You can use those rules to get quick feedback on recommended practices while building a serverless application, as part of an automated code review process, or as guardrails before deploying to production.
This project is currently in public preview to get feedback from the serverless community. APIs, tools, and rules might change between the beginning of public preview and version 1.
Current modules and plugins¶
cfn-lintmodule supports checking CloudFormation and Serverless Application Model (SAM) templates. It also supports templates defined with the AWS Cloud Development Kit (CDK) and the Serverless Framework by synthesizing to CloudFormation.
tflintplugin supports checking Terraform configuration files.
If you would like native support for other frameworks, please consider adding a 👍 reaction to the corresponding comment in this GitHub issue.
To learn how to use Serverless Rules, see the detailed usage guide for each plugin:
Frequently asked questions¶
Can I ignore some of the rules in this project?¶
Serverless Rules is a set of recommended practices.
We recommend you to keep Error-level rules enabled. Non-error rules, for example Lambda Tracing, contain detailed scenarios on when it’s safe to ignore them.
When needed, you can ignore any specific rule that doesn’t match your environment.
How is this different from
tflint main goals are to find possible errors in templates and configuration files before you try to deploy resources to AWS. By comparison, Serverless Rules goes one step further by providing prescriptive guidance based on the AWS Well-Architected pillars.
For example, you can define AWS Lambda functions without tracing enabled, which is valid for both CloudFormation and Terraform. This project adds a rule on Lambda tracing as a recommended practice for Operational Excellence.
cfn-lint instead of
cfn-guard provides developers with a simplified language to define polices and validate JSON- or YAML- formatted documents. You can use that tool to create your own rules that match your compliance needs or internal recommended practices.
cfn_nag provides a set of default rules with a strong focus on security. You can extend it in ruby to create custom rules.
For Serverless Rules, using a programming language like Python or Ruby gives more flexibility when defining complex rules integrating multiple resources, such as checking if a Lambda function has a log group with retention configured.