CloudFormation Resource Specification 20.0.0

docs/rules.md

@@ -46,7 +46,7 @@ To include these rules, use the `-e/include-experimental` argument when running
 ## Rules
 (_This documentation is generated by running `cfn-lint --update-documentation`, do not alter this manually_)
 
-The following **147** rules are applied by this linter:
+The following **146** rules are applied by this linter:
 
 | Rule ID  | Title | Description | Config<br />(Name:Type:Default) | Source | Tags |
 | -------- | ----- | ----------- | ---------- | ------ | ---- |
@@ -112,10 +112,10 @@ The following **147** rules are applied by this linter:
 | [E3012<a name="E3012"></a>](../src/cfnlint/rules/resources/properties/ValuePrimitiveType.py) | Check resource properties values | Checks resource property values with Primitive Types for values that match those types. | strict:boolean:True | [Source](https://github.com/aws-cloudformation/cfn-python-lint/blob/master/docs/cfn-resource-specification.md#valueprimitivetype) | `resources` |
 | [E3013<a name="E3013"></a>](../src/cfnlint/rules/resources/cloudfront/Aliases.py) | CloudFront Aliases | CloudFront aliases should contain valid domain names |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-aliases) | `properties`,`cloudfront` |
 | [E3016<a name="E3016"></a>](../src/cfnlint/rules/resources/updatepolicy/Configuration.py) | Check the configuration of a resources UpdatePolicy | Make sure a resources UpdatePolicy is properly configured |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html) | `resources`,`updatepolicy` |
+| [E3017<a name="E3017"></a>](../src/cfnlint/rules/resources/properties/RequiredBasedOnValue.py) | Property is required based on another properties value | When certain properties have a certain value it results in other properties being required. This rule will validate those required properties are specified when those values are supplied |  | [Source]() | `resources` |
 | [E3020<a name="E3020"></a>](../src/cfnlint/rules/resources/route53/RecordSet.py) | Validate Route53 RecordSets | Check if all RecordSets are correctly configured |  | [Source](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html) | `resources`,`route53`,`record_set` |
 | [E3021<a name="E3021"></a>](../src/cfnlint/rules/resources/events/RuleTargetsLimit.py) | Check Events Rule Targets are less than or equal to 5 | CloudWatch Events Rule can only support up to 5 targets |  | [Source](https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/cloudwatch_limits_cwe.html) | `resources`,`events` |
 | [E3022<a name="E3022"></a>](../src/cfnlint/rules/resources/ectwo/RouteTableAssociation.py) | Resource SubnetRouteTableAssociation Properties | Validate there is only one SubnetRouteTableAssociation per subnet |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-subnet-route-table-assoc.html) | `resources`,`ec2`,`subnet`,`route table` |
-| [E3023<a name="E3023"></a>](../src/cfnlint/rules/resources/route53/HealthCheck.py) | Validate that AlarmIdentifier is specified when using CloudWatch Metrics | When using a CloudWatch Metric for Route53 Health Checks you must also specify the AlarmIdentifier |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-healthcheck-healthcheckconfig.html#cfn-route53-healthcheck-healthcheckconfig-alarmidentifier) | `resources`,`route53`,`alarm_identifier` |
