cfn-lint
cfn-lint documentation
- Version in Mega-Linter: 0.54.1
- Visit Official Web Site
- If custom
.cfnlintrc.yml
config file is not found, .cfnlintrc.yml will be used
- If custom
- See Index of problems detected by cfn-lint
Configuration in Mega-Linter
- Enable cfn-lint by adding
CLOUDFORMATION_CFN_LINT
in ENABLE_LINTERS variable - Disable cfn-lint by adding
CLOUDFORMATION_CFN_LINT
in DISABLE_LINTERS variable
Variable | Description | Default value |
---|---|---|
CLOUDFORMATION_CFN_LINT_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
CLOUDFORMATION_CFN_LINT_FILTER_REGEX_INCLUDE | Custom regex including filter Ex: (src\|lib) |
Include every file |
CLOUDFORMATION_CFN_LINT_FILTER_REGEX_EXCLUDE | Custom regex excluding filter Ex: (test\|examples) |
Exclude no file |
CLOUDFORMATION_CFN_LINT_CLI_LINT_MODE | Override default CLI lint mode - file : Calls the linter for each file- list_of_files : Call the linter with the list of files as argument- project : Call the linter from the root of the project |
{linter.cli_lint_mode} |
CLOUDFORMATION_CFN_LINT_FILE_EXTENSIONS | Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all filesEx: [".py", ""] |
[".yml", ".yaml", ".json"] |
CLOUDFORMATION_CFN_LINT_FILE_NAMES_REGEX | File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files Ex: ["Dockerfile(-.+)?", "Jenkinsfile"] |
Include every file |
CLOUDFORMATION_CFN_LINT_PRE_COMMANDS | List of bash commands to run before the linter | None |
CLOUDFORMATION_CFN_LINT_POST_COMMANDS | List of bash commands to run after the linter | None |
CLOUDFORMATION_CFN_LINT_CONFIG_FILE | cfn-lint configuration file nameUse LINTER_DEFAULT to let the linter find it |
.cfnlintrc.yml |
CLOUDFORMATION_CFN_LINT_RULES_PATH | Path where to find linter configuration file | Workspace folder, then Mega-Linter default rules |
CLOUDFORMATION_CFN_LINT_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
CLOUDFORMATION_CFN_LINT_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
IDE Integration
Use cfn-lint in your favorite IDE to catch errors before Mega-Linter !
IDE | Extension Name | Install | |
---|---|---|---|
Atom | atom-cfn-lint | Visit Web Site | |
IDEA | cfn-lint | ||
Visual Studio Code | vscode-cfn-lint |
Mega-Linter Flavours
This linter is available in the following flavours
Flavor | Description | Embedded linters | Info | |
---|---|---|---|---|
all | Default Mega-Linter Flavor | 93 |
Behind the scenes
How are identified applicable files
- File extensions:
.yml
,.yaml
,.json
- Detected file content (regex):
AWSTemplateFormatVersion
,(AWS|Alexa|Custom)::
How the linting is performed
- cfn-lint is called one time by identified file
Example calls
cfn-lint myfile.yml
cfn-lint --config-file .cfnlintrc.yml myfile.yml
Help content
usage:
Basic: cfn-lint test.yaml
Ignore a rule: cfn-lint -i E3012 -- test.yaml
Configure a rule: cfn-lint -x E3012:strict=false -t test.yaml
Lint all yaml files in a folder: cfn-lint dir/**/*.yaml
CloudFormation Linter
optional arguments:
-h, --help show this help message and exit
Standard:
TEMPLATE The CloudFormation template to be linted
-t TEMPLATE [TEMPLATE ...], --template TEMPLATE [TEMPLATE ...]
The CloudFormation template to be linted
-b, --ignore-bad-template
Ignore failures with Bad template
--ignore-templates IGNORE_TEMPLATES [IGNORE_TEMPLATES ...]
