Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Enhancement proposal for ARN linting

See original GitHub issue

Given that the ARN format always starts with arn:aws: and for each product has a clear defined syntax it seems like an ideal candidate to add to the linter (and the roadmap agrees).

My naive thinking currently says: check normal ARNs via something like regular expressions, keeping in mind that there’s a fair amount that are essentially variable length. Could be a simple switch logic based on product and test for presence of fields/number of colons and test fields whether they comply to expected syntax.

Substitute syntax will be an interesting case to lint, like !Sub "arn:aws:iam::${SomeAccountId}:user.

What do you think, @cmmeyer and @kddejong? See any potential hurdles with the above?

There’s time within our company to pick this up and work on it.

Issue Analytics

State:
Created 5 years ago
Reactions:2
Comments:5 (3 by maintainers)

Top GitHub Comments

2reactions

kddejongcommented, May 11, 2019

@SanderKnape we are starting to cover this with Regex checking.

An Iam Role Arn has to match the following pattern. "AllowedPatternRegex": "arn:(aws[a-zA-Z-]*)?:iam::(\\d{12}|aws):policy/[a-zA-Z_0-9+=,.@\\-_/]+"

We still have work to build out all those AllowedPatternRegex values but this capability now exists.

1reaction

kddejongcommented, Jul 24, 2018

I have debated this a few times. There is also this article from AWS that has all the valid ARN syntaxes. I think there are some other tricky areas like IAM that doesn’t have a region etc that would be helpful to help people to syntax.

Other areas of possibilities.

Cross region relationships that may not work. CWE can’t use a Lambda in another region, etc.
Best practices could be done here… like not hard coding a region into a ARN.

I think the possibilities of getting this setup well could be awesome but we should probably start small.

Some part of me wants to relate this to #50 but instead of allowed values using a Regex.

@cmmeyer thoughts?

Top Results From Across the Web

cfn-lint 0.65.1 - PythonFix.com

The aws-cloudformation/cfn-lint repo was created 4 years ago and was last ... LoadBalancerAttribute AllowedValues; Enhancement proposal for ARN linting.

User Guide - ICD-11

Content Enhancement Proposal. In this proposal type the system shows the existing content (title, definition, synonyms, etc.) in a way that you can...

Python 3.9: What's new and better - ARN

PEP 602 proposed that the Python development team adopt an annual release cycle, ... The first improvement involves more use of the vectorcall...

Release 0.17.1 Tech Team @ Unitary Fund - Mitiq

to show improvement over the unmitigated result [2]. Example ... aws_device = AwsDevice("arn:aws:braket:::device/qpu/rigetti/Aspen-9").

Chapter 37. What is New? - DVT Eclipse IDE

major version - Includes new features, major enhancements, ... DVT-9401 Lint configurations proposal dialog is showing the same configuration multiple times.