Ignore warnings from sam validate --lint

Question

Is it possible to **ignore warnings based on the warning ID** or the line in the template causing the warning?

I use SAM in yaml format to create resources via CloudFormation. I turned on linting and two warnings remains. The first warning I don't understand and the second one I would like to ignore.

I use sam validate in my CI/CD pipeline (Github actions), so a non zero result code from `sam validate` fails the deployment. If I cannot ignore warnings, I either need to remove the linter of fix every single warning. This one I'm struggling with now is "consider using" so it should not really be a blocker.

I run `sam validate -t template.yaml --lint`

First template section causing a warning:
```yaml
  MonitoringStack:
    Type: AWS::Serverless::Application
    Properties:
      Location: monitoring/monitoring.yaml
      Parameters:
        ApiId: !Ref Api
        Stage: !Ref EnvType
        AccessLogsGroupName: !Ref AccessLogs
```

```sh
W3002 This code may only work with `package` cli command as the property (Resources/MonitoringS/Properties/TemplateURL) is a string
/Users/.../template.yaml:978:3
```

Second is 
```yaml
  CFLogsBucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: BucketOwnerFullControl
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true
```
```sh
W3045 Consider using AWS::S3::BucketPolicy instead of AccessControl
/Users/.../template.yaml:1012:7
```

Can I use `cnf-lint` with the `--ignore-checks` option as documented [here](https://github.com/aws-cloudformation/cfn-lint/blob/main/README.md?plain=1#L184) somehow?

My current github action step looks like this:
```yaml
      - name: Validate SAM templates
        working-directory: ${{ github.workspace }}/api
        run: |
          echo "Validating template for ${{ env.API_CF_STACK_NAME }}"
          sam validate -t template.yaml --lint
```

Any idea if I can ignore this from the linter somehow, or if it actually would make sense to fix?

Accepted Answer

`sam validate` does not provide an out-of-the-box feature to ignore specific warnings or errors based on their ID directly in the command or through a configuration file. The primary purpose of sam validate is to check the syntax and basic structure of the SAM template, not to provide extensive linting capabilities. For this reason, if sam validate returns a non-zero exit code due to a warning you wish to ignore, you might need to consider alternative approaches.

`cfn-lint` is a more flexible tool when it comes to linting CloudFormation templates, including SAM templates in YAML or JSON format. It allows for extensive customization of the linting process, including ignoring specific rules. To ignore specific checks with cfn-lint, you can use the `--ignore-checks` option followed by the IDs of the checks you want to ignore. For example:

```sh
cfn-lint template.yaml --ignore-checks W3002 W3045
```

Ignore warnings from sam validate --lint

관련 콘텐츠