 | [E3024<a name="E3024"></a>](../src/cfnlint/rules/resources/dynamodb/BillingMode.py) | Validate that ProvisionedThroughput is not specified with BillingMode PAY_PER_REQUEST | When using ProvisionedThroughput with BillingMode PAY_PER_REQUEST will result in BillingMode being changed to PROVISIONED |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html) | `resources`,`dynamodb`,`provisioned_throughput`,`billing_mode` |
 | [E3025<a name="E3025"></a>](../src/cfnlint/rules/resources/rds/InstanceSize.py) | RDS instance type is compatible with the RDS type | Check the RDS instance types are supported by the type of RDS engine. Only if the values are strings will this be checked. |  | [Source](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) | `resources`,`rds` |
 | [E3026<a name="E3026"></a>](../src/cfnlint/rules/resources/elasticache/CacheClusterFailover.py) | Check Elastic Cache Redis Cluster settings | Evaluate Redis Cluster groups to make sure automatic failover is enabled when cluster mode is enabled |  | [Source](https://github.com/awslabs/cfn-python-lint) | `resources`,`elasticcache` |
@@ -132,7 +132,6 @@ The following **147** rules are applied by this linter:
 | [E3037<a name="E3037"></a>](../src/cfnlint/rules/resources/properties/ListDuplicates.py) | Check if a list has duplicate values | Certain lists don't support duplicate items. Check when duplicates are provided but not supported. |  | [Source](https://github.com/aws-cloudformation/cfn-python-lint/blob/master/docs/cfn-resource-specification.md#allowedvalue) | `resources`,`property`,`list` |
 | [E3038<a name="E3038"></a>](../src/cfnlint/rules/resources/ServerlessTransform.py) | Check if Serverless Resources have Serverless Transform | Check that a template with Serverless Resources also includes the Serverless Transform |  | [Source](https://github.com/aws-cloudformation/cfn-python-lint) | `resources`,`transform` |
 | [E3039<a name="E3039"></a>](../src/cfnlint/rules/resources/dynamodb/AttributeMismatch.py) | AttributeDefinitions / KeySchemas mismatch | Verify the set of Attributes in AttributeDefinitions and KeySchemas match |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html) | `resources`,`dynamodb` |
-| [E3040<a name="E3040"></a>](../src/cfnlint/rules/resources/rds/InstanceEngine.py) | RDS DB Instance Engine is valid | Check the RDS DB Instance Engine is valid |  | [Source](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) | `resources`,`rds` |
 | [E3041<a name="E3041"></a>](../src/cfnlint/rules/resources/route53/RecordSetName.py) | RecordSet HostedZoneName is a superdomain of Name | In a RecordSet, the HostedZoneName must be a superdomain of the Name being validated |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset.html#cfn-route53-recordset-name) | `resource`,`properties`,`route53` |
 | [E3042<a name="E3042"></a>](../src/cfnlint/rules/resources/ecs/TaskDefinitionEssentialContainer.py) | Check at least one essential container is specified | Check that every TaskDefinition specifies at least one essential container |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinitions.html#cfn-ecs-taskdefinition-containerdefinition-essential) | `properties`,`ecs`,`task`,`container`,`fargate` |
 | [E3050<a name="E3050"></a>](../src/cfnlint/rules/resources/iam/RefWithPath.py) | Check if REFing to a IAM resource with path set | Some resources don't support looking up the IAM resource by name. This check validates when a REF is being used and the Path is not '/' |  | [Source](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) | `properties`,`iam` |

