CloudFormation Lint Version
1.10.3
What operating system are you using?
Mac & Ubuntu
Describe the bug
Originally reported in the SAM repo here : aws/aws-sam-cli#7397
After some digging, it appears that this is an issue specifically with cfn-lint, which is a dependency of SAM that was bumped in a recent SAM release.
I ran in to the same issue reported in aws-sam-cli/issues/7397 when running the sam linter in CI/CD
[[E0001: Error found when transforming the template] (Error transforming template: Key None must be a string) matched 1]
Error: Linting failed. At least one linting rule was matched to the provided template.
Expected behavior
Defining a CFN connector with a type instead of id should pass linting validation
Reproduction template
From the original ticket :
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: >
ai-workflows-photo
Parameters:
Environment:
Type: String
AllowedValues:
- dev
- staging
- prod
- dz
LambdaRuntime:
Type: String
Default: provided.al2023
AllowedValues:
- provided.al2023
- java21
LambdaHandler:
Type: String
Default: not.used.in.provided.runtime
AllowedValues:
- not.used.in.provided.runtime
- io.quarkus.amazon.lambda.runtime.QuarkusStreamHandler::handleRequest
LambdaArchitecture:
Type: String
Default: arm64
AllowedValues:
- arm64
- x86_64
SnsTopicSubscription:
Type: String
Default: "admin@qundo.de"
Globals:
Function:
Runtime: !Sub "${LambdaRuntime}"
Architectures:
- !Sub "${LambdaArchitecture}"
Timeout: 20
# 128 is ok but to be fast
MemorySize: 128
Handler: !Sub "${LambdaHandler}"
Resources:
#Source SQS
SourceQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: !Sub ai-workflows-photo-queue-${Environment}
#Result SQS
ResultQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: !Sub ai-workflows-photo-result-queue-${Environment}
AiWorkflowStabilisationFunctionLog:
Type: AWS::Logs::LogGroup
Properties:
RetentionInDays: 7
LogGroupName: !Sub "/aws/lambda/ai-workflows-stabilisation-function-${Environment}"
#Lambda Stabilisation
AiWorkflowStabilisationFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub ai-workflows-stabilisation-function-${Environment}
CodeUri: ../../lambdas/stabilisation/build/function.zip
MemorySize: 1536
Policies:
- RekognitionLabelsPolicy: { }
Metadata:
SkipBuild: True
# noinspection YamlFormatViolation
Connectors:
AiWorkflowStabilisationFunctionS3Connector:
Properties:
Destination:
Type: AWS::S3::Bucket
Arn: !Sub arn:aws:s3:::qundo-legitimation-data-${Environment}
Permissions:
- Read
- Write
AiWorkflowStabilisationFunctionS3ConnectorDev:
Properties:
Destination:
Type: AWS::S3::Bucket
Arn: arn:aws:s3:::qundo-legitimation-data-dev
Permissions:
- Read
- Write
AiWorkflowStabilisationFunctionS3ConnectorTest:
Properties:
Destination:
Type: AWS::S3::Bucket
Arn: arn:aws:s3:::qundo-kyc-test-data
Permissions:
- Read
- Write
AiWorkflowExtractionFunctionLog:
Type: AWS::Logs::LogGroup
Properties:
RetentionInDays: 7
LogGroupName: !Sub "/aws/lambda/ai-workflows-extraction-function-${Environment}"
#Lambda Extraction
AiWorkflowExtractionFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub ai-workflows-extraction-function-${Environment}
CodeUri: ../../lambdas/extraction/build/function.zip
MemorySize: 192
Policies:
- TextractDetectAnalyzePolicy: { }
- TextractGetResultPolicy: { }
Metadata:
SkipBuild: True
# noinspection YamlFormatViolation
Connectors:
AiWorkflowExtractionFunctionS3Connector:
Properties:
Destination:
Type: AWS::S3::Bucket
Arn: !Sub arn:aws:s3:::qundo-legitimation-data-${Environment}
Permissions:
- Read
AiWorkflowExtractionFunctionS3ConnectorDev:
