From eaa07052308a10e5458a8f58a775b05846b1eed4 Mon Sep 17 00:00:00 2001
From: Kevin DeJong <kddejong@amazon.com>
Date: Thu, 26 Sep 2024 08:35:00 -0700
Subject: [PATCH] Exception for lambda authorizer uri

---
 src/cfnlint/rules/resources/HardCodedArnProperties.py     | 5 ++++-
 .../resources/properties/hard_coded_arn_properties.yaml   | 8 ++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/cfnlint/rules/resources/HardCodedArnProperties.py b/src/cfnlint/rules/resources/HardCodedArnProperties.py
index 0fce8446a2..a6af5101cd 100644
--- a/src/cfnlint/rules/resources/HardCodedArnProperties.py
+++ b/src/cfnlint/rules/resources/HardCodedArnProperties.py
@@ -135,8 +135,11 @@ def match(self, cfn: Template) -> RuleMatches:
                     " incorrectly placed Pseudo Parameters"
                 )
                 matches.append(RuleMatch(path, message.format(path[1])))
+
+            # Lambda is added for authorizer's Uniform Resource Identifier (URI)
+            # https://github.com/aws-cloudformation/cfn-lint/issues/3716
             if self.config["accountId"] and not re.match(
-                r"^\$\{\w+}|\$\{AWS::AccountId}|aws|$", candidate[2]
+                r"^\$\{\w+}|\$\{AWS::AccountId}|aws|lambda|$", candidate[2]
             ):
                 message = (
                     "ARN in Resource {0} contains hardcoded AccountId in ARN or"
diff --git a/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties.yaml b/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties.yaml
index 2ad971962a..0250c3225b 100644
--- a/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties.yaml
+++ b/test/fixtures/templates/good/resources/properties/hard_coded_arn_properties.yaml
@@ -6,3 +6,11 @@ Resources:
       RestApiId: RestApiId
       Type: REQUEST
       Name: Name
+  Stack:
+    Type: AWS::CloudFormation::Stack
+    DeletionPolicy: Delete
+    UpdateReplacePolicy: Delete
+    Properties:
+      TemplateURL: !Sub https://s3_bucket_name.s3.${AWS::Region}.amazonaws.com/template.yaml
+      Parameters:
+        AuthorizerUri: !Sub arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:FunctionName/invocations