src/cfnlint/data/AdditionalSpecs/Policies.json

@@ -6904,6 +6904,7 @@
         "ListComponents",
         "ListDistributionConfigurations",
         "ListImageBuildVersions",
+        "ListImagePipelineImages",
         "ListImagePipelines",
         "ListImageRecipes",
         "ListImages",
@@ -7406,6 +7407,7 @@
         "aws:RequestTag/${TagKey}",
         "aws:ResourceTag/${TagKey}",
         "aws:TagKeys",
+        "events:ManagedBy",
         "events:TargetArn",
         "events:detail-type",
         "events:detail.eventTypeCode",
@@ -8673,6 +8675,8 @@
         "ListSolutionVersions",
         "ListSolutions",
         "PutEvents",
+        "PutItems",
+        "PutUsers",
         "UpdateCampaign"
       ],
       "HasResource": true,

src/cfnlint/data/AdditionalSpecs/RdsProperties.json

@@ -4236,8 +4236,15 @@
         "db.r4.8xlarge",
         "db.r4.large",
         "db.r4.xlarge",
+        "db.r5.12xlarge",
+        "db.r5.2xlarge",
+        "db.r5.4xlarge",
+        "db.r5.large",
+        "db.r5.xlarge",
         "db.t2.medium",
-        "db.t2.small"
+        "db.t2.small",
+        "db.t3.medium",
+        "db.t3.small"
       ],
       "us-gov-west-1": [
         "db.r4.16xlarge",
@@ -4246,8 +4253,15 @@
         "db.r4.8xlarge",
         "db.r4.large",
         "db.r4.xlarge",
+        "db.r5.12xlarge",
+        "db.r5.2xlarge",
+        "db.r5.4xlarge",
+        "db.r5.large",
+        "db.r5.xlarge",
         "db.t2.medium",
-        "db.t2.small"
+        "db.t2.small",
+        "db.t3.medium",
+        "db.t3.small"
       ],
       "us-west-1": [
         "db.r3.2xlarge",
@@ -4684,8 +4698,15 @@
         "db.r4.8xlarge",
         "db.r4.large",
         "db.r4.xlarge",
+        "db.r5.12xlarge",
+        "db.r5.2xlarge",
+        "db.r5.4xlarge",
+        "db.r5.large",
+        "db.r5.xlarge",
         "db.t2.medium",
-        "db.t2.small"
+        "db.t2.small",
+        "db.t3.medium",
+        "db.t3.small"
       ],
       "us-gov-west-1": [
         "db.r4.16xlarge",
@@ -4694,8 +4715,15 @@
         "db.r4.8xlarge",
         "db.r4.large",
         "db.r4.xlarge",
+        "db.r5.12xlarge",
+        "db.r5.2xlarge",
+        "db.r5.4xlarge",
+        "db.r5.large",
+        "db.r5.xlarge",
         "db.t2.medium",
-        "db.t2.small"
+        "db.t2.small",
+        "db.t3.medium",
+        "db.t3.small"
       ],
       "us-west-1": [
         "db.r3.2xlarge",
@@ -5062,15 +5090,35 @@
         "db.r4.4xlarge",
         "db.r4.8xlarge",
         "db.r4.large",
-        "db.r4.xlarge"
+        "db.r4.xlarge",
+        "db.r5.12xlarge",
+        "db.r5.16xlarge",
+        "db.r5.24xlarge",
+        "db.r5.2xlarge",
+        "db.r5.4xlarge",
+        "db.r5.8xlarge",
+        "db.r5.large",
+        "db.r5.xlarge",
+        "db.t3.large",
+        "db.t3.medium"
       ],
       "us-gov-west-1": [
         "db.r4.16xlarge",
         "db.r4.2xlarge",
         "db.r4.4xlarge",
         "db.r4.8xlarge",
         "db.r4.large",
-        "db.r4.xlarge"
+        "db.r4.xlarge",
+        "db.r5.12xlarge",
+        "db.r5.16xlarge",
+        "db.r5.24xlarge",
+        "db.r5.2xlarge",
+        "db.r5.4xlarge",
+        "db.r5.8xlarge",
+        "db.r5.large",
+        "db.r5.xlarge",
+        "db.t3.large",
+        "db.t3.medium"
       ],
       "us-west-1": [
         "db.r4.16xlarge",

