awslabs · sbkok · Aug 12, 2022 · Apr 8, 2022 · Apr 8, 2022 · May 24, 2022
diff --git a/.yamllint b/.yamllint
@@ -0,0 +1,40 @@
+---
+yaml-files:
+  - '*.yaml'
+  - '*.yml'
+  - '.yamllint'
+
+rules:
+  braces:
+    forbid: non-empty
+    min-spaces-inside-empty: 0
+    max-spaces-inside-empty: 0
+  brackets: enable
+  colons: enable
+  commas: enable
+  comments:
+    level: warning
+  comments-indentation:
+    level: warning
+  document-end: disable
+  document-start: disable
+  empty-lines: enable
+  empty-values: disable
+  empty-values: disable
+  float-values:
+    forbid-inf: true
+    forbid-nan: true
+    forbid-scientific-notation: true
+    require-numeral-before-decimal: true
+  hyphens: enable
+  indentation: enable
+  key-duplicates: enable
+  key-ordering: disable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines: enable
+  octal-values: enable
+  quoted-strings: disable
+  trailing-spaces: enable
+  truthy: 
+    level: error
diff --git a/Makefile b/Makefile
@@ -10,9 +10,11 @@ test:
 	pytest src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python -vvv -s -c src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/python/pytest.ini
 	pytest src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk -vvv -s -c src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/cdk/pytest.ini
 	pytest src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared -vvv -s -c src/lambda_codebase/initial_commit/bootstrap_repository/adf-build/shared/pytest.ini
+
 lint:
 	# Linter performs static analysis to catch latent bugs
 	find src/ -iname "*.py" -not -path "src/.aws-sam/*" | xargs pylint --rcfile .pylintrc
+	find src -iname "*.yml" -o -iname "*.yaml" -not -path "src/.aws-sam/*" | xargs yamllint -c .yamllint
 	cfn-lint
 
 build:

diff --git a/requirements.txt b/requirements.txt
@@ -8,5 +8,6 @@ pytest~=6.2.5
 pyyaml>=5.4.1
 schema~=0.7.5
 tox==3.24.4
+yamllint~=1.27.1
 cfn-lint~=0.60.1
 docutils~=0.15.2
diff --git a/samples/sample-ec2-java-app-codedeploy/buildspec.yml b/samples/sample-ec2-java-app-codedeploy/buildspec.yml
@@ -8,7 +8,7 @@ phases:
     commands:
       - mvn clean package --quiet
 artifacts:
-  discard-paths: yes
+  discard-paths: yes  # yamllint disable-line rule:truthy
   files:
     - target/*
     - scripts/*

diff --git a/samples/sample-ec2-with-codedeploy/template.yml b/samples/sample-ec2-with-codedeploy/template.yml
@@ -126,7 +126,7 @@ Resources:
       GroupDescription: Access to the Instance
       VpcId:
         Fn::ImportValue:
-            Fn::Sub: ${Environment}-vpc-id
+          Fn::Sub: ${Environment}-vpc-id
   SecurityGroupIngressFromPublicALB:
     Type: AWS::EC2::SecurityGroupIngress
     Properties:
@@ -147,25 +147,25 @@ Resources:
       GroupDescription: Access to the public facing load balancer
       VpcId:
         Fn::ImportValue:
-            Fn::Sub: ${Environment}-vpc-id
+          Fn::Sub: ${Environment}-vpc-id
       SecurityGroupIngress:
-          # Allow access to ALB from anywhere on the internet
-          - CidrIp: 0.0.0.0/0
-            IpProtocol: -1
+        # Allow access to ALB from anywhere on the internet
+        - CidrIp: 0.0.0.0/0
+          IpProtocol: -1
   PublicLoadBalancer:
     Type: AWS::ElasticLoadBalancingV2::LoadBalancer
     Properties:
       Scheme: internet-facing
       LoadBalancerAttributes:
-      - Key: idle_timeout.timeout_seconds
-        Value: '30'
+        - Key: idle_timeout.timeout_seconds
+          Value: '30'
       Subnets:
-          - Fn::ImportValue:
-              Fn::Sub: ${Environment}-public-subnet-1a
-          - Fn::ImportValue:
-              Fn::Sub: ${Environment}-public-subnet-1b
-          - Fn::ImportValue:
-              Fn::Sub: ${Environment}-public-subnet-1c
+        - Fn::ImportValue:
+            Fn::Sub: ${Environment}-public-subnet-1a
+        - Fn::ImportValue:
+            Fn::Sub: ${Environment}-public-subnet-1b
+        - Fn::ImportValue:
+            Fn::Sub: ${Environment}-public-subnet-1c
       SecurityGroups:
         - !Ref 'PublicLoadBalancerSG'
   ApplicationLoadBalancerHTTPListener:
@@ -197,7 +197,7 @@ Resources:
           Value: "5"
       VpcId:
         Fn::ImportValue:
-            Fn::Sub: ${Environment}-vpc-id
+          Fn::Sub: ${Environment}-vpc-id
   ScaleDownCloudWatchAlarm:
     Type: "AWS::CloudWatch::Alarm"
     Properties:

diff --git a/samples/sample-ecs-cluster/template.yml b/samples/sample-ecs-cluster/template.yml
@@ -7,10 +7,10 @@ AWSTemplateFormatVersion: '2010-09-09'
 Description: ADF CloudFormation Sample Template (ECS Cluster)
 Metadata:
   License: Apache-2.0
-Parameters: 
-    Environment:
-        Description: The Current Environment
-        Type: String
+Parameters:
+  Environment:
+    Description: The Current Environment
+    Type: String
 Resources:
   ECSCluster:
     Type: AWS::ECS::Cluster
@@ -20,7 +20,7 @@ Resources:
       GroupDescription: Access to the Fargate containers
       VpcId:
         Fn::ImportValue:
-            Fn::Sub: ${Environment}-vpc-id
+          Fn::Sub: ${Environment}-vpc-id
   EcsSecurityGroupIngressFromPublicALB:
     Type: AWS::EC2::SecurityGroupIngress
     Properties:
@@ -41,26 +41,26 @@ Resources:
       GroupDescription: Access to the public facing load balancer
       VpcId:
         Fn::ImportValue:
-            Fn::Sub: ${Environment}-vpc-id
+          Fn::Sub: ${Environment}-vpc-id
       SecurityGroupIngress:
-          # Allow access to ALB from anywhere on the internet
-          - CidrIp: 0.0.0.0/0
-            IpProtocol: -1
+        # Allow access to ALB from anywhere on the internet
+        - CidrIp: 0.0.0.0/0
+          IpProtocol: -1
   PublicLoadBalancer:
     Type: AWS::ElasticLoadBalancingV2::LoadBalancer
     Properties:
       Scheme: internet-facing
-      LoadBalancerAttributes:
-      - Key: idle_timeout.timeout_seconds
-        Value: '30'
-      Subnets: 
-          - Fn::ImportValue:
-              Fn::Sub: ${Environment}-public-subnet-1a
-          - Fn::ImportValue:
-              Fn::Sub: ${Environment}-public-subnet-1b
-          - Fn::ImportValue:
-              Fn::Sub: ${Environment}-public-subnet-1c
       SecurityGroups: [!Ref 'PublicLoadBalancerSG']
+      LoadBalancerAttributes:
+        - Key: idle_timeout.timeout_seconds
+          Value: '30'
+      Subnets:
+        - Fn::ImportValue:
+            Fn::Sub: ${Environment}-public-subnet-1a
+        - Fn::ImportValue:
+            Fn::Sub: ${Environment}-public-subnet-1b
+        - Fn::ImportValue:
+            Fn::Sub: ${Environment}-public-subnet-1c
   DummyTargetGroupPublic:
     Type: AWS::ElasticLoadBalancingV2::TargetGroup
     Properties:
@@ -75,7 +75,7 @@ Resources:
       UnhealthyThresholdCount: 2
       VpcId:
         Fn::ImportValue:
-            Fn::Sub: ${Environment}-vpc-id
+          Fn::Sub: ${Environment}-vpc-id
   PublicLoadBalancerListener:
     Type: AWS::ElasticLoadBalancingV2::Listener
     Properties:
@@ -90,69 +90,69 @@ Resources:
     Properties:
       AssumeRolePolicyDocument:
         Statement:
-        - Effect: Allow
-          Principal:
-            Service: [ecs.amazonaws.com]
-          Action: ['sts:AssumeRole']
+          - Effect: Allow
+            Principal:
+              Service: [ecs.amazonaws.com]
+            Action: ['sts:AssumeRole']
       Path: /
       Policies:
-      - PolicyName: ecs-service
-        PolicyDocument:
-          Statement:
-          - Effect: Allow
-            Action:
-              # Rules which allow ECS to attach network interfaces to instances
-              # on your behalf in order for awsvpc networking mode to work right
-              - 'ec2:AttachNetworkInterface'
-              - 'ec2:CreateNetworkInterface'
-              - 'ec2:CreateNetworkInterfacePermission'
-              - 'ec2:DeleteNetworkInterface'
-              - 'ec2:DeleteNetworkInterfacePermission'
-              - 'ec2:Describe*'
-              - 'ec2:DetachNetworkInterface'
+        - PolicyName: ecs-service
+          PolicyDocument:
+            Statement:
+              - Effect: Allow
+                Action:
+                  # Rules which allow ECS to attach network interfaces to instances
+                  # on your behalf in order for awsvpc networking mode to work right
+                  - 'ec2:AttachNetworkInterface'
+                  - 'ec2:CreateNetworkInterface'
+                  - 'ec2:CreateNetworkInterfacePermission'
+                  - 'ec2:DeleteNetworkInterface'
+                  - 'ec2:DeleteNetworkInterfacePermission'
+                  - 'ec2:Describe*'
+                  - 'ec2:DetachNetworkInterface'
 