Properties:
Destination:
Type: AWS::S3::Bucket
Arn: arn:aws:s3:::qundo-legitimation-data-dev
Permissions:
- Read
AiWorkflowExtractionFunctionS3ConnectorTest:
Properties:
Destination:
Type: AWS::S3::Bucket
Arn: arn:aws:s3:::qundo-kyc-test-data
Permissions:
- Read
AiWorkflowExtractionMergeFunctionLog:
Type: AWS::Logs::LogGroup
Properties:
RetentionInDays: 7
LogGroupName: !Sub "/aws/lambda/ai-workflows-extraction-merge-function-${Environment}"
#Lambda Merge
AiWorkflowExtractionMergeFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub ai-workflows-extraction-merge-function-${Environment}
CodeUri: ../../lambdas/extraction-merge/build/function.zip
Metadata:
SkipBuild: True
#Logs for StepFunctions
AiWorkflowStateMachineLogGroup:
Type: AWS::Logs::LogGroup
Properties:
RetentionInDays: 7
LogGroupName: !Sub "/aws/snf/ai-workflows-${Environment}"
AiWorkflowFaceComparisonFunctionLog:
Type: AWS::Logs::LogGroup
Properties:
RetentionInDays: 7
LogGroupName: !Sub "/aws/lambda/ai-workflows-face-comparison-function-${Environment}"
#Lambda Face Comparision
AiWorkflowFaceComparisonFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub ai-workflows-face-comparison-function-${Environment}
CodeUri: ../../lambdas/face-comparison/build/function.zip
Policies:
- RekognitionFacesPolicy: { }
Metadata:
SkipBuild: True
# noinspection YamlFormatViolation
Connectors:
AiWorkflowFaceComparisonFunctionS3Connector:
Properties:
Destination:
Type: AWS::S3::Bucket
Arn: !Sub arn:aws:s3:::qundo-legitimation-data-${Environment}
Permissions:
- Read
AiWorkflowFaceComparisonFunctionS3ConnectorDev:
Properties:
Destination:
Type: AWS::S3::Bucket
Arn: arn:aws:s3:::qundo-legitimation-data-dev
Permissions:
- Read
AiWorkflowFaceComparisonFunctionS3ConnectorTest:
Properties:
Destination:
Type: AWS::S3::Bucket
Arn: arn:aws:s3:::qundo-kyc-test-data
Permissions:
- Read
AiWorkflowSnsTopic:
Type: AWS::SNS::Topic
Properties:
TopicName: !Sub ai-workflows-error-${Environment}
Subscription:
- Endpoint: !Ref SnsTopicSubscription
Protocol: "EMAIL"
#Target StepFunction state machine
AiWorkflowStateMachine:
Type: AWS::Serverless::StateMachine
Properties:
Name: !Sub ai-workflow-photo-${Environment}
DefinitionUri: workflow/ai-workflow-photo.asl.json
DefinitionSubstitutions:
AiWorkflowStabilisationFunctionArn: !GetAtt AiWorkflowStabilisationFunction.Arn
AiWorkflowExtractionFunctionArn: !GetAtt AiWorkflowExtractionFunction.Arn
AiWorkflowFaceComparisonFunctionArn: !GetAtt AiWorkflowFaceComparisonFunction.Arn
AiWorkflowExtractionMergeFunctionArn: !GetAtt AiWorkflowExtractionMergeFunction.Arn
AiWorkflowSnsTopicArn: !GetAtt AiWorkflowSnsTopic.TopicArn
Logging:
Destinations:
- CloudWatchLogsLogGroup:
LogGroupArn: !GetAtt AiWorkflowStateMachineLogGroup.Arn
Level: ALL
IncludeExecutionData: true
Policies:
- CloudWatchLogsFullAccess
- Version: '2012-10-17' # Policy Document
Statement:
- Effect: Allow
Action:
- geo:SearchPlaceIndexForText
Resource: 'arn:aws:geo:eu-central-1:001160930910:place-index/Qundo-Addresss-Check'
# noinspection YamlFormatViolation
Connectors:
AiWorkflowStepFunctionStabilisationLambdaWriteConnector:
Properties:
Destination:
Id: AiWorkflowStabilisationFunction
Permissions:
- Write
AiWorkflowStepFunctionExtractionLambdaWriteConnector:
Properties:
Destination:
Id: AiWorkflowExtractionFunction
Permissions:
- Write
AiWorkflowStepFunctionFaceComparisonLambdaWriteConnector:
Properties:
Destination:
Id: AiWorkflowFaceComparisonFunction
Permissions:
- Write
AiWorkflowExtractionMergeLambdaWriteConnector:
Properties:
Destination:
