Question 1

How does cfn-lint compare to AWS CloudFormation Guard?

Accepted Answer

cfn-lint focuses on schema validation and AWS best practices using Python, while CloudFormation Guard is a policy-as-code tool with a different rule language. cfn-lint is more aligned with CloudFormation specs, but Guard offers more expressive policy definitions for complex governance.

Question 2

How to ignore specific rules in cfn-lint?

Accepted Answer

You can ignore rules using the --ignore-checks CLI parameter, configuration files like .cfnlintrc, or template metadata. For example, add 'ignore_checks: [E2530]' in the config to skip that specific error check.

Question 3

Does cfn-lint support AWS SAM templates?

Accepted Answer

Yes, cfn-lint supports SAM templates by transforming them using AWS SAM before linting. Run with --info to see transformation details, ensuring proper validation of serverless resources.

Question 4

Can I use cfn-lint in a CI/CD pipeline?

Accepted Answer

Absolutely, cfn-lint outputs in multiple formats like JSON, JUnit, and SARIF for easy integration. There's also a dedicated GitHub Action available, making it straightforward to add to pipelines.

Question 5

How to create custom rules for cfn-lint?

Accepted Answer

Custom rules are defined in a text file with one-line statements specifying resource type, property, operator, and value. Use the --custom-rules parameter to include them, as documented in the custom rules guide.

Question 6

What exit codes does cfn-lint use for automation?

Accepted Answer

cfn-lint returns non-zero exit codes based on severity: 0 for no issues, 2 for errors, 4 for warnings, etc. You can configure this with --non-zero-exit-code to match your CI/CD needs.

cfn-python-lint

What is cfn-python-lint?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions