Time To Life Stack and linting generated templateswith cfn-lint #185
Description
Hi,
basically I have to ignore the Check I1022 (https://github.com/aws-cloudformation/cfn-lint/blob/main/docs/rules.md) when using a Time To Life Stack because the stack generates with "Fn::Join" which is not best practice accordingly to Cfn-lint:
Cfn-lint has only defaults configured.
CDK:
new TimeToLive(this, 'TimeToLive', {
ttl: Duration.minutes(
Number(process.env.BS_CM_STACK_TIME_TO_LIVE_MINUTES)
),
})
generated Cloudformation Template:
"Resources": {
"TimeToLiveDeleteStackServiceRole5597A6E0": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"ManagedPolicyArns": [
{
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
]
]
}
]
},
"Metadata": {
"aws:cdk:path": "InfrastructureStack/TimeToLive/DeleteStack/ServiceRole/Resource"
}
},
Cfn-lint Errormessage:
I1022 Prefer using Fn::Sub over Fn::Join with an empty delimiter
packages/infrastructure/cdk.out/InfrastructureStack.template.json
W3005 Obsolete DependsOn on resource (TimeToLiveDeleteStackServiceRole5597A6E0), dependency already enforced by a "Fn:GetAtt" at Resources/TimeToLiveDeleteStack08274E9B/Properties/Role/Fn::GetAtt
packages/infrastructure/cdk.out/InfrastructureStack.template.json