cfn-lint/src/cfnlint/rules/resources/lmbd/SnapStart.py at a482a8b3073da1a45ff65de7cc23ebe30ec91c06 · chrisqm-dev/cfn-lint · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
"""
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0
"""

from cfnlint.rules import CloudFormationLintRule, RuleMatch


class SnapStart(CloudFormationLintRule):
    """Check if Lambda SnapStart is properly configured"""

    id = "W2530"
    shortdesc = "Validate that SnapStart is properly configured"
    description = (
        "To properly leverage SnapStart, you must configure both the lambda function "
        "and attach a Lambda version resource"
    )
    source_url = "https://docs.aws.amazon.com/lambda/latest/dg/snapstart.html"
    tags = ["resources", "lambda"]

    def __init__(self):
        super().__init__()
        self.resource_property_types.append("AWS::Lambda::Function")

    def _check_value(self, value, path, **kwargs):
        lambda_versions = kwargs["lambda_versions"]
        cfn = kwargs["cfn"]

        if value != "PublishedVersions":
            return []

        # SnapStart is enabled, validate if version is attached
        matches = [
            v
            for v in lambda_versions
            if any(edge == path[1] for edge in cfn.graph.graph.neighbors(v))
        ]

        if len(matches) < 1:
            return [
                RuleMatch(
                    path,
                    "SnapStart is enabled but Lambda version is not attached",
                )
            ]

        return []

    def match_resource_properties(self, properties, _, path, cfn):
        """Check CloudFormation Properties"""
        matches = []

        # if there is no graph we can't validate
        if not cfn.graph:
            return matches

        lambda_versions = cfn.get_resources(["AWS::Lambda::Version"])

        for scenario in cfn.get_object_without_conditions(properties, ["SnapStart"]):
            props = scenario.get("Object")

            snap_start = props.get("SnapStart")
            if not snap_start:
                continue

            matches.extend(
                cfn.check_value(
                    snap_start,
                    "ApplyOn",
                    path,
                    check_value=self._check_value,
                    lambda_versions=lambda_versions,
                    cfn=cfn,
                )
            )

        return matches