EC2 CloudFormation linter identifies public key is not used
glennschler opened this issue · comments
Glenn Schlereth commented
Describe the bug
AWS Cloudformation Linter fails a number of checks
- Identifies that algo.pem.pub ssh key is being sent as parameter
PublicSSHKeyParameter
even though it is not used in cloud formation.
This public key was moved into cloud-init data some time in the past. - Recommends stronger type checking for the
ImageIdParameter
- Identifies ten template resources with a warning to remove
the DependsOn attribute: 'Obsolete DependsOn on resource'
To Reproduce
Steps to reproduce the behavior:
- Install linter
pip install cfn-lint
- Run linter against the template:
cfn-lint roles/cloud-ec2/files/stack.yaml
Expected behavior
Linter should not identify any invalid values or best practices not
followed
Additional context
I think the most important issue to resolve is to remove the ssh key
parameter from being sent to cloud formation.
algo/roles/cloud-ec2/files/stack.yaml
Lines 8 to 9 in 1c6702d
Secondly, a clean lint check is also a benefit.
Full log
W2001 Parameter PublicSSHKeyParameter not used.
roles/cloud-ec2/files/stack.yaml:8:3
W2506 Parameter ImageIdParameter should be of type [AWS::EC2::Image::Id, AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>]
roles/cloud-ec2/files/stack.yaml:10:3
W3005 Obsolete DependsOn on resource (InternetGateway), dependency already enforced by a "Ref" at Resources/Route/Properties/GatewayId/Ref
roles/cloud-ec2/files/stack.yaml:86:9
W3005 Obsolete DependsOn on resource (RouteTable), dependency already enforced by a "Ref" at Resources/Route/Properties/RouteTableId/Ref
roles/cloud-ec2/files/stack.yaml:87:9
W3005 Obsolete DependsOn on resource (InternetGateway), dependency already enforced by a "Ref" at Resources/RouteIPv6/Properties/GatewayId/Ref
roles/cloud-ec2/files/stack.yaml:97:9
W3005 Obsolete DependsOn on resource (RouteTable), dependency already enforced by a "Ref" at Resources/RouteIPv6/Properties/RouteTableId/Ref
roles/cloud-ec2/files/stack.yaml:98:9
W3005 Obsolete DependsOn on resource (VPC), dependency already enforced by a "Fn:GetAtt" at Resources/SubnetIPv6/Properties/Ipv6CidrBlock/Fn::Join/1/0/Fn::Select/1/Fn::Split/1/Fn::Select/1/Fn::GetAtt
roles/cloud-ec2/files/stack.yaml:109:9
W3005 Obsolete DependsOn on resource (RouteTable), dependency already enforced by a "Ref" at Resources/RouteSubnet/Properties/RouteTableId/Ref
roles/cloud-ec2/files/stack.yaml:122:9
W3005 Obsolete DependsOn on resource (Subnet), dependency already enforced by a "Ref" at Resources/RouteSubnet/Properties/SubnetId/Ref
roles/cloud-ec2/files/stack.yaml:123:9
W3005 Obsolete DependsOn on resource (Subnet), dependency already enforced by a "Ref" at Resources/EC2Instance/Properties/SubnetId/Ref
roles/cloud-ec2/files/stack.yaml:170:9
W3005 Obsolete DependsOn on resource (InstanceSecurityGroup), dependency already enforced by a "Ref" at Resources/EC2Instance/Properties/SecurityGroupIds/0/Ref
roles/cloud-ec2/files/stack.yaml:171:9
W3005 Obsolete DependsOn on resource (EC2Instance), dependency already enforced by a "Ref" at Resources/ElasticIP/Properties/InstanceId/Ref
roles/cloud-ec2/files/stack.yaml:208:9