-              # Rules which allow ECS to update load balancers on your behalf
-              # with the information sabout how to send traffic to your containers
-              - 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer'
-              - 'elasticloadbalancing:DeregisterTargets'
-              - 'elasticloadbalancing:Describe*'
-              - 'elasticloadbalancing:RegisterInstancesWithLoadBalancer'
-              - 'elasticloadbalancing:RegisterTargets'
-            Resource: '*'
+                  # Rules which allow ECS to update load balancers on your behalf
+                  # with the information sabout how to send traffic to your containers
+                  - 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer'
+                  - 'elasticloadbalancing:DeregisterTargets'
+                  - 'elasticloadbalancing:Describe*'
+                  - 'elasticloadbalancing:RegisterInstancesWithLoadBalancer'
+                  - 'elasticloadbalancing:RegisterTargets'
+                Resource: '*'
 
   # This is a role which is used by the ECS tasks themselves.
   ECSTaskExecutionRole:
     Type: AWS::IAM::Role
     Properties:
       AssumeRolePolicyDocument:
         Statement:
-        - Effect: Allow
-          Principal:
-            Service: [ecs-tasks.amazonaws.com]
-          Action: ['sts:AssumeRole']
+          - Effect: Allow
+            Principal:
+              Service: [ecs-tasks.amazonaws.com]
+            Action: ['sts:AssumeRole']
       Path: /
       Policies:
         - PolicyName: AmazonECSTaskExecutionRolePolicy
           PolicyDocument:
             Statement:
-            - Effect: Allow
-              Action:
-                # Allow the ECS Tasks to download images from ECR
-                - 'ecr:GetAuthorizationToken'
-                - 'ecr:BatchCheckLayerAvailability'
-                - 'ecr:GetDownloadUrlForLayer'
-                - 'ecr:BatchGetImage'
+              - Effect: Allow
+                Action:
+                  # Allow the ECS Tasks to download images from ECR
+                  - 'ecr:GetAuthorizationToken'
+                  - 'ecr:BatchCheckLayerAvailability'
+                  - 'ecr:GetDownloadUrlForLayer'
+                  - 'ecr:BatchGetImage'
 
