AWSAT002

README

AWSAT002

The AWSAT002 analyzer reports hardcoded AMI IDs. AMI IDs are region dependent and tests will fail in any region or partition other than where the AMI was created.

Flagged Code

func testAccEC2SpotFleetRequestConfig(rName string, rInt int, validUntil string) string {
	return testAccEC2SpotFleetRequestConfigBase(rName, rInt) + fmt.Sprintf(`
resource "aws_spot_fleet_request" "test" {
    launch_specification {
        instance_type = "m1.small"
        ami = "ami-516b9131"
    }
}
`, validUntil)
}

Passing Code

func testAccEC2SpotFleetRequestConfig(rName string, rInt int, validUntil string) string {
    return testAccEC2SpotFleetRequestConfigBase(rName, rInt) + fmt.Sprintf(`
data "aws_ami" "amzn-ami-minimal-hvm-ebs" {
  most_recent = true
  owners      = ["amazon"]

  filter {
    name   = "name"
    values = ["amzn-ami-minimal-hvm-*"]
  }

  filter {
    name   = "root-device-type"
    values = ["ebs"]
  }
}

resource "aws_spot_fleet_request" "test" {
    launch_specification {
        instance_type = "m1.small"
        ami = data.aws_ami.amzn-ami-minimal-hvm-ebs.id
    }
}
`, validUntil)
}

Ignoring Reports

Singular reports can be ignored by adding the a //lintignore:AWSAT002 Go code comment at the end of the offending line or on the line immediately proceding, e.g.

ami = "ami-516b9131" //lintignore:AWSAT002

Documentation

Overview

Package AWSAT002 defines an Analyzer that checks for hardcoded AMI IDs

Index

• Constants
• Variables

Constants

const Doc = `` /* 192-byte string literal not displayed */

Variables

var Analyzer = &analysis.Analyzer{
	Name: analyzerName,
	Doc:  Doc,
	Requires: []*analysis.Analyzer{
		commentignore.Analyzer,
		inspect.Analyzer,
	},
	Run: run,
}