cfn-lint
cfn-lint documentation
- Version in MegaLinter: 0.77.7
- Visit Official Web Site
- If custom
.cfnlintrc.ymlconfig file isn't found, .cfnlintrc.yml will be used
- If custom
- See Index of problems detected by cfn-lint
Configuration in MegaLinter
- Enable cfn-lint by adding
CLOUDFORMATION_CFN_LINTin ENABLE_LINTERS variable - Disable cfn-lint by adding
CLOUDFORMATION_CFN_LINTin DISABLE_LINTERS variable
| Variable | Description | Default value |
|---|---|---|
| CLOUDFORMATION_CFN_LINT_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
| CLOUDFORMATION_CFN_LINT_FILTER_REGEX_INCLUDE | Custom regex including filter Ex: (src\|lib) |
Include every file |
| CLOUDFORMATION_CFN_LINT_FILTER_REGEX_EXCLUDE | Custom regex excluding filter Ex: (test\|examples) |
Exclude no file |
| CLOUDFORMATION_CFN_LINT_CLI_LINT_MODE | Override default CLI lint mode - file: Calls the linter for each file- list_of_files: Call the linter with the list of files as argument- project: Call the linter from the root of the project |
list_of_files |
| CLOUDFORMATION_CFN_LINT_FILE_EXTENSIONS | Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all filesEx: [".py", ""] |
[".yml", ".yaml", ".json"] |
| CLOUDFORMATION_CFN_LINT_FILE_NAMES_REGEX | File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files Ex: ["Dockerfile(-.+)?", "Jenkinsfile"] |
Include every file |
| CLOUDFORMATION_CFN_LINT_PRE_COMMANDS | List of bash commands to run before the linter | None |
| CLOUDFORMATION_CFN_LINT_POST_COMMANDS | List of bash commands to run after the linter | None |
| CLOUDFORMATION_CFN_LINT_UNSECURED_ENV_VARIABLES | List of env variables explicitly not filtered before calling CLOUDFORMATION_CFN_LINT and its pre/post commands | None |
| CLOUDFORMATION_CFN_LINT_CONFIG_FILE | cfn-lint configuration file nameUse LINTER_DEFAULT to let the linter find it |
.cfnlintrc.yml |
| CLOUDFORMATION_CFN_LINT_RULES_PATH | Path where to find linter configuration file | Workspace folder, then MegaLinter default rules |
| CLOUDFORMATION_CFN_LINT_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
| CLOUDFORMATION_CFN_LINT_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
| CLOUDFORMATION_CFN_LINT_CLI_EXECUTABLE | Override CLI executable | ['cfn-lint'] |
IDE Integration
Use cfn-lint in your favorite IDE to catch errors before MegaLinter !
| IDE | Extension Name | Install | |
|---|---|---|---|
| Atom | atom-cfn-lint | Visit Web Site | |
| IDEA | cfn-lint | ||
| Sublime Text | SublimeLinter CloudFormation | Visit Web Site | |
| Visual Studio Code | vscode-cfn-lint |  |
MegaLinter Flavours
This linter is available in the following flavours
| Flavor | Description | Embedded linters | Info | |
|---|---|---|---|---|
 |
all | Default MegaLinter Flavor | 113 |   |
| cupcake | MegaLinter for the most commonly used languages | 81 |   |
|
| security | Optimized for security | 21 |   |
Behind the scenes
How are identified applicable files
- File extensions:
.yml,.yaml,.json - Detected file content (regex):
AWSTemplateFormatVersion,(AWS|Alexa|Custom)::
How the linting is performed
- cfn-lint is called once with the list of files as arguments (
list_of_filesCLI lint mode)
Example calls
cfn-lint myfile.yml
cfn-lint --config-file .cfnlintrc.yml myfile.yml
Help content
usage:
Basic: cfn-lint test.yaml
Ignore a rule: cfn-lint -i E3012 -- test.yaml
Configure a rule: cfn-lint -x E3012:strict=true -t test.yaml
Lint all yaml files in a folder: cfn-lint dir/**/*.yaml
CloudFormation Linter
options:
-h, --help show this help message and exit
Standard:
TEMPLATE The CloudFormation template to be linted
-t TEMPLATE [TEMPLATE ...], --template TEMPLATE [TEMPLATE ...]
The CloudFormation template to be linted
-b, --ignore-bad-template
Ignore failures with Bad template
--ignore-templates IGNORE_TEMPLATES [IGNORE_TEMPLATES ...]
Ignore templates
-f {quiet,parseable,json,junit,pretty,sarif}, --format {quiet,parseable,json,junit,pretty,sarif}
Output Format
-l, --list-rules list all the rules
-r REGIONS [REGIONS ...], --regions REGIONS [REGIONS ...]
list the regions to validate against.
-i IGNORE_CHECKS [IGNORE_CHECKS ...], --ignore-checks IGNORE_CHECKS [IGNORE_CHECKS ...]
only check rules whose id do not match these values
-c INCLUDE_CHECKS [INCLUDE_CHECKS ...], --include-checks INCLUDE_CHECKS [INCLUDE_CHECKS ...]
include rules whose id match these values
-m MANDATORY_CHECKS [MANDATORY_CHECKS ...], --mandatory-checks MANDATORY_CHECKS [MANDATORY_CHECKS ...]
always check rules whose id match these values,
regardless of template exclusions
-e, --include-experimental
Include experimental rules
-x CONFIGURE_RULES [CONFIGURE_RULES ...], --configure-rule CONFIGURE_RULES [CONFIGURE_RULES ...]
Provide configuration for a rule. Format
RuleId:key=value. Example: E3012:strict=true
--config-file CONFIG_FILE
Specify the cfnlintrc file to use
-z CUSTOM_RULES, --custom-rules CUSTOM_RULES
Allows specification of a custom rule file.
-v, --version Version of cfn-lint
--output-file OUTPUT_FILE
Writes the output to the specified file, ideal for
producing reports
--merge-configs Merges lists between configuration layers
--non-zero-exit-code {informational,warning,error,none}
Exit code will be non zero from the specified rule
class and higher
Advanced / Debugging:
-D, --debug Enable debug logging
-I, --info Enable information logging
-a APPEND_RULES [APPEND_RULES ...], --append-rules APPEND_RULES [APPEND_RULES ...]
specify one or more rules directories using one or
more --append-rules arguments.
-o OVERRIDE_SPEC, --override-spec OVERRIDE_SPEC
A CloudFormation Spec override file that allows
customization
-g, --build-graph Creates a file in the same directory as the template
that models the template's resources in DOT format
-s REGISTRY_SCHEMAS [REGISTRY_SCHEMAS ...], --registry-schemas REGISTRY_SCHEMAS [REGISTRY_SCHEMAS ...]
one or more directories of CloudFormation Registry
Schemas
-u, --update-specs Update the CloudFormation Specs
Installation on mega-linter Docker image
- PIP packages (Python):