cfn-lint version: (cfn-lint --version)
~ cfn-lint --version
cfn-lint 0.32.1
Description of issue.
聽validation error detected: Value 'Checks .... ' at 'configRule.description' failed to satisfy
constraint: Member must have length less than or equal to 256 (Service: AmazonConfig; Status Code: 400; Error Code: ValidationException; Request ID: xxxx; Proxy: null).
Please provide as much information as possible:
S3BucketPublicWriteProhibitedConfigRule:
Type: "AWS::Config::ConfigRule"
Properties:
ConfigRuleName: InfoSecS3BucketPublicWriteProhibited
Description: |
Checks that your Amazon S3 buckets do not allow public write access.
The rule checks the Block Public Access settings, the bucket policy,
and the bucket access control list (ACL). (CIS, NIST-PR.AC-3,
NIST-PR.AC-5, NIST-PR.DS-5, NIST-PR.PT-3, PCI-1.2.1, PCI-1.3, PCI-7.2)
MaximumExecutionFrequency: Twelve_Hours
Scope:
ComplianceResourceTypes:
- "AWS::S3::Bucket"
Source:
Owner: AWS
SourceIdentifier: S3_BUCKET_PUBLIC_WRITE_PROHIBITED
I have since removed my over-descriptive descriptions :crying_cat_face:
This would need StringMax as described in https://github.com/aws-cloudformation/cfn-python-lint/issues/903#issuecomment-595356853
@PatMyron wonderful, thank you for the link. I will look at contributing this after work.
I spent a few minutes looking over this and it seemed super easy but I think I am missing a step.
(venv) cfn-python-lint >git diff
diff --git a/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_config.json b/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_config.json
index 3131bf89..d5d8fdd4 100644
--- a/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_config.json
+++ b/src/cfnlint/data/ExtendedSpecs/all/03_value_types/aws_config.json
@@ -143,5 +143,13 @@
"ScheduledNotification"
]
}
+ },
+ {
+ "op": "add",
+ "path": "/ValueTypes/AWS::Config::ConfigRule.Description",
+ "value": {
+ "StringMax": 256,
+ "StringMin": 1
+ }
}
]
(venv) cfn-python-lint >pip install -e .
Obtaining file:///home/jbpratt/projects/cfn-python-lint
...
(venv) cfn-python-lint >cfn-lint --update-specs
(venv) cfn-python-lint >vim tmp/template.cfn.yaml
(venv) cfn-python-lint >cfn-lint tmp/template.cfn.yaml
(venv) cfn-python-lint >
AWSTemplateFormatVersion: "2010-09-09"
Resources:
AccessKeysRotatedConfigRule:
Type: "AWS::Config::ConfigRule"
Properties:
ConfigRuleName: InfoSecAccessKeysRotated
Description: |
This is a test on longer description This is a test on longer description This is a test on longer description This is a test on longer description This is a test on longer description This is a test on longer description This is a test on longer description This is a test on longer description This is a test on longer description This is a test on longer description This is a test on longer description This is a test on longer description This is a test on longer description This is a test on longer description This is a test on longer description This is a test on longer description This is a test on longer description.
InputParameters:
maxAccessKeyAge: 90
MaximumExecutionFrequency: One_Hour
Source:
Owner: AWS
SourceIdentifier: ACCESS_KEYS_ROTATED
Sorry, I actually might've glossed over the other half in that documentation: 04_property_values/aws_config.json
We can also handle the autogenerated changes if you want to start a PR, especially with https://github.com/aws-cloudformation/cfn-python-lint/pull/1554 still open
@PatMyron No worries, I should have dug in a bit more. Opening up a PR so we can work through this.