generated from terraform-linters/tflint-ruleset-template
-
Notifications
You must be signed in to change notification settings - Fork 74
/
Copy pathREADME.md.tmpl
83 lines (73 loc) · 6.35 KB
/
README.md.tmpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# Rules
This documentation describes a list of rules available by enabling this ruleset.
### Possible Errors
These rules warn of possible errors that can occur at `terraform apply`. Rules marked with `Deep` are only used when enabling [Deep Checking](../deep_checking.md):
|Rule|Description|Deep|Enabled by default|
| --- | --- | --- | --- |
|aws_alb_invalid_security_group|Disallow using invalid security groups|✔|✔|
|aws_alb_invalid_subnet|Disallow using invalid subnets|✔|✔|
|aws_api_gateway_model_invalid_name|Disallow using invalid name||✔|
|aws_db_instance_invalid_db_subnet_group|Disallow using invalid subnet group name|✔|✔|
|[aws_db_instance_invalid_engine](aws_db_instance_invalid_engine.md)|Disallow using invalid engine name||✔|
|aws_db_instance_invalid_option_group|Disallow using invalid option group|✔|✔|
|aws_db_instance_invalid_parameter_group|Disallow using invalid parameter group|✔|✔|
|[aws_db_instance_invalid_type](aws_db_instance_invalid_type.md)|Disallow using invalid instance class||✔|
|aws_db_instance_invalid_vpc_security_group|Disallow using invalid VPC security groups|✔|✔|
|aws_dynamodb_table_invalid_stream_view_type|Disallow using invalid stream view types for DynamoDB||✔|
|aws_elasticache_cluster_invalid_parameter_group|Disallow using invalid parameter group|✔|✔|
|aws_elasticache_cluster_invalid_security_group|Disallow using invalid security groups|✔|✔|
|aws_elasticache_cluster_invalid_subnet_group|Disallow using invalid subnet group|✔|✔|
|[aws_elasticache_cluster_invalid_type](aws_elasticache_cluster_invalid_type.md)|Disallow using invalid node type||✔|
|[aws_elasticache_replication_group_invalid_type](aws_elasticache_replication_group_invalid_type.md)|Disallow using invalid node type||✔|
|aws_elb_invalid_instance|Disallow using invalid instances|✔|✔|
|aws_elb_invalid_security_group|Disallow using invalid security groups|✔|✔|
|aws_elb_invalid_subnet|Disallow using invalid subnets|✔|✔|
|[aws_iam_group_policy_too_long](aws_iam_group_policy_too_long.md)|Disallow IAM group policies that are too long||✔|
|[aws_iam_policy_sid_invalid_characters](aws_iam_policy_sid_invalid_characters.md)|Disallow invalid characters in an IAM policy's SID||✔|
|[aws_iam_policy_too_long_policy](aws_iam_policy_too_long_policy.md)|Disallow IAM group policies that are too long||✔|
|aws_instance_invalid_ami|Disallow using invalid AMI|✔|✔|
|aws_instance_invalid_iam_profile|Disallow using invalid IAM profile|✔|✔|
|aws_instance_invalid_key_name|Disallow using invalid key name|✔|✔|
|aws_instance_invalid_subnet|Disallow using invalid subnet|✔|✔|
|aws_instance_invalid_vpc_security_group|Disallow using invalid VPC security groups|✔|✔|
|aws_launch_configuration_invalid_iam_profile|Disallow using invalid IAM profile|✔|✔|
|aws_launch_configuration_invalid_image_id|Disallow using invalid image ID|✔|✔|
|aws_mq_broker_invalid_engine_type|Disallow invalid engine type for MQ Broker||✔|
|aws_mq_configuration_invalid_engine_type|Disallow invalid engine type for MQ Configuration||✔|
|aws_route_invalid_egress_only_gateway|Disallow using invalid egress only gateway|✔|✔|
|aws_route_invalid_gateway|Disallow using invalid gateway|✔|✔|
|aws_route_invalid_instance|Disallow using invalid instance|✔|✔|
|aws_route_invalid_nat_gateway|Disallow using invalid NAT gateway|✔|✔|
|aws_route_invalid_network_interface|Disallow using invalid network interface|✔|✔|
|aws_route_invalid_route_table|Disallow using invalid route table|✔|✔|
|aws_route_invalid_vpc_peering_connection|Disallow using invalid VPC peering connection|✔|✔|
|[aws_route_not_specified_target](aws_route_not_specified_target.md)|Disallow routes that have no targets||✔|
|[aws_route_specified_multiple_targets](aws_route_specified_multiple_targets.md)|Disallow routes that have multiple targets||✔|
|aws_s3_bucket_invalid_acl|Disallow invalid ACL rule for S3 bucket||✔|
|aws_s3_bucket_invalid_region|Disallow invalid region for S3 bucket||✔|
|aws_spot_fleet_request_invalid_excess_capacity_termination_policy|Disallow invalid excess capacity termination policy||✔|
### Best Practices/Naming Conventions
These rules enforce best practices and naming conventions:
|Rule|Description|Enabled by default|
| --- | --- | --- |
|[aws_acm_certificate_lifecycle](aws_acm_certificate_lifecycle.md)|Disallow adding `aws_acm_certificate` resource without setting `create_before_destroy = true` in `lifecycle` block |✔|
|[aws_db_instance_previous_type](aws_db_instance_previous_type.md)|Disallow using previous generation instance types|✔|
|[aws_db_instance_default_parameter_group](aws_db_instance_default_parameter_group.md)|Disallow using default DB parameter group|✔|
|[aws_elasticache_cluster_previous_type](aws_elasticache_cluster_previous_type.md)|Disallow using previous node types|✔|
|[aws_elasticache_cluster_default_parameter_group](aws_elasticache_cluster_default_parameter_group.md)|Disallow using default parameter group|✔|
|[aws_elasticache_replication_group_previous_type](aws_elasticache_replication_group_previous_type.md)|Disallow using previous node types|✔|
|[aws_elasticache_replication_group_default_parameter_group](aws_elasticache_replication_group_default_parameter_group.md)|Disallow using default parameter group|✔|
|[aws_instance_previous_type](aws_instance_previous_type.md)|Disallow using previous generation instance types|✔|
|[aws_iam_policy_document_gov_friendly_arns](aws_iam_policy_document_gov_friendly_arns.md)|Ensure `iam_policy_document` data sources do not contain `arn:aws:` ARN's||
|[aws_iam_policy_gov_friendly_arns](aws_iam_policy_gov_friendly_arns.md)|Ensure `iam_policy` resources do not contain `arn:aws:` ARN's||
|[aws_iam_role_policy_gov_friendly_arns](aws_iam_role_policy_gov_friendly_arns.md)|Ensure `iam_role_policy` resources do not contain `arn:aws:` ARN's||
|[aws_lambda_function_deprecated_runtime](aws_lambda_function_deprecated_runtime.md)|Disallow deprecated runtimes for Lambda Function|✔|
|[aws_resource_missing_tags](aws_resource_missing_tags.md)|Require specific tags for all AWS resource types that support them||
|[aws_s3_bucket_name](aws_s3_bucket_name.md)|Ensures all S3 bucket names match the specified naming rules||
### SDK-based Validations
700+ rules based on the aws-sdk validations are also available:
|Rule|Enabled by default|
| --- | --- |
{{- range $v := .RuleNames }}
|{{ $v }}|✔|
{{- end }}