cfn-lint icon indicating copy to clipboard operation
cfn-lint copied to clipboard
verified publisher icon aws-cloudformation

Missing Function not seen as a violation

Open avatarworf opened this issue 3 years ago • 0 comments

cfn-lint version: (0.58.4)

Description of issue.

Invalid resource references was not picked up by the validator when executing, a further deployment in AWS resulted in a generic something is wrong with the Policy Document message.

Here is an example summary of the Template which was in flight

---
Resources:
  Bucket:
    Type: AWS::S3::Bucket
  ManagedPolicy:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      PolicyDocument:
        Statement:
          - Effect: Allow
            Action:
              - s3:Get*
            Resource:
              - !GetAtt Bucket.Arn
              - [ '', [ !GetAtt Bucket.Arn , '/*' ] ]

The problem is around he second resource definition, which is missing the short form !Join function, see docs

              - !Join [ '', [ !GetAtt Bucket.Arn , '/*' ] ]

avatarworf avatar Mar 25 '22 12:03 avatarworf