Merge branch 'main' into fix_no_matching_templates

.github/workflows/ci-branch.yaml

@@ -25,7 +25,7 @@ jobs:
       - name: Run Tox
         run: |
           tox -e py -- -m "data or not data"
-      - uses: codecov/codecov-action@v4.1.0
+      - uses: codecov/codecov-action@v4
         if: matrix.os == 'ubuntu-latest'
         with:
           token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/ci-pr.yaml

@@ -26,12 +26,15 @@ jobs:
         run: |
           tox -e py
           mv coverage.xml coverage-${{ matrix.python }}.xml
-      - name: Store coverage file
-        uses: actions/upload-artifact@v4
+      - uses: codecov/codecov-action@v4
         if: matrix.os == 'ubuntu-latest'
         with:
-          name: coverage-${{ matrix.python }}
-          path: coverage-${{ matrix.python }}.xml
+          token: ${{ secrets.CODECOV_TOKEN }}
+          file: coverage-${{ matrix.python }}.xml
+          name: py${{ matrix.python }}-${{ matrix.os }}
+          flags: unittests
+          fail_ci_if_error: true
+          verbose: true
   integration:
     runs-on: ${{ matrix.os }}
     strategy:
@@ -68,13 +71,6 @@ jobs:
           pip3 install -e .
           pip install --upgrade pip
           pip install --upgrade setuptools
-          mkdir -p ./pr
-          echo ${{ github.event.number }} > ./pr/NR
-      - uses: actions/upload-artifact@v4
-        with:
-          name: pr
-          path: pr/
-          overwrite: true
       - uses: pypa/gh-action-pip-audit@v1.0.8
         with:
           ignore-vulns: |

docs/rules.md

@@ -46,7 +46,7 @@ To include these rules, use the `-e/include-experimental` argument when running
 ## Rules
 (_This documentation is generated by running `cfn-lint --update-documentation`, do not alter this manually_)
 
-The following **230** rules are applied by this linter:
+The following **232** rules are applied by this linter:
 