src/cfnlint/data/CloudSpecs/af-south-1.json

@@ -9509,6 +9509,23 @@
         }
       }
     },
+    "AWS::GlobalAccelerator::EndpointGroup.PortOverride": {
+      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-globalaccelerator-endpointgroup-portoverride.html",
+      "Properties": {
+        "EndpointPort": {
+          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-globalaccelerator-endpointgroup-portoverride.html#cfn-globalaccelerator-endpointgroup-portoverride-endpointport",
+          "PrimitiveType": "Integer",
+          "Required": true,
+          "UpdateType": "Mutable"
+        },
+        "ListenerPort": {
+          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-globalaccelerator-endpointgroup-portoverride.html#cfn-globalaccelerator-endpointgroup-portoverride-listenerport",
+          "PrimitiveType": "Integer",
+          "Required": true,
+          "UpdateType": "Mutable"
+        }
+      }
+    },
     "AWS::GlobalAccelerator::Listener.PortRange": {
       "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-globalaccelerator-listener-portrange.html",
       "Properties": {
@@ -11054,6 +11071,23 @@
         }
       }
     },
+    "AWS::Lambda::EventSourceMapping.SourceAccessConfiguration": {
+      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html",
+      "Properties": {
+        "Type": {
+          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html#cfn-lambda-eventsourcemapping-sourceaccessconfiguration-type",
+          "PrimitiveType": "String",
+          "Required": false,
+          "UpdateType": "Mutable"
+        },
+        "URI": {
+          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-eventsourcemapping-sourceaccessconfiguration.html#cfn-lambda-eventsourcemapping-sourceaccessconfiguration-uri",
+          "PrimitiveType": "String",
+          "Required": false,
+          "UpdateType": "Mutable"
+        }
+      }
+    },
     "AWS::Lambda::Function.Code": {
       "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-lambda-function-code.html",
       "Properties": {
@@ -12607,17 +12641,6 @@
         }
       }
     },
-    "AWS::S3::Bucket.ReplicaModifications": {
-      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicamodifications.html",
-      "Properties": {
-        "Status": {
-          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicamodifications.html#cfn-s3-bucket-replicamodifications-status",
-          "PrimitiveType": "String",
-          "Required": true,
-          "UpdateType": "Mutable"
-        }
-      }
-    },
     "AWS::S3::Bucket.ReplicationConfiguration": {
       "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-replicationconfiguration.html",
       "Properties": {
@@ -12974,12 +12997,6 @@
     "AWS::S3::Bucket.SourceSelectionCriteria": {
       "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-sourceselectioncriteria.html",
       "Properties": {
-        "ReplicaModifications": {
-          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-sourceselectioncriteria.html#cfn-s3-bucket-sourceselectioncriteria-replicamodifications",
-          "Required": false,
-          "Type": "ReplicaModifications",
-          "UpdateType": "Mutable"
-        },
         "SseKmsEncryptedObjects": {
           "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-sourceselectioncriteria.html#cfn-s3-bucket-sourceselectioncriteria-ssekmsencryptedobjects",
           "Required": false,
@@ -16339,7 +16356,7 @@
       }
     }
   },
-  "ResourceSpecificationVersion": "19.0.0",
+  "ResourceSpecificationVersion": "20.0.0",
   "ResourceTypes": {
     "AWS::ACMPCA::Certificate": {
       "Attributes": {
@@ -24118,6 +24135,13 @@
           "Required": true,
           "UpdateType": "Immutable"
         },
+        "PortOverrides": {
+          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-globalaccelerator-endpointgroup.html#cfn-globalaccelerator-endpointgroup-portoverrides",
+          "ItemType": "PortOverride",
+          "Required": false,
+          "Type": "List",
+          "UpdateType": "Mutable"
+        },
         "ThresholdCount": {
           "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-globalaccelerator-endpointgroup.html#cfn-globalaccelerator-endpointgroup-thresholdcount",
           "PrimitiveType": "Integer",
@@ -25603,6 +25627,22 @@
             "ValueType": "AWS::Lambda::EventSourceMapping.ParallelizationFactor"
           }
         },
+        "Queues": {
+          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-queues",
+          "DuplicatesAllowed": false,
+          "PrimitiveItemType": "String",
+          "Required": false,
+          "Type": "List",
+          "UpdateType": "Mutable"
+        },
+        "SourceAccessConfigurations": {
+          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-sourceaccessconfigurations",
+          "DuplicatesAllowed": false,
+          "ItemType": "SourceAccessConfiguration",
+          "Required": false,
+          "Type": "List",
+          "UpdateType": "Mutable"
+        },
         "StartingPosition": {
           "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-eventsourcemapping.html#cfn-lambda-eventsourcemapping-startingposition",
           "PrimitiveType": "String",
@@ -31900,11 +31940,11 @@
     },
     "AWS::Lambda::EventSourceMapping.MaximumRecordAgeInSeconds": {
       "NumberMax": 604800,
-      "NumberMin": 60
+      "NumberMin": -1
     },
     "AWS::Lambda::EventSourceMapping.MaximumRetryAttempts": {
       "NumberMax": 10000,
-      "NumberMin": 0
+      "NumberMin": -1
     },
     "AWS::Lambda::EventSourceMapping.ParallelizationFactor": {
       "NumberMax": 10,
@@ -31963,7 +32003,7 @@
     },
     "AWS::RDS::DBInstance.Engine": {
       "AllowedPattern": "Has to be one of [aurora, aurora-mysql, aurora-postgresql, mariadb, mysql, oracle-ee, oracle-se2, oracle-se1, oracle-se, postgres, sqlserver-ee, sqlserver-se, sqlserver-ex, sqlserver-web]",
-      "AllowedPatternRegex": "(?i)^(aurora|aurora-mysql|aurora-postgresql|mariadb|mysql|oracle-ee|oracle-se2|oracle-se1|oracle-se|postgres|sqlserver-ee|sqlserver-se|sqlserver-ex|sqlserver-web)$"
+      "AllowedPatternRegex": "(?i)(aurora|aurora-mysql|aurora-postgresql|mariadb|mysql|oracle-ee|oracle-se2|oracle-se1|oracle-se|postgres|sqlserver-ee|sqlserver-se|sqlserver-ex|sqlserver-web)$"
     },
     "AWS::RDS::DBInstance.PromotionTier": {
       "NumberMax": 15,