This documentation is meant for the maintainers and contributors of this project.
- Supporting a new region: #1496
- Supporting a new availability zone: #1447
- Supporting a new Lambda runtime: #1469
- Supporting new EC2 instance types: #1535
- Supporting new Python versions: #1334
- Updating the SAM translator dependency: #1536
- Releasing a new version of cfn-lint: #1530
- Releasing a new version of the companion VS Code plugin: aws-cloudformation/cfn-lint-visual-studio-code#76
The precision of the linter depends on having up-to-date resource specifications that model the properties accurately. The rules use this property data for all the validations.
The official resource specification is updated on a weekly basis (every Friday), so every week we update the property data by:
pip3 install -e .
scripts/update_specs_from_pricing.py # requires Boto3 and Credentials
scripts/update_specs_services_from_ssm.py # requires Boto3 and Credentials
cfn-lint --update-specs
cfn-lint --update-iam-policies
cfn-lint --update-documentationThe official resource specifications are one source of data, the other two are the "extended specs" which are "patches" to the spec that enforce more constraints, and the "additional specs" which are rules written in JSON format that are then picked up by their respective Python class.
The command cfn-lint --update-specs pulls down the official resource specifications into folder schemas and patches the JSON files with the contents of the files in patches folder. The merged results are stored in providers.
Extensions are used to extend the provider schemas. We use these schemas for specific tests where it can be hard to nest it in the resource provider schema. Using extensions allow us to create separate rule IDs for each extension which allows the customer to ignore the error or for us to change the rule level (example: warning)
The other folder has any schema used for validation that isn't under a resources properties. This includes schemas for the overall template structure of a CloudFormation template, IAM policy schemas, CFN Init schemas, and more.
Patches contain all the patches we apply to the provider schemas when they are downloaded. There are two folders inside patches. providers patch issues in the provider schema itself and extensions apply additions to the provider schema to create better linting results.
Providers stores all the regional resource provider schemas after they are patched. Files are deduplicated so that we are storing as little as possible. If you look at the __init__.py file you will see what resources are cached.
If we push changes to these files, customers will have to update their version of cfn-lint. They support the following syntax:
AdditionalSpecs/RdsProperties.json is written by scripts/update_specs_from_pricing.py and used by rule E3025 and AdditionalSpecs/Policies.json is written by cfn-lint --update-iam-policies and used by rule W3037.