 | Rule ID  | Title | Description | Config<br />(Name:Type:Default) | Source | Tags |
 | -------- | ----- | ----------- | ---------- | ------ | ---- |
@@ -140,7 +140,7 @@ The following **230** rules are applied by this linter:
 | [E3041<a name="E3041"></a>](../src/cfnlint/rules/resources/route53/RecordSetName.py) | RecordSet HostedZoneName is a superdomain of or equal to Name | In a RecordSet, the HostedZoneName must be a superdomain of or equal to the Name being validated |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-recordset.html#cfn-route53-recordset-name) | `resource`,`properties`,`route53` |
 | [E3042<a name="E3042"></a>](../src/cfnlint/rules/resources/ecs/TaskDefinitionEssentialContainer.py) | Validate at least one essential container is specified | Check that every TaskDefinition specifies at least one essential container |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinitions.html#cfn-ecs-taskdefinition-containerdefinition-essential) | `properties`,`ecs`,`task`,`container`,`fargate` |
 | [E3043<a name="E3043"></a>](../src/cfnlint/rules/resources/cloudformation/NestedStackParameters.py) | Validate parameters for in a nested stack | Evalute if parameters for a nested stack are specified and if parameters are specified for a nested stack that aren't required. |  | [Source](https://github.com/awslabs/cfn-lint) | `resources`,`cloudformation` |
-| [E3044<a name="E3044"></a>](../src/cfnlint/rules/resources/ecs/FargateDeploymentSchedulingStrategy.py) | ECS service using FARGATE or EXTERNAL can only use SchedulingStrategy of REPLICA | When using a TargetType of Fargate or External the SchedulingStrategy has to be Replica |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-schedulingstrategy) | `properties`,`ecs`,`service`,`container`,`fargate` |
+| [E3044<a name="E3044"></a>](../src/cfnlint/rules/resources/ecs/FargateDeploymentSchedulingStrategy.py) | ECS service using FARGATE or EXTERNAL can only use SchedulingStrategy of REPLICA | When using a LaunchType of Fargate the SchedulingStrategy has to be Replica |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-schedulingstrategy) | `properties`,`ecs`,`service`,`container`,`fargate` |
 | [E3045<a name="E3045"></a>](../src/cfnlint/rules/resources/s3/AccessControlOwnership.py) | Validate AccessControl are set with OwnershipControls | When using AccessControl other than private you must also configure OwnershipControls. The default is bucket owner enforced which disables ACLs. |  | [Source](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) | `resources`,`s3` |
 | [E3046<a name="E3046"></a>](../src/cfnlint/rules/resources/ecs/LogConfiguration.py) | Validate ECS task logging configuration for awslogs | When 'awslogs' the options 'awslogs-group' and 'awslogs-region' are required |  | [Source]() | `resources` |
 | [E3047<a name="E3047"></a>](../src/cfnlint/rules/resources/ecs/FargateCpuMemory.py) | Validate ECS Fargate tasks have the right combination of CPU and memory | When using a ECS Fargate task there is a specfic combination of memory and cpu that can be used |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-memory) | `properties`,`ecs`,`service`,`container`,`fargate` |
@@ -152,6 +152,7 @@ The following **230** rules are applied by this linter:
 | [E3053<a name="E3053"></a>](../src/cfnlint/rules/resources/ecs/TaskDefinitionAwsVpc.py) | Validate ECS task definition is has correct values for 'HostPort' | The 'HostPort' must either be undefined or equal to the 'ContainerPort' value |  | [Source]() | `resources`,`ecs` |
 | [E3054<a name="E3054"></a>](../src/cfnlint/rules/resources/ecs/ServiceFargate.py) | Validate ECS service using Fargate uses TaskDefinition that allows Fargate | When using an ECS service with 'LaunchType' of 'FARGATE' the associated task definition must have 'RequiresCompatibilities' specified with 'FARGATE' listed |  | [Source]() | `resources`,`ecs` |
 | [E3055<a name="E3055"></a>](../src/cfnlint/rules/resources/CreationPolicy.py) | Check CreationPolicy values for Resources | Check that the CreationPolicy values are valid |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-creationpolicy.html) | `resources`,`creationPolicy` |
+| [E3056<a name="E3056"></a>](../src/cfnlint/rules/resources/ecs/ServiceHealthCheckGracePeriodSeconds.py) | ECS service using HealthCheckGracePeriodSeconds must also have LoadBalancers specified | When using a HealthCheckGracePeriodSeconds on an ECS service, the service must also have a LoadBalancers specified with at least one LoadBalancer in the array. |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-healthcheckgraceperiodseconds) | `properties`,`ecs`,`service`,`container` |
 | [E3057<a name="E3057"></a>](../src/cfnlint/rules/resources/cloudfront/DistributionTargetOriginId.py) | Validate that CloudFront TargetOriginId is a specified Origin | CloudFront TargetOriginId has to map to an Origin Id that is in the same DistributionConfig |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-targetoriginid) | `properties`,`cloudfront` |
 | [E3503<a name="E3503"></a>](../src/cfnlint/rules/resources/certificatemanager/DomainValidationOptions.py) | ValidationDomain is superdomain of DomainName | In ValidationDomainOptions, the ValidationDomain must be a superdomain of the DomainName being validated |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-certificatemanager-certificate-domainvalidationoption.html#cfn-certificatemanager-certificate-domainvalidationoption-validationdomain) | `certificate`,`certificatemanager`,`domainvalidationoptions`,`validationdomain` |
 | [E3504<a name="E3504"></a>](../src/cfnlint/rules/resources/backup/BackupPlanLifecycleRule.py) | Check minimum 90 period is met between BackupPlan cold and delete | Check that Backup plans with lifecycle rules have >= 90 days between cold and delete |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-backup-backupplan-lifecycleresourcetype.html) | `properties`,`backup`,`plan`,`lifecycle` |
@@ -182,6 +183,7 @@ The following **230** rules are applied by this linter:
 | [E3671<a name="E3671"></a>](../src/cfnlint/rules/resources/ectwo/Ebs.py) | Validate block device mapping configuration | Certain volume types require Iops to be specified |  | [Source]() | `resources`,`ec2` |
 | [E3672<a name="E3672"></a>](../src/cfnlint/rules/resources/dax/ClusterNodeTypeEnum.py) | Validate the cluster node type for a DAX Cluster | Validates the DAX cluster instance types based on region and data gathered from the pricing APIs |  | [Source]() | `resources` |
 | [E3673<a name="E3673"></a>](../src/cfnlint/rules/resources/ectwo/InstanceImageId.py) | Validate if an ImageId is required | Validate if an ImageID is required. It can be required if the associated LaunchTemplate doesn't specify an ImageID |  | [Source]() | `resources`,`ec2` |
+| [E3674<a name="E3674"></a>](../src/cfnlint/rules/resources/ectwo/PrivateIpWithNetworkInterface.py) | Primary cannoy be True when PrivateIpAddress is specified | Only specify the private IP address for an instance in one spot |  | [Source]() | `resources`,`ec2` |
 | [E3675<a name="E3675"></a>](../src/cfnlint/rules/resources/emr/ClusterInstanceTypeConfigInstanceTypeEnum.py) | Validate EMR cluster instance type | Validates the EMR cluster instance types based on region and data gathered from the pricing APIs |  | [Source]() | `resources` |
 | [E3676<a name="E3676"></a>](../src/cfnlint/rules/resources/elasticloadbalancingv2/ListenerCertificate.py) | Validate ELBv2 protocols that require certificates have a certificate specified | When using HTTP or TLS you must specify a certificate |  | [Source](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-certificates) | `resources` |
 | [E3677<a name="E3677"></a>](../src/cfnlint/rules/resources/lmbd/FunctionZipfileRuntimeEnum.py) | Validate Lambda using ZipFile requires an allowable runtime | Using the ZipFile attribute requires a javascript or python runtime to be specified |  | [Source]() | `resources` |

