Python
JavaScript
Java
Go
C#
Ansible
AWS CloudFormation Linter
C & C++
Dart Analyze
Docker
Kotlin
KubeLinter
PHP
Ruby
Rust
Scala
Secrets
Shell
Slither
Solhint
SQL
Swift
Terraform
Test coverageBase64 validation of parametersCFLIN-E1021Join validation of parametersCFLIN-E1022Mapping limitCFLIN-I7010Mapping name limitCFLIN-I7011Mapping attribute limitCFLIN-I7012Check values of properties for valid refs and getattsCFLIN-E3008Resource limit not exceededCFLIN-E3010Validation not function configurationCFLIN-E1023Cidr validation of parametersCFLIN-E1024Cannot reference resources in the conditions block of the templateCFLIN-E1026Check if a string has between min and max number of values specifiedCFLIN-E3033Check if a number is between min and maxCFLIN-E3034Check deletionpolicy values for resourcesCFLIN-E3035Check updatereplacepolicy values for resourcesCFLIN-E3036Check if a list has duplicate valuesCFLIN-E3037Check minimum 90 period is met between backupplan cold and deleteCFLIN-E3504Metadata interface have appropriate propertiesCFLIN-E4001Validate the configuration of the metadata sectionCFLIN-E4002Check that modules resources are validCFLIN-E5001Outputs have appropriate propertiesCFLIN-E6001Outputs have required propertiesCFLIN-E6002Outputs have values of stringsCFLIN-E6003Outputs have appropriate namesCFLIN-E6004Output limit not exceededCFLIN-E6010Output name limit not exceededCFLIN-E6011Output description limit not exceededCFLIN-E6012Mappings are appropriately configuredCFLIN-E7001Mappings have appropriate namesCFLIN-E7002Mapping keys are strings and alphanumericCFLIN-E7003Mapping limit not exceededCFLIN-E7010Mapping name limit not exceededCFLIN-E7011Conditions have appropriate propertiesCFLIN-E8001Check if the referenced conditions are definedCFLIN-E8002Check fn::equals structure for validityCFLIN-E8003Check fn::not structure for validityCFLIN-E8005Check fn::or structure for validityCFLIN-E8006Template size limitCFLIN-I1002Template description limitCFLIN-I1003Use sub instead of joinCFLIN-I1022Parameter limitCFLIN-I2010Parameter name limitCFLIN-I2011Parameter value limitCFLIN-I2012Validate that snapstart is configured for >= java11 runtimesCFLIN-I2530Resource name limitCFLIN-I3012Ref/getatt to resource that is available when conditions are appliedCFLIN-W1001Findinmap keys exist in the mapCFLIN-W1011Template size limitCFLIN-E1002Sub validation of parametersCFLIN-W1019Sub isn't needed if it doesn't have a variable definedCFLIN-W1020Check if parameters are usedCFLIN-W2001Resources have appropriate namesCFLIN-E3006Unique resource and parameter namesCFLIN-E3007Property is unwanted based on another properties valueCFLIN-E3018Attributedefinitions / keyschemas mismatchCFLIN-E3039Outputs descriptions can only be stringsCFLIN-E6005Mapping attribute limit not exceededCFLIN-E7012Check fn::and structure for validityCFLIN-E8004Resource limitCFLIN-I3010Check stateful resources have a set updatereplacepolicy/deletionpolicyCFLIN-I3011Arns should use correctly placed pseudo parametersCFLIN-I3042Check if parameters have a valid value based on an allowed patternCFLIN-W2031Check if password properties are correctly configuredCFLIN-W2501Availability zone parameters should not be hardcodedCFLIN-W3010Check iam permission configurationCFLIN-W3037Error processing rule on the templateCFLIN-E0002Getatt validation of parametersCFLIN-E1010Snapstart supports the configured runtimeCFLIN-E2530Resource schemaCFLIN-E3000Basic cloudformation resource checkCFLIN-E3001Check required properties for lambda if the deployment package is a .zip fileCFLIN-W2533Template description can only be a stringCFLIN-E1004Select validation of parametersCFLIN-E1017Parameters have appropriate namesCFLIN-E2003Validate route53 recordsetsCFLIN-E3020Check at least one essential container is specifiedCFLIN-E3042Output name limitCFLIN-I6011Check if eol lambda function runtimes are usedCFLIN-W2531Check if mappings are usedCFLIN-W7001Check if conditions are usedCFLIN-W8001Fn::equals will always return true or falseCFLIN-W8003Check resources with auto expiring content have explicit retention periodCFLIN-I3013Check if a list that allows duplicates has any duplicatesCFLIN-I3037Checks