1 Answer
- Newest
- Most votes
- Most comments
0
I don't think this is possible with the one line custom rule format, as it expects to operate on the Properties of the Resource. You could accomplish this using custom rules written in Python and using the -a / --append-rules CLI flag. For example, creating the directory rules
and placing a file like DeletionPolicyRetain.py
with the contents:
from cfnlint.rules import CloudFormationLintRule, RuleMatch
class DeletionPolicyRetain(CloudFormationLintRule):
"""Errors if EC2 Instance DeletionPolicy is not Retain"""
id = 'E9001'
shortdesc = 'Errors if EC2 Instance DeletionPolicy is not Retain'
description = 'Errors if EC2 Instance DeletionPolicy is not Retain'
source_url = 'https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html'
tags = ['resources', 'deletionpolicy']
def match(self, cfn):
matches = []
resources = cfn.get_resources([])
for resourceName, resource in resources.items():
if resource['Type'] == 'AWS::EC2::Instance' and resource['DeletionPolicy'] != 'Retain':
matches.append(RuleMatch(['Resources', resourceName], 'Found EC2 instance missing DeletionPolicy of Retain'))
return matches
and running the linting command with:
cfn-lint -a rules
answered 4 hours ago
Relevant content
- AWS OFFICIALUpdated 13 days ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 9 months ago
Can you try in this way ? <Resource Type> * EQUALS "Delete" ERROR "You should set DeletionPolicy to Retain"