Install cfn-lint for AWS CloudFormation and VSCode

- [Instructor] Unlocking the potential of advanced CloudFormation begins with your development environment. After all, before you can automate your infrastructure templates, you have to write them in the first place. CloudFormation can be pretty complex, and it's sometimes tough to know where to start. What resources are available to create? What are all the parameters we need to define to make sure they work the way we intend? How do we make sure the internal references that connect these resources are consistent and correct? These are exactly the problems solved by a little library called cfn-lint, the CloudFormation Linter built by AWS. The idea of code linters goes all the way back to the days of C programming when UNIX developer Stephen C. Johnson wrote the first utility called Lint back in 1984. The tool was a static code analyzer meant to catch common errors as well as stylistic faux pas before compiling C code. Today, linters are common features or add-ons to many languages. Like its modern equivalence in JavaScript and Python, cfn-lint is a command line tool that can help you improve your CloudFormation before you push it to AWS. Cfn-lint does more than just catch common errors and enforce good coding practices. It can also help you write your templates. It can suggest resources and parameter names and provides a direct link to documentation when you need it. Let's take a look at what this looks like on the AWS GitHub page. So here in GitHub, you can see the cfn-lint repository maintained by AWS. You can kind of scroll through here and see everything about it, including the readme, which shows you how to use it and how to install it, which we'll do in just a few moments here. You'll see examples of how to run the linter from the command line and how to install it with VS Code. So let's head to our own terminal and do this installation. Remember, you should have PIP installed so all you need to do is say pip or pip3 install cfn-lint. This will take just a moment and install the package on your machine. Okay, we can confirm the installation by typing cfn-lint--version. Okay, so that's installed now and if we wanted, we could feed a template to cfn-lint and see its output, but the best way to use cfn-lint is in conjunction with a code editor like VS Code. So here I am in VS Code, and you can see that I've got the course exercise files here in the outline. If I go over to the Extensions section, I can search for cfn-lint here in the extensions and find this one written by this author, KD DeJong. Click Install, and when you do, you'll see the full details here. This is a plugin for VS Code that works with the tool that we just installed on the terminal, so you do have to do both. Okay, now that we've got the CFN Linter plugin installed here in VS Code, we can go back to our code. And if you go to the Developer folder, I've got something called lintproblems.yml. This file will show us a little bit of what cfn-lint can do for us when looking at a template. You can see already that we've got red wavy lines under certain parts of the code. And here we've got an orange one. These are hints that something needs looking at. We've also got the panel down here, which I can click that shows errors and warnings so we can see a summary of what's going on. Let's look at the first one here. Top-level template section Descrition is not valid, so we've got a typo here. Cfn-lint is aware of the way that a template should look and the way that certain sections should be spelled. So I've got an option here that shows me what's going wrong. Now, sometimes you'll see there's a quick fix and this does feel like something that cfn-lint could do for us, but looks like we're going to have to put the letter P in here by ourselves to make it Description. Once we save the template, again, cfn-lint will reevaluate and you can see that the red lines disappear. We've got something here under Type for the security group parameter and it says we've got an invalid type here. And we sure do, because this needs to be AWS EC2 Security Group ID. So you can see it does take a little bit of knowledge of how the template should work, but cfn-lint is going to alert you to errors. All right, save again and we should see that error also go away. All right, we'll go down. Here under Resources, I've got a label called My_instance. What is wrong with that? Well, cfn-lint helps me out. It says the name has to be alphanumeric. So I can get rid of that underscore, save the template, and now I'm good to go. I don't have any more errors, but I do still have a warning. It's telling me here something about the way I'm using these functions. I've got Base64 and Sub. These are two things that we'll talk about later in the course, but what we're being told here is that Sub isn't needed because there are no variables. We'll learn a little bit that what Sub does is allow us to do string interpolation and put variables into strings but we don't have any of that here. It's just straight up bash code. So we're being told, hey, you don't actually need Sub. So that's just a little help from cfn-lint. It will still compile and AWS will still run this template even if we don't change that. So it's just a warning, but it does help us to clean up the template a little bit. So now that I've saved that, the wavy lines go away, and we've got to a clean template here thanks to cfn-lint.