Rules¶
Rule levels¶
A rule can have one of the following three rule levels: Error, Warning, or Info.
An Error level for a rule means this is a recommended practice for the vast majority of circumstances.
A Warning level means that this is a recommended practice, but you can achieve similar results through a different implementation. For example, you can create alarms through third party offering, rather than using AWS CloudWatch.
An Info level means that this does not necessarily align with recommended practices but can point out potential issues or misconfiguration. For example, an Amazon EventBridge event bus without any rules associated with it, as you might create those rules through a different template.
AWS Lambda¶
| Level | Name | cfn-lint | tflint |
|---|---|---|---|
| Warning | Lambda Tracing | WS1000 | aws_lambda_function_tracing_rule |
| Error | EventSourceMapping Failure Destination | ES1001 | aws_lambda_event_source_mapping_failure_destination |
| Warning | Lambda Permission Multiple Principals | WS1002 | aws_lambda_permission_multiple_principals |
| Warning | Lambda Star Permissions | WS1003 | aws_iam_role_lambda_no_star |
| Warning | Lambda Log Retention | WS1004 | aws_cloudwatch_log_group_lambda_retention |
| Error | Lambda Default Memory Size | ES1005 | aws_lambda_function_default_memory |
| Error | Lambda Default Timeout | ES1006 | aws_lambda_function_default_timeout |
| Error | Async Lambda Failure Destination | ES1007 | aws_lambda_event_invoke_config_async_on_failure |
| Error | Lambda EOL Runtime | E2531 | aws_lambda_function_eol_runtime |
Amazon API Gateway REST APIs¶
| Level | Name | cfn-lint | tflint |
|---|---|---|---|
| Error | API Gateway Logging | ES2000 | aws_apigateway_stage_logging_rule |
| Warning | API Gateway Structured Logging | WS2001 | aws_api_gateway_stage_structured_logging |
| Warning | API Gateway Tracing | WS2002 | aws_apigateway_stage_tracing_rule |
| Warning | API Gateway Default Throttling | ES2003 | aws_apigateway_stage_throttling_rule |
Amazon API Gateway HTTP APIs¶
| Level | Name | cfn-lint | tflint |
|---|---|---|---|
| Error | API Gateway Logging | ES2000 | aws_apigatewayv2_stage_logging_rule |
| Warning | API Gateway Structured Logging | WS2001 | aws_apigatewayv2_stage_structured_logging |
| Warning | API Gateway Default Throttling | ES2003 | aws_apigatewayv2_stage_throttling_rule |
AWS AppSync¶
| Level | Name | cfn-lint | tflint |
|---|---|---|---|
| Error | AppSync Tracing | WS3000 | aws_appsync_graphql_api_tracing_rule |
Amazon EventBridge¶
| Level | Name | cfn-lint | tflint |
|---|---|---|---|
| Error | EventBridge Rule Without DLQ | ES4000 | aws_cloudwatch_event_target_no_dlq |
Amazon SNS¶
| Level | Name | cfn-lint | tflint |
|---|---|---|---|
| Error | SNS Redrive Policy | ES7000 | aws_sns_topic_subscription_redrive_policy |
Amazon SQS¶
| Level | Name | cfn-lint | tflint |
|---|---|---|---|
| Error | SQS Redrive Policy | ES6000 | aws_sqs_queue_redrive_policy |
Amazon Step Functions¶
| Level | Name | cfn-lint | tflint |
|---|---|---|---|
| Warning | Step Functions Tracing | WS5000 | aws_sfn_state_machine_tracing |