diff --git a/.mega-linter.yml b/.mega-linter.yml index b3aa98d29..79c675ea5 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -29,4 +29,6 @@ FILEIO_REPORTER: false JSON_PRETTIER_PRE_COMMANDS: - command: npm install prettier-plugin-multiline-arrays@1.1.0 - cwd: "workspace" \ No newline at end of file + cwd: "workspace" + +CLOUDFORMATION_CFN_LINT_FILE_EXTENSIONS: [".yml", ".yaml"] \ No newline at end of file diff --git a/samples/sample-rdk-rules/buildspec.yml b/samples/sample-rdk-rules/buildspec.yml index 8b8bd8de8..e979f5a0e 100644 --- a/samples/sample-rdk-rules/buildspec.yml +++ b/samples/sample-rdk-rules/buildspec.yml @@ -8,7 +8,7 @@ phases: - aws s3 cp s3://$S3_BUCKET_NAME/adf-build/ adf-build/ --recursive --quiet - pip install -r adf-build/requirements.txt -q - python adf-build/generate_params.py - + build: commands: - pip install rdk diff --git a/samples/sample-rdk-rules/config-rules/EC2_CHECKS_TERMINIATION_PROTECTION_ADF/parameters.json b/samples/sample-rdk-rules/config-rules/EC2_CHECKS_TERMINIATION_PROTECTION_ADF/parameters.json index 5f9b1480c..3c4ad590e 100644 --- a/samples/sample-rdk-rules/config-rules/EC2_CHECKS_TERMINIATION_PROTECTION_ADF/parameters.json +++ b/samples/sample-rdk-rules/config-rules/EC2_CHECKS_TERMINIATION_PROTECTION_ADF/parameters.json @@ -1,14 +1,14 @@ { - "Version": "1.0", - "Parameters": { - "RuleName": "EC2_CHECKS_TERMINIATION_PROTECTION_ADF", - "Description": "EC2_CHECKS_TERMINIATION_PROTECTION_ADF", - "SourceRuntime": "python3.8", - "CodeKey": "EC2_CHECKS_TERMINIATION_PROTECTION_ADFeu-central-1.zip", - "InputParameters": "{}", - "OptionalParameters": "{}", - "SourceEvents": "AWS::EC2::Instance", - "SourcePeriodic": "One_Hour" - }, - "Tags": "[]" -} \ No newline at end of file + "Version": "1.0", + "Parameters": { + "RuleName": "EC2_CHECKS_TERMINIATION_PROTECTION_ADF", + "Description": "EC2_CHECKS_TERMINIATION_PROTECTION_ADF", + "SourceRuntime": "python3.8", + "CodeKey": "EC2_CHECKS_TERMINIATION_PROTECTION_ADFeu-central-1.zip", + "InputParameters": "{}", + "OptionalParameters": "{}", + "SourceEvents": "AWS::EC2::Instance", + "SourcePeriodic": "One_Hour" + }, + "Tags": "[]" +} diff --git a/samples/sample-rdk-rules/templates/lambda-function.json b/samples/sample-rdk-rules/templates/lambda-function.json index 805e469f0..d8dabb960 100644 --- a/samples/sample-rdk-rules/templates/lambda-function.json +++ b/samples/sample-rdk-rules/templates/lambda-function.json @@ -1,26 +1,25 @@ - { - "Type": "AWS::Lambda::Function", - "DependsOn": "RuleNameStrippedLambdaRole", - "Properties": { - "FunctionName": "RDK-Rule-Function-RuleNameStripped", - "Code": { - "S3Bucket": { - "Ref": "SourceBucket" - }, - "S3Key": "RuleName/RuleName.zip" - }, - "Description": "Function for AWS Config Rule RuleName", - "Handler": "RuleName.lambda_handler", - "MemorySize": "256", - "Role": { - "Fn::GetAtt": [ - "RuleNameStrippedLambdaRole", - "Arn" - ] - }, - "Runtime": "RuleRuntime", - "Timeout": "60", - "Tags": [] - } + "Type": "AWS::Lambda::Function", + "DependsOn": "RuleNameStrippedLambdaRole", + "Properties": { + "FunctionName": "RDK-Rule-Function-RuleNameStripped", + "Code": { + "S3Bucket": { + "Ref": "SourceBucket" + }, + "S3Key": "RuleName/RuleName.zip" + }, + "Description": "Function for AWS Config Rule RuleName", + "Handler": "RuleName.lambda_handler", + "MemorySize": "256", + "Role": { + "Fn::GetAtt": [ + "RuleNameStrippedLambdaRole", + "Arn" + ] + }, + "Runtime": "RuleRuntime", + "Timeout": "60", + "Tags": [] + } } diff --git a/samples/sample-rdk-rules/templates/lambda-permission.json b/samples/sample-rdk-rules/templates/lambda-permission.json index e49f12697..fa151fe3f 100644 --- a/samples/sample-rdk-rules/templates/lambda-permission.json +++ b/samples/sample-rdk-rules/templates/lambda-permission.json @@ -1,15 +1,14 @@ - { - "Type": "AWS::Lambda::Permission", - "DependsOn": "RuleNameStrippedLambdaFunction", - "Properties": { - "FunctionName": { - "Fn::GetAtt": [ - "RuleNameStrippedLambdaFunction", - "Arn" - ] - }, - "Action": "lambda:InvokeFunction", - "Principal": "config.amazonaws.com" - } + "Type": "AWS::Lambda::Permission", + "DependsOn": "RuleNameStrippedLambdaFunction", + "Properties": { + "FunctionName": { + "Fn::GetAtt": [ + "RuleNameStrippedLambdaFunction", + "Arn" + ] + }, + "Action": "lambda:InvokeFunction", + "Principal": "config.amazonaws.com" + } } diff --git a/samples/sample-rdk-rules/templates/lambda-role.json b/samples/sample-rdk-rules/templates/lambda-role.json index e6451eda8..b97b23cb8 100644 --- a/samples/sample-rdk-rules/templates/lambda-role.json +++ b/samples/sample-rdk-rules/templates/lambda-role.json @@ -1,82 +1,75 @@ - { - "Type": "AWS::IAM::Role", - "Properties": { - "Path": "/rdk/", - "AssumeRolePolicyDocument": { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowLambdaAssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - }, - "Action": "sts:AssumeRole" - } - ] - }, - "Policies": [ - { - "PolicyName": "ConfigRulePolicy", - "PolicyDocument": { - "Version": "2012-10-17", - "Statement": [ + "Type": "AWS::IAM::Role", + "Properties": { + "Path": "/rdk/", + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "AllowLambdaAssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + }, + "Action": "sts:AssumeRole" + } + ] + }, + "Policies": [ { - "Sid": "1", - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": { - "Fn::Sub": "arn:aws:s3:::${SourceBucket}/${SourceBucketFolder}/*" - } - }, - { - "Sid": "2", - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Sid": "3", - "Action": [ - "config:PutEvaluations" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Sid": "4", - "Action": [ - "iam:List*", - "iam:Describe*", - "iam:Get*" - ], - "Effect": "Allow", - "Resource": "*" - }, + "PolicyName": "ConfigRulePolicy", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "1", + "Action": ["s3:GetObject"], + "Effect": "Allow", + "Resource": { + "Fn::Sub": "arn:aws:s3:::${SourceBucket}/${SourceBucketFolder}/*" + } + }, + { + "Sid": "2", + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Sid": "3", + "Action": ["config:PutEvaluations"], + "Effect": "Allow", + "Resource": "*" + }, + { + "Sid": "4", + "Action": [ + "iam:List*", + "iam:Describe*", + "iam:Get*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Sid": "5", + "Action": ["sts:AssumeRole"], + "Effect": "Allow", + "Resource": "${ConfigRoleArnToAssume}" + } + ] + } + } + ], + "ManagedPolicyArns": [ { - "Sid": "5", - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Resource": "${ConfigRoleArnToAssume}" + "Fn::Sub": "arn:aws:iam::aws:policy/ReadOnlyAccess" } - ] - } - } - ], - "ManagedPolicyArns": [ - { - "Fn::Sub": "arn:aws:iam::aws:policy/ReadOnlyAccess" - } - ] - } + ] + } } diff --git a/samples/sample-rdk-rules/templates/parameters.json b/samples/sample-rdk-rules/templates/parameters.json index 23c76be92..91bb41969 100644 --- a/samples/sample-rdk-rules/templates/parameters.json +++ b/samples/sample-rdk-rules/templates/parameters.json @@ -1,25 +1,24 @@ - { - "SourceBucket": { - "Description": "Name of the S3 bucket that you have stored the rule zip files in.", - "Type": "String", - "MinLength": "1", - "MaxLength": "255" - }, - "SourceBucketFolder": { - "Description": "Folder in the s3 bucket all the lambda function code stored", - "Type": "String", - "MinLength": "1", - "MaxLength": "255" - }, - "LambdaAccountId": { - "Description": "Account ID that contains Lambda functions for Config Rules.", - "Type": "String", - "MinLength": "12", - "MaxLength": "12" - }, - "ConfigRoleArnToAssume": { - "Description": "Lambda function required to assume this config role in target accounts to put evaluations", - "Type": "String" - } + "SourceBucket": { + "Description": "Name of the S3 bucket that you have stored the rule zip files in.", + "Type": "String", + "MinLength": "1", + "MaxLength": "255" + }, + "SourceBucketFolder": { + "Description": "Folder in the s3 bucket all the lambda function code stored", + "Type": "String", + "MinLength": "1", + "MaxLength": "255" + }, + "LambdaAccountId": { + "Description": "Account ID that contains Lambda functions for Config Rules.", + "Type": "String", + "MinLength": "12", + "MaxLength": "12" + }, + "ConfigRoleArnToAssume": { + "Description": "Lambda function required to assume this config role in target accounts to put evaluations", + "Type": "String" + } } diff --git a/samples/sample-rdk-rules/templates/skeleton.json b/samples/sample-rdk-rules/templates/skeleton.json index b6ece7c7e..5c8a2f2e9 100644 --- a/samples/sample-rdk-rules/templates/skeleton.json +++ b/samples/sample-rdk-rules/templates/skeleton.json @@ -1,6 +1,5 @@ - { - "AWSTemplateFormatVersion": "2010-09-09", - "Description": "AWS CloudFormation template to create Lambda functions for backing custom AWS Config rules. You will be billed for the AWS resources used if you create a stack from this template.", - "Resources": {} + "AWSTemplateFormatVersion": "2010-09-09", + "Description": "AWS CloudFormation template to create Lambda functions for backing custom AWS Config rules. You will be billed for the AWS resources used if you create a stack from this template.", + "Resources": {} }