By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Ignore warnings from sam validate --lint

0

Is it possible to ignore warnings based on the warning ID or the line in the template causing the warning?

I use SAM in yaml format to create resources via CloudFormation. I turned on linting and two warnings remains. The first warning I don't understand and the second one I would like to ignore.

I use sam validate in my CI/CD pipeline (Github actions), so a non zero result code from sam validate fails the deployment. If I cannot ignore warnings, I either need to remove the linter of fix every single warning. This one I'm struggling with now is "consider using" so it should not really be a blocker.

I run sam validate -t template.yaml --lint

First template section causing a warning:

  MonitoringStack:
    Type: AWS::Serverless::Application
    Properties:
      Location: monitoring/monitoring.yaml
      Parameters:
        ApiId: !Ref Api
        Stage: !Ref EnvType
        AccessLogsGroupName: !Ref AccessLogs
W3002 This code may only work with `package` cli command as the property (Resources/MonitoringS/Properties/TemplateURL) is a string
/Users/.../template.yaml:978:3

Second is

  CFLogsBucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: BucketOwnerFullControl
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true
W3045 Consider using AWS::S3::BucketPolicy instead of AccessControl
/Users/.../template.yaml:1012:7

Can I use cnf-lint with the --ignore-checks option as documented here somehow?

My current github action step looks like this:

      - name: Validate SAM templates
        working-directory: ${{ github.workspace }}/api
        run: |
          echo "Validating template for ${{ env.API_CF_STACK_NAME }}"
          sam validate -t template.yaml --lint

Any idea if I can ignore this from the linter somehow, or if it actually would make sense to fix?

Topics
Serverless
Tags
AWS Serverless Application Model (SAM)
Language
English
Andreax
asked a month ago92 views
1 Answer
1
Accepted Answer

sam validate does not provide an out-of-the-box feature to ignore specific warnings or errors based on their ID directly in the command or through a configuration file. The primary purpose of sam validate is to check the syntax and basic structure of the SAM template, not to provide extensive linting capabilities. For this reason, if sam validate returns a non-zero exit code due to a warning you wish to ignore, you might need to consider alternative approaches.

cfn-lint is a more flexible tool when it comes to linting CloudFormation templates, including SAM templates in YAML or JSON format. It allows for extensive customization of the linting process, including ignoring specific rules. To ignore specific checks with cfn-lint, you can use the --ignore-checks option followed by the IDs of the checks you want to ignore. For example:

cfn-lint template.yaml --ignore-checks W3002 W3045
profile picture
EXPERT
Mina Gobrial - OptimeCloud
answered a month ago
  • Andreax
    a month ago

    Thank you!

    Worked as a charm after also adding a pip install cfn-lint in my Github action

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content