Id: AiWorkflowExtractionMergeFunction
Permissions:
- Write
AiWorkflowStepFunctionResultQueueWriteConnector:
Properties:
Destination:
Id: ResultQueue
Permissions:
- Write
AiWorkflowStepFunctionResultQueueWriteConnectorDev:
Properties:
Destination:
Type: AWS::SQS::Queue
Arn: arn:aws:sqs:eu-central-1:001160930910:ai-workflows-photo-queue-dev
Permissions:
- Write
AiWorkflowStepFunctionResultQueueWriteConnectorTest:
Properties:
Destination:
Type: AWS::SQS::Queue
Arn: arn:aws:sqs:eu-central-1:001160930910:ai-workflow-photo-result-for-test-*
Permissions:
- Write
AiWorkflowStepFunctionSnsTopicWriteConnector:
Properties:
Destination:
Id: AiWorkflowSnsTopic
Permissions:
- Write
# Logs for EventBridge Pipe
AiWorkflowSqsEventBridgePipeLogGroup:
Type: AWS::Logs::LogGroup
Properties:
RetentionInDays: 7
LogGroupName: !Sub "/aws/pipe/ai-workflows-${Environment}"
# Role for EventBridge Pipes to read from SQS and launch SFN
AiWorkflowSqsEventBridgePipeRole:
Type: AWS::IAM::Role
Properties:
RoleName: !Sub ai-workflow-sqs-event-bridge-pipe-role-${Environment}
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- pipes.amazonaws.com
Action:
- sts:AssumeRole
Policies:
- PolicyName: CloudWatchLogs
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource: '*'
- PolicyName: ReadSQS
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 'sqs:ReceiveMessage'
- 'sqs:DeleteMessage'
- 'sqs:GetQueueAttributes'
Resource: !GetAtt SourceQueue.Arn
- PolicyName: ExecuteSFN
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 'states:StartExecution'
Resource: !Ref AiWorkflowStateMachine
# EventBridge from SQS to StepFunction
AiWorkflowSqsEventBridgePipe:
Type: AWS::Pipes::Pipe
Properties:
Name: !Sub ai-workflow-photo-event-bridge-${Environment}
RoleArn: !GetAtt AiWorkflowSqsEventBridgePipeRole.Arn
DesiredState: RUNNING
LogConfiguration:
CloudwatchLogsLogDestination:
LogGroupArn: !GetAtt AiWorkflowSqsEventBridgePipeLogGroup.Arn
IncludeExecutionData:
- ALL
Level: TRACE
Source: !GetAtt SourceQueue.Arn
SourceParameters:
SqsQueueParameters:
BatchSize: 1
Target: !Ref AiWorkflowStateMachine
TargetParameters:
StepFunctionStateMachineParameters:
InvocationType: FIRE_AND_FORGET
InputTemplate: |
{
"body": <$.body>
}
Outputs:
AiWorkflowSourceQueueUrl:
Description: SourceQueue URL
Value: !GetAtt SourceQueue.QueueUrl
AiWorkflowResultQueueUrl:
Description: ResultQueue URL
Value: !GetAtt ResultQueue.QueueUrl
AiWorkflowStateMachineLogGroup:
Description: 'StepFunctions LogGroup Name'
Value: !Ref AiWorkflowStateMachineLogGroup
AiWorkflowStabilisationFunction:
Description: "Stabilisation Lambda Function ARN"
Value: !GetAtt AiWorkflowStabilisationFunction.Arn
AiWorkflowExtractionFunction:
Description: "Extraction Lambda Function ARN"
Value: !GetAtt AiWorkflowExtractionFunction.Arn
Simplifed
Connectors:
AiWorkflowStabilisationFunctionS3Connector:
Properties:
Destination:
Type: AWS::S3::Bucket
Arn: !Sub arn:aws:s3:::qundo-legitimation-data-${Environment}
Permissions:
- Read
- Write
CloudFormation Lint Version
1.10.3
What operating system are you using?
Mac & Ubuntu
Describe the bug
Originally reported in the SAM repo here : aws/aws-sam-cli#7397
After some digging, it appears that this is an issue specifically with cfn-lint, which is a dependency of SAM that was bumped in a recent SAM release.
I ran in to the same issue reported in aws-sam-cli/issues/7397 when running the sam linter in CI/CD
Expected behavior
Defining a CFN connector with a type instead of id should pass linting validation
Reproduction template
From the original ticket :
Simplifed