src/cfnlint/data/AdditionalSpecs/Policies.json

@@ -539,6 +539,7 @@
     "DeleteExtension",
     "DeleteExtensionAssociation",
     "DeleteHostedConfigurationVersion",
+    "GetAccountSettings",
     "GetApplication",
     "GetConfiguration",
     "GetConfigurationProfile",
@@ -563,6 +564,7 @@
     "StopDeployment",
     "TagResource",
     "UntagResource",
+    "UpdateAccountSettings",
     "UpdateApplication",
     "UpdateConfigurationProfile",
     "UpdateDeploymentStrategy",
@@ -4065,6 +4067,7 @@
     "DeleteTrustStore",
     "DeregisterTargets",
     "DescribeAccountLimits",
+    "DescribeListenerAttributes",
     "DescribeListenerCertificates",
     "DescribeListeners",
     "DescribeLoadBalancerAttributes",
@@ -4082,6 +4085,7 @@
     "GetTrustStoreCaCertificatesBundle",
     "GetTrustStoreRevocationContent",
     "ModifyListener",
+    "ModifyListenerAttributes",
     "ModifyLoadBalancerAttributes",
     "ModifyRule",
     "ModifyTargetGroup",
@@ -12729,6 +12733,7 @@
     "DeleteRetentionPolicy",
     "DeleteSubscriptionFilter",
     "DescribeAccountPolicies",
+    "DescribeConfigurationTemplates",
     "DescribeDeliveries",
     "DescribeDeliveryDestinations",
     "DescribeDeliverySources",
@@ -12784,6 +12789,7 @@
     "UntagLogGroup",
     "UntagResource",
     "UpdateAnomaly",
+    "UpdateDeliveryConfiguration",
     "UpdateLogAnomalyDetector",
     "UpdateLogDelivery"
    ],
@@ -13724,11 +13730,16 @@
    "ARNRegex": "^arn:aws:profile:.+:.+:.+",
    "Actions": [
     "AddProfileKey",
+    "BatchGetCalculatedAttributeForProfile",
+    "BatchGetProfile",
     "CreateCalculatedAttributeDefinition",
     "CreateDomain",
     "CreateEventStream",
     "CreateIntegrationWorkflow",
     "CreateProfile",
+    "CreateSegmentDefinition",
+    "CreateSegmentEstimate",
+    "CreateSegmentSnapshot",
     "CreateSnapshot",
     "DeleteCalculatedAttributeDefinition",
     "DeleteDomain",
@@ -13738,6 +13749,7 @@
     "DeleteProfileKey",
     "DeleteProfileObject",
     "DeleteProfileObjectType",
+    "DeleteSegmentDefinition",
     "DeleteWorkflow",
     "DetectProfileObjectType",
     "GetAutoMergingPreview",
@@ -13750,6 +13762,10 @@
     "GetMatches",
     "GetProfileObjectType",
     "GetProfileObjectTypeTemplate",
+    "GetSegmentDefinition",
+    "GetSegmentEstimate",
+    "GetSegmentMembership",
+    "GetSegmentSnapshot",
     "GetSimilarProfiles",
     "GetSnapshot",
     "GetWorkflow",
@@ -13761,10 +13777,13 @@
     "ListEventStreams",
     "ListIdentityResolutionJobs",
     "ListIntegrations",
+    "ListObjectTypeAttributes",
+    "ListProfileAttributeValues",
     "ListProfileObjectTypeTemplates",
     "ListProfileObjectTypes",
     "ListProfileObjects",
     "ListRuleBasedMatches",
+    "ListSegmentDefinitions",
     "ListTagsForResource",
     "ListWorkflows",
     "MergeProfiles",
@@ -14337,6 +14356,7 @@
     "CopyImage",
     "CopySnapshot",
     "CreateCapacityReservation",
+    "CreateCapacityReservationBySplitting",
     "CreateCapacityReservationFleet",
     "CreateCarrierGateway",
     "CreateClientVpnEndpoint",
@@ -14851,6 +14871,7 @@
     "MonitorInstances",
     "MoveAddressToVpc",
     "MoveByoipCidrToIpam",
+    "MoveCapacityReservationInstances",
     "PauseVolumeIO",
     "ProvisionByoipCidr",
     "ProvisionIpamByoasn",
@@ -14946,13 +14967,17 @@
     "ec2:CloudwatchLogStreamArn",
     "ec2:CpuOptionsAmdSevSnp",
     "ec2:CreateAction",
+    "ec2:CreateDate",
     "ec2:DPDTimeoutSeconds",
+    "ec2:DestinationCapacityReservationId",
     "ec2:DhcpOptionsID",
     "ec2:DirectoryArn",
     "ec2:Domain",
     "ec2:EbsOptimized",
     "ec2:ElasticGpuType",