Ignore templates
-f {quiet,parseable,json,junit,pretty}, --format {quiet,parseable,json,junit,pretty}
Output Format
-l, --list-rules list all the rules
-r REGIONS [REGIONS ...], --regions REGIONS [REGIONS ...]
list the regions to validate against.
-i IGNORE_CHECKS [IGNORE_CHECKS ...], --ignore-checks IGNORE_CHECKS [IGNORE_CHECKS ...]
only check rules whose id do not match these values
-c INCLUDE_CHECKS [INCLUDE_CHECKS ...], --include-checks INCLUDE_CHECKS [INCLUDE_CHECKS ...]
include rules whose id match these values
-m MANDATORY_CHECKS [MANDATORY_CHECKS ...], --mandatory-checks MANDATORY_CHECKS [MANDATORY_CHECKS ...]
always check rules whose id match these values,
regardless of template exclusions
-e, --include-experimental
Include experimental rules
-x CONFIGURE_RULES [CONFIGURE_RULES ...], --configure-rule CONFIGURE_RULES [CONFIGURE_RULES ...]
Provide configuration for a rule. Format
RuleId:key=value. Example: E3012:strict=false
--config-file CONFIG_FILE
Specify the cfnlintrc file to use
-z CUSTOM_RULES, --custom-rules CUSTOM_RULES
Allows specification of a custom rule file.
-v, --version Version of cfn-lint
--output-file OUTPUT_FILE
Writes the output to the specified file, ideal for
producing reports
--merge-configs Merges lists between configuration layers
Advanced / Debugging:
-D, --debug Enable debug logging
-I, --info Enable information logging
-a APPEND_RULES [APPEND_RULES ...], --append-rules APPEND_RULES [APPEND_RULES ...]
specify one or more rules directories using one or
more --append-rules arguments.
-o OVERRIDE_SPEC, --override-spec OVERRIDE_SPEC
A CloudFormation Spec override file that allows
customization
-g, --build-graph Creates a file in the same directory as the template
that models the template's resources in DOT format
-s REGISTRY_SCHEMAS [REGISTRY_SCHEMAS ...], --registry-schemas REGISTRY_SCHEMAS [REGISTRY_SCHEMAS ...]
one or more directories of CloudFormation Registry
Schemas
-u, --update-specs Update the CloudFormation Specs
Installation on mega-linter Docker image
- NPM packages (node.js):
- PIP packages (Python):
Example success log
Results of cfn-lint linter (version 0.43.0)
See documentation on https://nvuillam.github.io/mega-linter/descriptors/cloudformation_cfn_lint/
-----------------------------------------------
[SUCCESS] .automation/test/cloudformation/cloudformation_good_1.json
[SUCCESS] .automation/test/cloudformation/cloudformation_good_2.yaml
[SUCCESS] .automation/test/cloudformation/cloudformation_good_3.json
[SUCCESS] .automation/test/cloudformation/cloudformation_good_4.yaml
Example error log
Results of cfn-lint linter (version 0.43.0)
See documentation on https://nvuillam.github.io/mega-linter/descriptors/cloudformation_cfn_lint/
-----------------------------------------------
[ERROR] .automation/test/cloudformation/cloudformation_bad_1.json
E3001 Invalid or unsupported Type AWS::Route53::HostedZonee for resource DNS in us-east-1
.automation/test/cloudformation/cloudformation_bad_1.json:6:10
[ERROR] .automation/test/cloudformation/cloudformation_bad_2.yaml
E3001 Invalid or unsupported Type AWS::Route53::HostedZonee for resource DNS in us-east-1
.automation/test/cloudformation/cloudformation_bad_2.yaml:5:5
[ERROR] .automation/test/cloudformation/cloudformation_bad_3.json
E3002 Invalid Property Resources/myDNSRecord/Properties/Ttl
.automation/test/cloudformation/cloudformation_bad_3.json:11:13
[ERROR] .automation/test/cloudformation/cloudformation_bad_4.yaml
E3002 Invalid Property Resources/myDNSRecord/Properties/Ttl
.automation/test/cloudformation/cloudformation_bad_4.yaml:9:7