcc
- Remove rule E3507 because it depends on regex package
- Update specs to version 2.16.0
- Require pathlib2 in Python versions earlier than 3.4.0
- Update aws-sam-translator to v1.8.0
- Update requests dependency to be at least version 2.15.0
- Add Python 3.7 support for Lambda
- Provide valid Python runtimes in rule E2531 error message
- Allow Fn::Sub inside a Fn::Sub for rule E1019
- Add hardcoded list check as invalid in rule E6003
- Fix home expansion with when looking for .cfnlintrc in Python 3.4
- Add testing in Travis for Py34, Py35, Py37
- Prevent spaces after the comma in spec file
- Update allowed Lambda Runtimes to include provided and ruby
- Update specs to version 2.15.0
- Fix rule E3020 to allow multiple text records of up to 255 characters
- Fix rule E3016 to handle conditions in Update Policies
- Fix rule E2532 to not fail when using a Fn::Sub and a number for a param
- Add support for eu-west-3 and ap-northeast-3
- Add Resource Type AWS::CloudFormation::Macro to CloudFormation Spec
- Fix the error message for YAML null being off by 1 line and 1 column number
- Add Custom Error for when trying to access an attribute in the classes that make up the template
- Fix an issue with deepcopy not creating copies with start and end marks
- Fix 4 rules that would fail when trying to create the path of the error and running into an integer
- Fix rule E2015 to force parameter default values to be a string when testing against the AllowedPattern regex pattern
- Fix a bug in the config engine in which append rules would have gone to override spec
- Remove exit calls from functions that are used in integrations preventing pre-mature failures
- Fix rule E3002 E3003 to support functions that may be able to support objects
- Add rule E8002 to validate if resource Conditions or Fn::If conditions are defined
- Improve rule E3002 to validate custom resources when custom specs are addended to the resource spec using override-spec
- Allow for configuration of cfn-lint using configuration files in the project and home folder called .cfnlintrc
- Updated specs to versions release 2.12.0
- Fix rule E3002 to not fail when looking for lists of objects and using a FindInMap or GetAtt to a custom resource as both could suppliy a list of objects
- Remove rule E1025 which was duplicative to the more extensive rule E8002
- Fix rule E3020 to allow for quotes when checking the length
- Add generic exception handling to SAM transforming functions
- Complete redo how we handle arguments to fix issues created when linting multiple files with cfn-lint configurations in the file
- New CloudFormation spec patch to not require CidrBlock on resource type AWS::EC2::NetworkAclEntry
- New updates to AtLeastOne.json definition to require CidrBlock or Ipv6CidrBlock on resource type AWS::EC2::NetworkAclEntry
- A few documentation improvements
- Add rule E3022 to validate that there is only one SubnetRouteTableAssociation per subnet
- Fix rule E2502 to check Arn and Name for AWS::EC2::LaunchTemplate resources
- Fix rule E3016 to remove use of Path which may not be defined in certain scenarios
- Fix base rule Class so that resource_property_types and resource_sub_property_types is initialized from on every new rule and not copied from previous rules that were initialized
- Fix conversions of transformed templates in which keys stayed as str(s) instead of str_node(s)
- Update rule E2502 to allow GetAtt against a nested stack or custom resource
- Update rules E2541 and E2540 to support conditions inside the CodePipeline
- Fix types in rule E2532 to now include InputPath and OutputPath
- Update rule E1029 to skip missing sub when looking at parameters in IAM policies
- Update rule E2507 to allow for strings in the IAM policy
- Update rule E2507 to allow the policy statement to be an object along with a list
- Update Specs to the versions released October 19th, 2018
- Fix rule E2541 to not fail on non-string values
- Created a process to patch the CloudFormation Spec and patched a bunch of issues
- Support pre-commit hooks for linting templates
- Add rule E3021 to that 5 or less targets are added to a CloudWatch Event
- Add rule E1029 to look for Sub variables that aren't inside a Sub
- Add rule I3011 to validate that DynamDB Tables have deletion policy specified as the default is to delete the database.
- Add support for
infoerrors
- Update search_deep_keys to look for items in the Global section which is lost in a Transformation
- Clean up failures when loading files that are not yaml or json
- Support parsing multiple files from the command line
- New rule E3016 to validate a resources UpdatePolicy configuration
- Removes sub parameter check from rule E1012. The same check is covered by E1019
- Fix rule E1010 when using a string not an array with Fn::Sub
- Fix rule E3020 ignore intrinsic functions when checking values
- Update the custom objects for the template to directly allow the calling of getting items and checking items that is condition safe
- Update CloudFormation Specs to 2018-09-21 released specs
- Fix rule E2540 to not fail when the stage names aren't strings
- Fix rule E3002 to not fail when processing Ref AWS::NoValue
- Core functionality updated to fail when extending rules directory doesn't exist
- Fix rule E3002 metadata isn't supported as a resource property
- Fix rule E2509 to not error when using a function for description
- Fix rule W2501 to support dashes in KMS Key name
- Fix rule E2543 to not fail when the type of a step isn't known
- Fix rule E2507 to have an exception for ECR Policies. Resource isn't required.