for legacy instance type generationsCFLIN-I3100Output limitCFLIN-I6010Ref validation of valueCFLIN-E1020Check properties that need at least one of a list of propertiesCFLIN-E2522Codepipeline stage actionsCFLIN-E2541Check dependson values for resourcesCFLIN-E3005Check resource properties valuesCFLIN-E3012Cloudfront aliasesCFLIN-E3013Check if serverless resources have serverless transformCFLIN-E3038Recordset hostedzonename is a superdomain of nameCFLIN-E3041Validate parameters for in a nested stackCFLIN-E3043Check fargate service scheduling strategyCFLIN-E3044Validate accesscontrol are set with ownershipcontrolsCFLIN-E3045Check if refing to a iam resource with path setCFLIN-E3050Basic cloudformation template configurationCFLIN-E1001Template description limitCFLIN-E1003Findinmap validation of configurationCFLIN-E1011Check if refs existCFLIN-E1012Getaz validation of parametersCFLIN-E1015Importvalue validation of parametersCFLIN-E1016Split validation of parametersCFLIN-E1018Sub validation of parametersCFLIN-E1019Check dynamic references secure strings are in supported locationsCFLIN-E1027Check fn::if structure for validityCFLIN-E1028Sub is required if a variable is used in a stringCFLIN-E1029Length validation of parametersCFLIN-E1030Tojsonstring validation of parametersCFLIN-E1031Validates foreach functionsCFLIN-E1032Parameters have appropriate propertiesCFLIN-E2001Parameters have appropriate typeCFLIN-E2002Parameter limit not exceededCFLIN-E2010Parameter name limit not exceededCFLIN-E2011Parameter value limit not exceededCFLIN-E2012Default value cannot use refsCFLIN-E2014Default value is within parameter constraintsCFLIN-E2015Resource elb propertiesCFLIN-E2503Check ec2 ebs propertiesCFLIN-E2504Resource ec2 security group ingress propertiesCFLIN-E2506Check if iam policies are properly configuredCFLIN-E2507Check properties that are mutually exclusiveCFLIN-E2520Check properties that are required togetherCFLIN-E2521Check properties that need only one of a list of propertiesCFLIN-E2523Output description limitCFLIN-I6012Check for subscriptionfilters have beyond 2 attachments to a cloudwatch log groupCFLIN-E2529Check if eol lambda function runtimes are usedCFLIN-E2531Check state machine definition for proper syntaxCFLIN-E2532Codepipeline stagesCFLIN-E2540Resource properties are invalidCFLIN-E3002Required resource properties are missingCFLIN-E3003Resource dependencies are not circularCFLIN-E3004Resource name limit not exceededCFLIN-E3011Check the configuration of a resources updatepolicyCFLIN-E3016Property is required based on another properties valueCFLIN-E3017Check events rule targets are less than or equal to 5CFLIN-E3021Resource subnetroutetableassociation propertiesCFLIN-E3022Check if a json object is within size limitsCFLIN-E3502Rds instance type is compatible with the rds typeCFLIN-E3025Check elastic cache redis cluster settingsCFLIN-E3026Validate aws event scheduleexpression formatCFLIN-E3027Check if properties have a valid valueCFLIN-E3030Validationdomain is superdomain of domainnameCFLIN-E3503Check if property values adhere to a specific patternCFLIN-E3031Check if a list has between min and max number of values specifiedCFLIN-E3032Check if parameters have a valid valueCFLIN-W2030Check if imageid parameters have the correct typeCFLIN-W2506Parameter memory size attributes should have max and minCFLIN-W2510Check iam resource policies syntaxCFLIN-W2511Validate that snapstart is properly configuredCFLIN-W2530Warn when properties are configured to only work with the package commandCFLIN-W3002Check obsolete dependson configuration for resourcesCFLIN-W3005Check resources with updatereplacepolicy/deletionpolicy have bothCFLIN-W3011Controlling access to an s3 bucket should be done with bucket policiesCFLIN-W3045Metadata interface parameters existCFLIN-W4001Check for noecho referencesCFLIN-W4002Check outputs using importvalueCFLIN-W6001
Resource ec2 security group ingress propertiesCFLIN-E2506
Major
Anti-pattern ec2, securitygroup, resources
See if EC2 Security Group Ingress Properties are set correctly. Check that "SourceSecurityGroupId" or "SourceSecurityGroupName" are are exclusive and using the type of Ref or GetAtt