Bring back stateful resources json (#3728)

src/cfnlint/data/AdditionalSpecs/StatefulResources.json

@@ -0,0 +1,35 @@
+{
+ "ResourceTypes": {
+  "AWS::Backup::BackupVault": {},
+  "AWS::CloudFormation::Stack": {},
+  "AWS::Cognito::UserPool": {},
+  "AWS::DocDB::DBCluster": {},
+  "AWS::DocDB::DBInstance": {},
+  "AWS::DynamoDB::GlobalTable": {},
+  "AWS::DynamoDB::Table": {},
+  "AWS::EC2::Volume": {},
+  "AWS::EFS::FileSystem": {},
+  "AWS::EMR::Cluster": {},
+  "AWS::ElastiCache::CacheCluster": {},
+  "AWS::ElastiCache::ReplicationGroup": {},
+  "AWS::Elasticsearch::Domain": {},
+  "AWS::FSx::FileSystem": {},
+  "AWS::KMS::Key": {},
+  "AWS::Kinesis::Stream": {},
+  "AWS::Logs::LogGroup": {},
+  "AWS::Neptune::DBCluster": {},
+  "AWS::Neptune::DBInstance": {},
+  "AWS::OpenSearchService::Domain": {},
+  "AWS::Organizations::Account": {},
+  "AWS::QLDB::Ledger": {},
+  "AWS::RDS::DBCluster": {},
+  "AWS::RDS::DBInstance": {},
+  "AWS::Redshift::Cluster": {},
+  "AWS::S3::Bucket": {
+   "DeleteRequiresEmptyResource": true
+  },
+  "AWS::SDB::Domain": {},
+  "AWS::SQS::Queue": {},
+  "AWS::SecretsManager::Secret": {}
+ }
+}

src/cfnlint/rules/resources/UpdateReplacePolicyDeletionPolicyOnStatefulResourceTypes.py

@@ -5,13 +5,13 @@
 
 from typing import Any
 
+import cfnlint.data.AdditionalSpecs
+from cfnlint.helpers import load_resource
 from cfnlint.jsonschema import Validator
 from cfnlint.rules.jsonschema.CfnLintJsonSchema import CfnLintJsonSchema
 
 
 class UpdateReplacePolicyDeletionPolicyOnStatefulResourceTypes(CfnLintJsonSchema):
-    """Check for UpdateReplacePolicy / DeletionPolicy"""
-
     id = "I3011"
     shortdesc = "Check stateful resources have a set UpdateReplacePolicy/DeletionPolicy"
     description = (
@@ -28,36 +28,13 @@ def __init__(self):
             all_matches=True,
         )
 
-        self.config["types"] = [
-            "AWS::Backup::BackupVault",
-            "AWS::CloudFormation::Stack",
-            "AWS::Cognito::UserPool",
-            "AWS::DocDB::DBCluster",
-            "AWS::DocDB::DBInstance",
-            "AWS::DynamoDB::GlobalTable",
-            "AWS::DynamoDB::Table",
-            "AWS::EC2::Volume",
-            "AWS::EFS::FileSystem",
-            "AWS::EMR::Cluster",
-            "AWS::ElastiCache::CacheCluster",
-            "AWS::ElastiCache::ReplicationGroup",
-            "AWS::Elasticsearch::Domain",
-            "AWS::FSx::FileSystem",
-            "AWS::KMS::Key",
-            "AWS::Kinesis::Stream",
-            "AWS::Logs::LogGroup",
-            "AWS::Neptune::DBCluster",
-            "AWS::Neptune::DBInstance",
-            "AWS::OpenSearchService::Domain",
-            "AWS::Organizations::Account",
-            "AWS::QLDB::Ledger",
-            "AWS::RDS::DBCluster",
-            "AWS::RDS::DBInstance",
-            "AWS::Redshift::Cluster",
-            # "AWS::S3::Bucket", # can't be deleted without being empty
-            "AWS::SDB::Domain",
-            "AWS::SQS::Queue",
-            "AWS::SecretsManager::Secret",
+        spec = load_resource(cfnlint.data.AdditionalSpecs, "StatefulResources.json")
+        self.likely_stateful_resource_types = [
+            resource_type
+            for resource_type, descr in spec["ResourceTypes"].items()
+            # Resources that won't be deleted if they're not empty (ex: S3)
+            # don't need to be checked for policies, as chance of mistakes are low.
+            if not descr.get("DeleteRequiresEmptyResource", False)
         ]
 
         self._schema = {"required": ["DeletionPolicy", "UpdateReplacePolicy"]}
@@ -68,7 +45,7 @@ def validate(self, validator: Validator, s: Any, instance: Any, schema: Any):
         if not isinstance(resource_type, str):
             return
 
-        if resource_type not in self.config.get("types"):  # type: ignore
+        if resource_type not in self.likely_stateful_resource_types:  # type: ignore
             return
 
         for err in super().validate(validator, s, instance, self._schema):