     "ec2:Encrypted",
+    "ec2:EndDate",
+    "ec2:EndDateType",
     "ec2:FisActionId",
     "ec2:FisTargetArns",
     "ec2:GatewayType",
@@ -14963,9 +14988,12 @@
     "ec2:InsideTunnelCidr",
     "ec2:InsideTunnelIpv6Cidr",
     "ec2:InstanceAutoRecovery",
+    "ec2:InstanceCount",
     "ec2:InstanceID",
     "ec2:InstanceMarketType",
+    "ec2:InstanceMatchCriteria",
     "ec2:InstanceMetadataTags",
+    "ec2:InstancePlatform",
     "ec2:InstanceProfile",
     "ec2:InstanceType",
     "ec2:InternetGatewayID",
@@ -15022,6 +15050,7 @@
     "ec2:SnapshotID",
     "ec2:SnapshotLockDuration",
     "ec2:SnapshotTime",
+    "ec2:SourceCapacityReservationId",
     "ec2:SourceInstanceARN",
     "ec2:SourceOutpostArn",
     "ec2:Subnet",
@@ -19432,19 +19461,26 @@
    "ARNFormat": "arn:aws:wisdom:${Region}:${Account}:${Resource}/${ResourceId}",
    "ARNRegex": "^arn:aws:wisdom:.+:.+:.+",
    "Actions": [
+    "ActivateMessageTemplate",
     "CreateAssistant",
     "CreateAssistantAssociation",
     "CreateContent",
     "CreateContentAssociation",
     "CreateKnowledgeBase",
+    "CreateMessageTemplate",
+    "CreateMessageTemplateAttachment",
+    "CreateMessageTemplateVersion",
     "CreateQuickResponse",
     "CreateSession",
+    "DeactivateMessageTemplate",
     "DeleteAssistant",
     "DeleteAssistantAssociation",
     "DeleteContent",
     "DeleteContentAssociation",
     "DeleteImportJob",
     "DeleteKnowledgeBase",
+    "DeleteMessageTemplate",
+    "DeleteMessageTemplateAttachment",
     "DeleteQuickResponse",
     "GetAssistant",
     "GetAssistantAssociation",
@@ -19453,6 +19489,7 @@
     "GetContentSummary",
     "GetImportJob",
     "GetKnowledgeBase",
+    "GetMessageTemplate",
     "GetQuickResponse",
     "GetRecommendations",
     "GetSession",
@@ -19462,13 +19499,17 @@
     "ListContents",
     "ListImportJobs",
     "ListKnowledgeBases",
+    "ListMessageTemplateVersions",
+    "ListMessageTemplates",
     "ListQuickResponses",
     "ListTagsForResource",
     "NotifyRecommendationsReceived",
     "PutFeedback",
     "QueryAssistant",
     "RemoveKnowledgeBaseTemplateUri",
+    "RenderMessageTemplate",
     "SearchContent",
+    "SearchMessageTemplates",
     "SearchQuickResponses",
     "SearchSessions",
     "StartContentUpload",
@@ -19477,6 +19518,8 @@
     "UntagResource",
     "UpdateContent",
     "UpdateKnowledgeBaseTemplateUri",
+    "UpdateMessageTemplate",
+    "UpdateMessageTemplateMetadata",
     "UpdateQuickResponse",
     "UpdateSession"
    ],
@@ -19486,6 +19529,8 @@
     "aws:RequestTag/${TagKey}",
     "aws:ResourceTag/${TagKey}",
     "aws:TagKeys",
+    "wisdom:MessageTemplate/RoutingProfileArn",
+    "wisdom:SearchFilter/Qualifier",
     "wisdom:SearchFilter/RoutingProfileArn"
    ]
   },
@@ -19774,6 +19819,7 @@
     "AuthorizeDBSecurityGroupIngress",
     "BacktrackDBCluster",
     "CancelExportTask",
+    "CopyCustomDBEngineVersion",
     "CopyDBClusterParameterGroup",
     "CopyDBClusterSnapshot",
     "CopyDBParameterGroup",
@@ -19847,9 +19893,9 @@
     "DescribeDBSecurityGroups",
     "DescribeDBShardGroups",
     "DescribeDBSnapshotAttributes",
+    "DescribeDBSnapshotTenantDatabases",
     "DescribeDBSnapshots",
     "DescribeDBSubnetGroups",
-    "DescribeDbSnapshotTenantDatabases",
     "DescribeEngineDefaultClusterParameters",
     "DescribeEngineDefaultParameters",
     "DescribeEventCategories",
@@ -20844,6 +20890,7 @@
     "ListBucket",
     "ListBucketMultipartUploads",
     "ListBucketVersions",
+    "ListCallerAccessGrants",
     "ListJobs",
     "ListMultiRegionAccessPoints",
     "ListMultipartUploadParts",

