Exception for lambda authorizer uri

aws-cloudformation · Sep 26, 2024 · eaa0705 · eaa0705
1 parent 4a57bc9
commit eaa0705
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/src/cfnlint/rules/resources/HardCodedArnProperties.py b/src/cfnlint/rules/resources/HardCodedArnProperties.py
@@ -135,8 +135,11 @@ def match(self, cfn: Template) -> RuleMatches:
                     " incorrectly placed Pseudo Parameters"
                 )
                 matches.append(RuleMatch(path, message.format(path[1])))
+
+            # Lambda is added for authorizer's Uniform Resource Identifier (URI)
+            # https://github.com/aws-cloudformation/cfn-lint/issues/3716
             if self.config["accountId"] and not re.match(
-                r"^\$\{\w+}|\$\{AWS::AccountId}|aws|$", candidate[2]
+                r"^\$\{\w+}|\$\{AWS::AccountId}|aws|lambda|$", candidate[2]
             ):
                 message = (
                     "ARN in Resource {0} contains hardcoded AccountId in ARN or"

diff --git a/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties.yaml b/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties.yaml
@@ -6,3 +6,11 @@ Resources:
       RestApiId: RestApiId
       Type: REQUEST
       Name: Name
+  Stack:
+    Type: AWS::CloudFormation::Stack
+    DeletionPolicy: Delete
+    UpdateReplacePolicy: Delete
+    Properties:
+      TemplateURL: !Sub https://s3_bucket_name.s3.${AWS::Region}.amazonaws.com/template.yaml
+      Parameters:
+        AuthorizerUri: !Sub arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:FunctionName/invocations