Along with the General Guides, it might be helpful to add a niche guide section, which is broken down by AWS service. Happy to issue a PR with some quality tutorials as an example.

template.add_description("blah ...")

s3bucket = template.add_resource(Bucket(
    "S3Bucket",
    
    BucketName="my-test-bucket",

    # Attach a LifeCycle Configuration

    LifecycleConfiguration=LifecycleConfiguration(Rules=[
        # Add a rule to
        LifecycleRule(
            # Rule attributes
            Id="S3BucketRuleFor90d

As per https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html, ACM has a restriction that requires certificates to be created in the us-east-1 region in order to be used with CloudFront:

To use an ACM Certificate with Amazon CloudFront, you must request or import the certificate in the US East (N. Virginia) region. ACM Certificates in this region that are associated with a CloudFr

Issue type

• Bug Report

Build number

master branch

Configuration

Deployed as a Stack Set, with a CloudWatch Rule triggering the function

Summary

Can't confirm completely, but I believe the logger which is created from main.go 's setupLogging function does not get created, and therefore

cfn-lint version: (cfn-lint --version): cfn-lint 0.26.0

Description of issue.

It'd be helpful if cfn-lint had a check when parameter names or psuedo-parameters are used in conditions without a !Ref much like it checks for strings with ${PARAMETER} without a !Sub. This would prevent accidental comparisons with a string literal. It might also be helpful to check for conditions that

I can see some basic support in Sceptre for AWS SAM although there don't appear to be any code examples or blog posts and it's unclear to me how you would actually do SAM in Sceptre, especially after SAM's guided deploy mode became the standard.

In the mean time, can anyone suggest the high level approach- would I create a Python wrapper to call the SAM CLI to do sam build and sam package a

Describe the bug
Several of the screens in the Cognito User Pool console (post-creation) are not captured.

To Reproduce
Steps to reproduce the behavior:

1. Go to 'Cognito User Pools' in the console.
2. Click on an existing User Pool with an App Client.
3. Scroll down to 'Federation' and fill out the two pages, e.g. for Google.
4. Scroll up to 'App Integration' and fill out the App

While testing another PR, I found that mu pipeline logs command displays information from the pipelines, but also shows this error:

$ mu pipeline logs
[... normal, expected output ...]
func1 ▶ ERROR  ResourceNotFoundException: The specified log group does not exist.
	status code: 400, request id: f7260741-7f69-4772-b4cc-7c6a9c22d264

This error does not occur with the `-f

OAI ensures the contents of the S3 bucket remain private and prevent people from bypassing CloudFront to access content

Checkov may need to do a multiple resource check for this… (Both the CFN Distro and backing S3 bucket)

Seems like we can encrypt environment variables effectively for free by adding a KmsKeyArn property to functions. See: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md

This would be an easy contribution for a first timer...

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and

Currently, the flag to print rule suppressions does not print the rules suppressed via a blacklist file. Would it be possible for cfn_nag and cfn_nag_scan to include blacklisted rules in their suppressions output?

In the CloudFormation Public Coverage Roadmap FAQs, the question "What do the roadmap categories mean?" says, "Shipped - should be obvious :)".

This kind of language is condescending to readers for whom this is not obvious. For example, those whose first language is not English, or a frustrated user

taskcat test run

To Reproduce
Steps to reproduce the behavior:
- curl -O https://bootstrap.pypa.io/get-pip.py
- python3 get-pip.py --user
- pip install --upgrade pip
- pip3 install taskcat --user
- taskcat --version
- taskcat test run
error: ValidationError Additional properties are not allowed ('parameters' was unexpected)

github url of docs,

Looking up all Amazon-owned AMIs takes dozens of seconds for me. Even though I know the exact name of the AMI I want, the ami lookup still loads all of them and filters by regex. It should be possible to easily specify a non-regex filter that will passed-through to the API call directly.

Currently the generated output is

type GraphQLApi_AdditionalAuthenticationProviders struct {

	// AWSCloudFormationDeletionPolicy represents a CloudFormation DeletionPolicy
	AWSCloudFormationDeletionPolicy policies.DeletionPolicy `json:"-"`

	// AWSCloudFormationDependsOn stores the logical ID of the resources to be created before this resource
	AWSCloudFormationDependsOn []string `js

Request

• Bug
• New Feature
• Refactor
• Question
• Documentation
• Tests
• Other

Details

• Would be great to figure out some magic to add template validation testing in CircleCI
• Maybe a Rakefile task?

*******************>>> should be on
$(document).one('receivelexconfig', function onReceiveLexConfig() {
var localTimeZone;
try {
localTimeZone = JSON.stringify(
Intl.DateTimeFormat().resolvedOptions().timeZone
);
} catch (err) {
localTimeZone = JSON.stringify(
new Date().getTimezoneOffse

On page 106, in the main.yml example, there are two lines annotated with number (1).

The first description for (1) says "The WaitOnResourceSignal works for ASGs in the same way that the CreationPolicy worked on individual instances."; I believe it should be "The UpdatePolicy works..."

The actual "WaitOnResourceSignals" parameter, which is also annotated with (1), is not documented at all.

On this line https://github.com/awsdocs/aws-cloudformation-user-guide/blame/master/doc_source/using-iam-template.md#L121 it says to include permission on the resource arn:aws:cloudformation:<region>:aws:transform/Serverless-2016-10-31. However this is reported to be an unrecognized resource type in the console.
![image](https://user-images.githubusercontent.com/57576/75594131-92768580-5a3c-11e

Issue: not enough documentation for arguments to pass into cfnCreateChangeSet

I'm trying to create a wrapper around the cfnCreateChangeSet but have had to spend quite a bit of time experimenting with options of "What-ifs" on whether I need to validate input parameters or if this will do all of the work for me.

Biggest problem I've found is the absence of documentation on the differe