Skip to content

cfn-lint

cfn-lint documentation

cfn-lint - GitHub

Configuration in Mega-Linter

Variable Description Default value
CLOUDFORMATION_CFN_LINT_ARGUMENTS User custom arguments to add in linter CLI call
Ex: -s --foo "bar"
CLOUDFORMATION_CFN_LINT_FILTER_REGEX_INCLUDE Custom regex including filter
Ex: (src\|lib)
Include every file
CLOUDFORMATION_CFN_LINT_FILTER_REGEX_EXCLUDE Custom regex excluding filter
Ex: (test\|examples)
Exclude no file
CLOUDFORMATION_CFN_LINT_CLI_LINT_MODE Override default CLI lint mode
- file: Calls the linter for each file
- list_of_files: Call the linter with the list of files as argument
- project: Call the linter from the root of the project
{linter.cli_lint_mode}
CLOUDFORMATION_CFN_LINT_FILE_EXTENSIONS Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all files
Ex: [".py", ""]
[".yml", ".yaml", ".json"]
CLOUDFORMATION_CFN_LINT_FILE_NAMES_REGEX File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files
Ex: ["Dockerfile(-.+)?", "Jenkinsfile"]
Include every file
CLOUDFORMATION_CFN_LINT_PRE_COMMANDS List of bash commands to run before the linter None
CLOUDFORMATION_CFN_LINT_POST_COMMANDS List of bash commands to run after the linter None
CLOUDFORMATION_CFN_LINT_CONFIG_FILE cfn-lint configuration file name
Use LINTER_DEFAULT to let the linter find it
.cfnlintrc.yml
CLOUDFORMATION_CFN_LINT_RULES_PATH Path where to find linter configuration file Workspace folder, then Mega-Linter default rules
CLOUDFORMATION_CFN_LINT_DISABLE_ERRORS Run linter but consider errors as warnings false
CLOUDFORMATION_CFN_LINT_DISABLE_ERRORS_IF_LESS_THAN Maximum number of errors allowed 0

IDE Integration

Use cfn-lint in your favorite IDE to catch errors before Mega-Linter !

Mega-Linter Flavours

This linter is available in the following flavours

Flavor Description Embedded linters Info
all Default Mega-Linter Flavor 94 Docker Image Size (tag) Docker Pulls

Behind the scenes

How are identified applicable files

  • File extensions: .yml, .yaml, .json
  • Detected file content (regex): AWSTemplateFormatVersion, (AWS|Alexa|Custom)::

How the linting is performed

  • cfn-lint is called one time by identified file

Example calls

cfn-lint myfile.yml
cfn-lint --config-file .cfnlintrc.yml myfile.yml

Help content

usage:
Basic: cfn-lint test.yaml
Ignore a rule: cfn-lint -i E3012 -- test.yaml
Configure a rule: cfn-lint -x E3012:strict=false -t test.yaml
Lint all yaml files in a folder: cfn-lint dir/**/*.yaml

CloudFormation Linter

optional arguments:
  -h, --help            show this help message and exit

Standard:
  TEMPLATE              The CloudFormation template to be linted
  -t TEMPLATE [TEMPLATE ...], --template TEMPLATE [TEMPLATE ...]
                        The CloudFormation template to be linted
  -b, --ignore-bad-template
                        Ignore failures with Bad template
  --ignore-templates IGNORE_TEMPLATES [IGNORE_TEMPLATES ...]
                        Ignore templates
  -f {quiet,parseable,json,junit,pretty}, --format {quiet,parseable,json,junit,pretty}
                        Output Format
  -l, --list-rules      list all the rules
  -r REGIONS [REGIONS ...], --regions REGIONS [REGIONS ...]
                        list the regions to validate against.
  -i IGNORE_CHECKS [IGNORE_CHECKS ...], --ignore-checks IGNORE_CHECKS [IGNORE_CHECKS ...]
                        only check rules whose id do not match these values
  -c INCLUDE_CHECKS [INCLUDE_CHECKS ...], --include-checks INCLUDE_CHECKS [INCLUDE_CHECKS ...]
                        include rules whose id match these values
  -m MANDATORY_CHECKS [MANDATORY_CHECKS ...], --mandatory-checks MANDATORY_CHECKS [MANDATORY_CHECKS ...]
                        always check rules whose id match these values,
                        regardless of template exclusions
  -e, --include-experimental
                        Include experimental rules
  -x CONFIGURE_RULES [CONFIGURE_RULES ...], --configure-rule CONFIGURE_RULES [CONFIGURE_RULES ...]
                        Provide configuration for a rule. Format
                        RuleId:key=value. Example: E3012:strict=false
  --config-file CONFIG_FILE
                        Specify the cfnlintrc file to use
  -z CUSTOM_RULES, --custom-rules CUSTOM_RULES
                        Allows specification of a custom rule file.
  -v, --version         Version of cfn-lint
  --output-file OUTPUT_FILE
                        Writes the output to the specified file, ideal for
                        producing reports
  --merge-configs       Merges lists between configuration layers

Advanced / Debugging:
  -D, --debug           Enable debug logging
  -I, --info            Enable information logging
  -a APPEND_RULES [APPEND_RULES ...], --append-rules APPEND_RULES [APPEND_RULES ...]
                        specify one or more rules directories using one or
                        more --append-rules arguments.
  -o OVERRIDE_SPEC, --override-spec OVERRIDE_SPEC
                        A CloudFormation Spec override file that allows
                        customization
  -g, --build-graph     Creates a file in the same directory as the template
                        that models the template's resources in DOT format
  -s REGISTRY_SCHEMAS [REGISTRY_SCHEMAS ...], --registry-schemas REGISTRY_SCHEMAS [REGISTRY_SCHEMAS ...]
                        one or more directories of CloudFormation Registry
                        Schemas
  -u, --update-specs    Update the CloudFormation Specs

Installation on mega-linter Docker image

Example success log

Results of cfn-lint linter (version 0.43.0)
See documentation on https://megalinter.github.io/descriptors/cloudformation_cfn_lint/
-----------------------------------------------

[SUCCESS] .automation/test/cloudformation/cloudformation_good_1.json


[SUCCESS] .automation/test/cloudformation/cloudformation_good_2.yaml


[SUCCESS] .automation/test/cloudformation/cloudformation_good_3.json


[SUCCESS] .automation/test/cloudformation/cloudformation_good_4.yaml


Example error log

Results of cfn-lint linter (version 0.43.0)
See documentation on https://megalinter.github.io/descriptors/cloudformation_cfn_lint/
-----------------------------------------------

[ERROR] .automation/test/cloudformation/cloudformation_bad_1.json
    E3001 Invalid or unsupported Type AWS::Route53::HostedZonee for resource DNS in us-east-1
    .automation/test/cloudformation/cloudformation_bad_1.json:6:10

[ERROR] .automation/test/cloudformation/cloudformation_bad_2.yaml
    E3001 Invalid or unsupported Type AWS::Route53::HostedZonee for resource DNS in us-east-1
    .automation/test/cloudformation/cloudformation_bad_2.yaml:5:5

[ERROR] .automation/test/cloudformation/cloudformation_bad_3.json
    E3002 Invalid Property Resources/myDNSRecord/Properties/Ttl
    .automation/test/cloudformation/cloudformation_bad_3.json:11:13

[ERROR] .automation/test/cloudformation/cloudformation_bad_4.yaml
    E3002 Invalid Property Resources/myDNSRecord/Properties/Ttl
    .automation/test/cloudformation/cloudformation_bad_4.yaml:9:7