forked from aws-cloudformation/cfn-lint
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathImageId.py
56 lines (50 loc) · 2.39 KB
/
ImageId.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
"""
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0
"""
from cfnlint.rules import CloudFormationLintRule
from cfnlint.rules import RuleMatch
class ImageId(CloudFormationLintRule):
id = 'W2506'
shortdesc = 'Check if ImageId Parameters have the correct type'
description = (
'See if there are any refs for ImageId to a parameter '
+ 'of inappropriate type. Appropriate Types are '
+ '[AWS::EC2::Image::Id, AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>]'
)
source_url = 'https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html#parmtypes'
tags = ['parameters', 'ec2', 'imageid']
def match(self, cfn):
"""Check CloudFormation ImageId Parameters"""
matches = []
# Build the list of refs
imageidtrees = cfn.search_deep_keys('ImageId')
valid_refs = cfn.get_valid_refs()
allowed_types = [
'AWS::EC2::Image::Id',
'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>',
]
# Filter only resoureces
imageidtrees = [x for x in imageidtrees if x[0] == 'Resources']
for imageidtree in imageidtrees:
imageidobj = imageidtree[-1]
if isinstance(imageidobj, dict):
if len(imageidobj) == 1:
for key, paramname in imageidobj.items():
if key == 'Ref':
if paramname in valid_refs:
if valid_refs[paramname]['From'] == 'Parameters':
if (
valid_refs[paramname]['Type']
not in allowed_types
):
message = (
f'Parameter {paramname} should be of type '
f'[{", ".join(map(str, allowed_types))}]'
)
tree = ['Parameters', paramname]
matches.append(RuleMatch(tree, message))
else:
message = f'Inappropriate map found for ImageId on {"/".join(map(str, imageidtree[:-1]))}'
matches.append(RuleMatch(imageidtree[:-1], message))
return matches