Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to add custom rule for DeletionPolicy on a resource #3205

Open
yusuf963 opened this issue May 2, 2024 · 1 comment
Open

How to add custom rule for DeletionPolicy on a resource #3205

yusuf963 opened this issue May 2, 2024 · 1 comment
Labels
question Further information is requested

Comments

@yusuf963
Copy link

yusuf963 commented May 2, 2024

cfn-lint 0.86.4

I have cloudformation template.json, and I want to add custom rule for "DeletionPolicy" attribute for a specific value which is "Retain" for a specific resource e.g EC2 or Route53

  "Resources": {
    "EC2Instance": {
      "DeletionPolicy": "Detele",
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "InstanceType": "m4.16xlarge",
        "ImageId": "ami-019a123123123",
        "KeyName": { "Ref": "KeyName" },
        "SecurityGroups": [
          { "Ref": "InstanceSecurityGroup" }
        ]
      }
    }
}

and I have .cfnlintrc and custom_rules.txt files in the root

templates:
  -  myapp/template.json
ignore_templates:
  - codebuild.yaml
include_checks:
  - I
  - E3012 # = type-checking

custom_rules.txt file, each rule in a single line:

AWS::EC2::Instance InstanceType NOT_EQUALS "m4.16xlarge" WARN "This is an expensive instance type, use t2.micro instead"
AWS::EC2::Instance DeletionPolicy NOT_EQUALS "Delete" ERROR "You should set DeletionPolicy to Retain"

I am aware of the custom rule format :
<Resource Type> <Property[*]> <Operator> <Value> [Error Level] [Custom Error Message]
and I know that "DeletionPolicy" is not a property on the Properties object of a resource.
How is it possible to make the DeletionPolicy custom rule work?
when I run cfn-lint I only get warning about the instance type and nothing about the DeletionPolicy value
W9001 This is an expensive instance type, use t2.micro instead
Instead as a desired outcome I should get :
W9001 This is an expensive instance type, use t2.micro instead
E12345 You should set DeletionPolicy to Retain

@kddejong kddejong added the question Further information is requested label May 3, 2024
@kddejong
Copy link
Contributor

We can't do this today. We would have to alter how our custom rules work. We can make this fairly easy using the full cfn-lint rules.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Projects
None yet
Development

No branches or pull requests

2 participants