-                # Allow the ECS tasks to upload logs to CloudWatch
-                - 'logs:CreateLogStream'
-                - 'logs:PutLogEvents'
-              Resource: '*'
+                  # Allow the ECS tasks to upload logs to CloudWatch
+                  - 'logs:CreateLogStream'
+                  - 'logs:PutLogEvents'
+                Resource: '*'
 Outputs:
   ClusterName:
     Description: The name of the ECS cluster
     Value: !Ref 'ECSCluster'
     Export:
-      Name:  'ClusterName'
+      Name: 'ClusterName'
   ExternalUrl:
     Description: The url of the external load balancer
     Value: !Sub http://${PublicLoadBalancer.DNSName}
@@ -162,7 +162,7 @@ Outputs:
     Description: The ARN of the ECS role
     Value: !GetAtt 'ECSRole.Arn'
     Export:
-      Name:  'ECSRole' 
+      Name: 'ECSRole'
   ECSTaskExecutionRole:
     Description: The ARN of the ECS role
     Value: !GetAtt 'ECSTaskExecutionRole.Arn'
@@ -172,9 +172,9 @@ Outputs:
     Description: The ARN of the public load balancer's Listener
     Value: !Ref PublicLoadBalancerListener
     Export:
-      Name: 'PublicListener' 
+      Name: 'PublicListener'
   FargateContainerSecurityGroup:
     Description: A security group used to allow Fargate containers to receive traffic
     Value: !Ref 'FargateContainerSecurityGroup'
     Export:
-      Name: 'FargateContainerSecurityGroup' 
+      Name: 'FargateContainerSecurityGroup'
diff --git a/samples/sample-fargate-node-app/template.yml b/samples/sample-fargate-node-app/template.yml
@@ -86,13 +86,13 @@ Resources:
           AssignPublicIp: ENABLED
           SecurityGroups:
             - Fn::ImportValue: 'FargateContainerSecurityGroup'
-          Subnets: 
-              - Fn::ImportValue:
-                  Fn::Sub: ${Environment}-public-subnet-1a
-              - Fn::ImportValue:
-                  Fn::Sub: ${Environment}-public-subnet-1b
-              - Fn::ImportValue:
-                  Fn::Sub: ${Environment}-public-subnet-1c
+          Subnets:
+            - Fn::ImportValue:
+                Fn::Sub: ${Environment}-public-subnet-1a
+            - Fn::ImportValue:
+                Fn::Sub: ${Environment}-public-subnet-1b
+            - Fn::ImportValue:
+                Fn::Sub: ${Environment}-public-subnet-1c
       TaskDefinition: !Ref 'TaskDefinition'
       LoadBalancers:
         - ContainerName: !Ref 'ServiceName'
@@ -113,7 +113,7 @@ Resources:
       UnhealthyThresholdCount: 2
       VpcId:
         Fn::ImportValue:
-            Fn::Sub: ${Environment}-vpc-id
+          Fn::Sub: ${Environment}-vpc-id
   LoadBalancerRule:
     Type: AWS::ElasticLoadBalancingV2::ListenerRule
     Properties:

diff --git a/samples/sample-service-catalog-product/productX/template.yml b/samples/sample-service-catalog-product/productX/template.yml
@@ -44,7 +44,7 @@ Resources:
       Description: !Ref InstanceDescription
       InstanceType: !Ref InstanceType
       Name: !Ref InstanceName
-      OwnerArn: !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:user/${UserName}" #In this sample case 'sample-developer' from the IAM stack can be used here
+      OwnerArn: !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:user/${UserName}"  # In this sample case 'sample-developer' from the IAM stack can be used here
       SubnetId:
-          Fn::ImportValue:
-              Fn::Sub: ${Environment}-public-subnet-1a # Imported from sample-vpc
+        Fn::ImportValue:
+          Fn::Sub: ${Environment}-public-subnet-1a  # Imported from sample-vpc
diff --git a/samples/sample-service-catalog-product/template.yml b/samples/sample-service-catalog-product/template.yml
@@ -1,7 +1,7 @@
 # // Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 # // SPDX-License-Identifier: Apache-2.0
 
-AWSTemplateFormatVersion: '2010-09-09'
+AWSTemplateFormatVersion: "2010-09-09"
 Description: ADF CloudFormation Sample Template (Service Catalog Product)
 Metadata:
   License: Apache-2.0
@@ -36,7 +36,8 @@ Resources:
       Name: Cloud9 Development Environment
       Owner: Company
       ProvisioningArtifactParameters:
-        - Info: { "LoadTemplateFromURL": !Ref ProductXTemplateURL }
+        - Info:
+            LoadTemplateFromURL: !Ref ProductXTemplateURL
       SupportDescription: For help with Cloud9 Dev Environment contact us
       SupportEmail: [email protected]
       SupportUrl: http://example.com