- Several Python cleanup items around initializing lists, how version is loaded, and dropping 'discover' in testing
- Fix core decoding so the true error of a template parsing issue is visible to the user
- New Rule W1019 to make sure any Sub variables are used in the string
- New Rule E2532 to start basic validation of state machine syntax
- New Rule W1020 to see if Sub is needed and variables are being used
- New Rule E1028 validate that first element in a Fn::If array is a string
- New Rule W3002 to warn when templated templates are used
- Update Rule E2507 to check resource base policies
- Add Rule W2511 to warn when using an older version of IAM Policy Version
- Update Rule E3002 to allow for templated code
- Update Rule E1024 to allow Cidr function to use GetAtt
- Fix core functionality to not error if the template is an array or string instead of an object
- Fixes an issue where Template.get_values would return
Ref: AWS::NoValue. This will no longer be returned as it is considered to be a Null value.
- Update formatters to be similar from JSON and text outputs and modularize for easier growth later
- Don't raise an error with E3020 when doing ACM DNS validation registration
- Add rule E7003 to validate that mapping keys are strings.
- Add rule E1027 to validate that dynamic reference secure strings are to supported properties
- Add rule E1004 to validate that the Template Description is only a string
- Add rule E6005 to validate that an Output Description is only a string
- Add rule E6012 to validate that an Output Description is less than the maximum length
- Fix core libraries to handle conditions around resource properties so that the resource and property checks still run
- Fix core libraries to handle the special property type
Tagso that its checked when a rule is doing a Property Check
- Support additional attributes in spec file for E3002
- Check custom resources as if they are 'AWS::CloudFormation::CustomResource' in rule E3003
- Fix W6001 when an ImportValue is used to another function
- Fix W2501 to support the new dynamic reference feature
- Update rule E3020 to support CAA and CNAME record checks
- Update specs to ones released on August 16, 2018
- Load all instances of CloudFormationLintRule in a file. Class doesn't need to match the filename anymore
- Allow load yaml to accept a string allowing people to use cfn-lint as a module
- Add rule W6001 to test outputs that are just using an import value
- Update specs to ones released on August 10, 2018
- Update E2507 to support conditions and using get_values to test all condition paths
- Update E2521, E2523 to support conditions and using get_values to test all condition paths
- Rewrite E2503 to support intrinsic functions and conditions and lower case protocols
- Fix E1018 to support Sub inside a Split function
- Fix E3003 description messages to be more informative
- Fix E3001 to not require parameters when CreationPolicy is used
- Fix SAM region when no region is available from a local AWS profile or environment variable.
- Update rule E3020 to support AAAA record checks
- Fix many rules that would fail if a sub parameter had a space at the beginning or end
- Fix crashing issues when trying to get resources that aren't properly configured
- Update CloudFormation Specs to July 20th, 2018
- Fix an issue with Exclusive resource properties and RDS with Snapshot and Password
- Update CloudFormation specs to July 16th, 2018
- Support comma lists for regions, append rules, and ignore check parameters
- Added documentation explaining Resource Specification based rules
- Fix a bunch of typos across many different rules
- Support DeepCopy with Template and custom String classes used for marking up templates
- Fix Rule E3002 to support CommaDelimitedList when looking for List Parameters
- Fix core engine to check that something is a Dict instead of assuming it is
- Update CloudFormation Specs to July 12th, 2018
- Rule E7012 added to check the limits of attributes in a Mapping
- Rule E2012 added to check maximum size of a parameter value
- Rule E1003 added to check the maximum length of the template Description
- Guide created to help new users write new rules
- Catch KeyError when trying to discover the line and column number of an error
- Update Lambda rules to support dotnet core
- Fix rule E1017 so we unpack first element of select as a dict
- Fix rule E1024 to support ImportValue and appropriately checking number for the last element
- Support for Yaml C Parser when available.
- Catch rule processing errors and raise a lint error in their place.
- Add rules for the limit on Parameter, Mapping, Resource and Output names
- Add Rule W3005 to warn for when DependsOn is specified but not needed
- Add Rule E2509 to check if Security Group Descriptions are properly configured
- Add
source_urlto rules so rule reference documentation can be provided
- Fixed issues when Conditions had lists for values
- Fixed issue where underscore was allowed for AlphaNumeric names
- Try/Catch added to rule processing so code failures in rules won't crash cfn-lint
- Parse YAML files using C parser when available. Greatly speeds up YAML parsing.