src/cfnlint/data/DownloadsMetadata/123ba181485ae293d5bd09722af0c19d5a0d14c62111ff864923fc7b7960dda6.meta.json

@@ -1 +1 @@
-{"etag": "\"f6edd82515a16676926f5f3a12d52efb\"", "url": "https://schema.cloudformation.eu-south-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"a86e50b288ee4f4dd6e651ea549ac7de\"", "url": "https://schema.cloudformation.eu-south-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/164e1bfc2823fbd49d8d0e7163ebf32b2b6653d7edfe98a64577daae0b481c38.meta.json

@@ -1 +1 @@
-{"etag": "\"972c9c66abd3c137d444e53ebdd3f145\"", "url": "https://schema.cloudformation.cn-north-1.amazonaws.com.cn/CloudformationSchema.zip"}
+{"etag": "\"fd28205e00e128a44509fd6455f9c222\"", "url": "https://schema.cloudformation.cn-north-1.amazonaws.com.cn/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/18624fcc4a1c571691d10b2508e6be565e4752bbc10d9552de8df8f81348c42b.meta.json

@@ -1 +1 @@
-{"etag": "\"77b7d56615ac52645e5a806c8856ce9e\"", "url": "https://schema.cloudformation.us-gov-east-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"9c86f750034fd005a1b21c6f9690b49b\"", "url": "https://schema.cloudformation.us-gov-east-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/227d6e59c86482f7153466759080e65963a1bf4413531ad420ff60a5a0d7965d.meta.json

@@ -1 +1 @@
-{"etag": "\"8f79f8805b7537d546dc63450fd56a1b\"", "url": "https://schema.cloudformation.me-south-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"5c22f3c0ac78e9532fc06d49f4db45ef\"", "url": "https://schema.cloudformation.me-south-1.amazonaws.com/CloudformationSchema.zip"}