diff --git a/src/cfnlint/rules/functions/GetAttFormat.py b/src/cfnlint/rules/functions/GetAttFormat.py index 4d1bdb4377..91f5c1808a 100644 --- a/src/cfnlint/rules/functions/GetAttFormat.py +++ b/src/cfnlint/rules/functions/GetAttFormat.py @@ -33,6 +33,8 @@ def __init__(self): "AWS::ServiceCatalog::CloudFormationProvisionedProduct", ] + self._resource_type_attribute_exceptions = [("AWS::SSM::Parameter", "Value")] + def validate( self, validator: Validator, _, instance: Any, schema: Any ) -> ValidationResult: @@ -50,11 +52,15 @@ def validate( t, validator.context.regions ): region = regions[0] - getatt_ptr = validator.context.resources[resource].get_atts(region)[attr] if t in self._resource_type_exceptions: return + if (t, attr) in self._resource_type_attribute_exceptions: + return + + getatt_ptr = validator.context.resources[resource].get_atts(region)[attr] + getatt_schema = resource_schema.resolver.resolve_cfn_pointer(getatt_ptr) getatt_fmt = getatt_schema.get("format") if getatt_fmt != fmt: diff --git a/test/unit/rules/functions/test_getatt_format.py b/test/unit/rules/functions/test_getatt_format.py index 24cc0cf540..e3b3d596b6 100644 --- a/test/unit/rules/functions/test_getatt_format.py +++ b/test/unit/rules/functions/test_getatt_format.py @@ -27,6 +27,7 @@ def template(): "MyProvisionedProduct": { "Type": "AWS::ServiceCatalog::CloudFormationProvisionedProduct" }, + "MySSMParameter": {"Type": "AWS::SSM::Parameter"}, }, } @@ -64,6 +65,12 @@ def template(): {"format": "AWS::EC2::SecurityGroup.GroupId"}, [], ), + ( + "Valid GetAtt because of exception with attribute", + ["MySSMParameter", "Value"], + {"format": "AWS::EC2::Image.Id"}, + [], + ), ( "Invalid GetAtt with a bad format", ["MyBucket", "Arn"],