- Template class updated to handle conditions where lists are in the true/false values
- Fix regex for checking Resource, Output, etc. names to not include underscore
- Update rule E3020 to validate A recordsets
- Require "aws-sam-translator" dependency be at least 1.6.0
- Add support for wildcards in rule E3013 - Support conditions in Lists for rule E3002 - Include filename when we run into Null and Duplicate values when parsing yaml
- Rule W2510 now allows for AllowedValues instead of just Min/MaxValue for compliance of Lambda MemorySize
- Rule E2530 updated to checked AllowedValues for compliance of Lambda MemorySize
- Serverless Transforms now handled by SAM libraries
- Add Rule E2508: Add checks for IAM
- Managed Policies attached to IAM user, group or role can't be more than 10
- An IAM user can be a member of no more than 10 groups
- There can only be 1 role in an instance profile
- AssumeRolePolicyDocument size is less than <2048 characters
- Add Rule E1002: Check overall template size to make sure its below
- Add Rule E3013: CloudFront aliases should contain valid domain names
- Add Rule E3020: Check if all RecordSets are correctly configured
- Strings end and start with double quotes
- Size is less than 256 characters
- Record Types are within the specification
- Short hand parameter switches and no longer need --template
- Don't report a Condition not being used if it is used by another Condition
- Fixed issues with Yaml and Json parsing for complex strings in Python 2.7
- Added eu-central-1 Availability Zones to acceptable AZ list
- Added nodejs8.10 to supported Lambda
- Added Version as an attribute for a Custom Resource
- Parseable output is now colon(:) delimited
- Added AllowedValues for Cidr parameter checking Rule W2509
- Add Rule E2004 to check Allowed values for Cidr parameters are a valid Cidr range
- Disable mapping Name checks W7001 if dynamic mapping names are used (Ref, FindInMap)
- New Rule E1026 to make sure Ref's in 'Conditions' are to parameters and not resources
- Updated CloudFormation specs to June 5th, 2018
- Fixed an issue with Rule E1019 not giving errors when there was a bad pseudo parameter
- Fixed an issue where conditions with Refs were validated as strings instead of Refs
- Fix crash errors when an empty yaml file is provided
- Updated condition functions to return the full object (Ref isn't translated while looking for AWS::NoValue)
- Support Map Type properties when doing PrimitiveType check E3012 - Fix an issue when boolean values not being checked when using check_value
- Standard cfn-lint Errors (E0000) for null, duplicate, and parse errors
- Add a new check for CloudFormation limits
- Add a new check for Parameter, Resource, Output, and Mapping names
- Update specs to those released on May 25th, 2018
- Strong type checking for property values result in Errors (E3012)
- Transform logic updated to not add a Role if one is specified for a serverless function
- Fixed logic around Fn::If when the result is an object
- Fix conditions when checking property value structure
- Update CloudFormation specs to include recent releases
- Add checks for duplicate resource names
- Add checks for null values in templates
- Add support in Circular Dependency checks to go multiple levels deep
- Add check for unused mappings
- Add check for unused and not found conditions
- Convert Errors to Warnings that don't cause a failure when implementing a template
- Fix check for cfn-lint configurations in templates
- Fix Sub Functions checks failing on sub stacks or custom resources
- Fix Serverless Transforms not failing when trying to create multiple RestApiIds
- Fix TOX encoding issues with certain JSON files
- Update Lambda Memory size to 3008
- Fix FindInMap failing when the first parameter is also FindInMap
- Fix key search function to appropriately respond to nested finds (FindInMap inside a FindInMap)
- Capability to merge and modify the CloudFormation spec with provided JSON
- Allows for changing what properties are required
- Can change what resource types are allowed
- Remove warnings that were in error checks to keep errors focused on issues preventing success
- Improve circular dependency checks to go multiple levels deep
- Check null and duplicate values in JSON and YAML templates
- Some primitive type properties were not getting checked
- Include support for Long as a number based check
- Improve get condition values to support more complex scenarios
- Added a rule to check for only one resource property in a set
- Added a rule for more than one of resource properties in a set
- Added a rule for mutually exclusive resource properties
- Support parsing JSON files that have tabs
- Better error handling for when a property is a list instead of an object
- Error handling for when files can't be read or don't exist
- Fix for supporting more parameter types when checking REFs to parameters for Security Groups
- Exit code non zero on errors or warnings
- Testing CloudFormation resources against the Resource Spec
- Test Functions against supported included functions
- Test overall CloudFormation structure
- Test Regionalization of a template against the Resource Spec
- Ability to add additional rules on parameter
- In depth checks of values around AWS::EC2::VPC, AWS::EC2::Subnet, and AWS::EC2::SecurityGroup