AWS CloudFormation Linter (cfn-lint)
raw JSON → 1.47.1 verified Tue May 12 auth: no python install: verified
cfn-lint is an open-source static analysis tool developed by AWS that checks CloudFormation templates (YAML/JSON) for potential errors, adherence to AWS best practices, and valid resource configurations. It validates templates against the AWS CloudFormation resource provider schemas and additional checks, aiming to catch issues before deployment. The project is actively maintained with frequent updates, often including new CloudFormation schemas and linting rules.
pip install cfn-lint Common errors
error E3002 Invalid Property Resources/<Resource-Name>/Properties/<PropertyName> ↓
cause This error indicates that a property specified for a CloudFormation resource is either misspelled, does not exist, or is not supported for that specific resource type according to the AWS CloudFormation resource specification.
fix
Review the CloudFormation template and correct the property name or remove the unsupported property, ensuring it adheres to the official AWS CloudFormation documentation for the specified resource type.
error E3003 Property <PropertyName> missing at Resources/<Resource-Name> ↓
cause This error signifies that a required property for a particular CloudFormation resource is not present in the template.
fix
Add the missing required property to the resource definition in your CloudFormation template, referring to the AWS CloudFormation resource specification for the correct syntax and value.
error W3002 This code may only work with package cli command as the property (/TemplateURL) is a string ↓
cause This warning commonly occurs in nested CloudFormation stacks when `TemplateURL` references a local file path instead of an S3 URL, meaning the template needs to be packaged before deployment.
fix
Either upload the nested stack template to an S3 bucket and provide its S3 URL, or use the
aws cloudformation package command to prepare the template for deployment, which will upload local artifacts to S3 and update the TemplateURL automatically. error E0002 Unknown exception while processing rule E<rule-id>: <exception-details> ↓
cause This error indicates an unexpected internal exception within `cfn-lint` while processing a specific rule, often due to malformed intrinsic functions, incorrect data types in the template, or an incompatibility with `cfn-lint`'s parsing logic.
fix
Examine the CloudFormation template at the indicated location for syntax errors, incorrect intrinsic function usage, or unexpected data types. Ensure your
cfn-lint and its dependencies (like pyrsistent or samtranslator) are up to date, as this can sometimes resolve internal parsing issues. error E3001 Invalid or unsupported Type <ResourceType> for resource <ResourceName> in <region> ↓
cause This error means that the specified CloudFormation resource type is either invalid, misspelled, or not supported in the AWS region where the linting is being performed.
fix
Verify the resource type's spelling and ensure it is a valid CloudFormation resource type. Confirm that the resource type is available in the specified AWS region, and adjust the resource type or the target region if necessary.
Warnings
breaking Python 3.9 support has been removed as of cfn-lint v1.47.0. Users on Python 3.9 or older must upgrade their Python environment to 3.10 or newer. ↓
fix Upgrade Python to version 3.10 or newer. (e.g., `pyenv install 3.10.12 && pyenv global 3.10.12`)
breaking cfn-lint v1 introduced major breaking changes by migrating from the CloudFormation specification to CloudFormation registry resource provider schemas and rewriting over 100 rules. This improves accuracy but may cause templates that previously passed to now fail, or require adjustments to custom rules/configurations. ↓
fix Review templates against the new v1 rules and schemas. Update custom rules (if any) to align with the new `CloudFormationLintRule` base class and validation mechanisms. Refer to the official blog post for migration guidance.
gotcha cfn-lint frequently updates its internal CloudFormation schemas to reflect the latest AWS service features and property definitions. While beneficial for up-to-date validation, this can lead to templates that previously passed linting beginning to fail after a `cfn-lint` upgrade, even if the template itself hasn't changed. ↓
fix Regularly review `cfn-lint` release notes for schema updates and new rules. Consider pinning `cfn-lint` versions in CI/CD pipelines and explicitly updating schemas with `--update-specs` in a controlled manner if you rely on the latest definitions.
gotcha The `cfn-lint` tool is often used as a command-line interface. There was also an older, deprecated `cfn-lint` npm package (JavaScript-based). Ensure you are installing and using the Python `cfn-lint` for the comprehensive features and active development. ↓
fix Always use `pip install cfn-lint` for the Python version. If you encounter unexpected behavior or outdated rule sets, verify you are not using the npm package or an outdated Python installation.
Install
pip install "cfn-lint[full]" pip install "cfn-lint[graph]" Install compatibility verified last tested: 2026-05-12 v1.46.0 installed · v1.51.0 latest
python os / libc variant status wheel install import disk mem side effects
3.10 alpine (musl) full wheel - 4.53s 222.3M 67.9M clean
3.10 alpine (musl) full - - 4.29s 216.7M 67.9M -
3.10 alpine (musl) graph wheel - 4.64s 220.3M 67.9M clean
3.10 alpine (musl) graph - - 4.45s 214.7M 67.9M -
3.10 alpine (musl) cfn-lint wheel - 4.86s 219.1M 67.9M clean
3.10 alpine (musl) cfn-lint - - 4.21s 213.5M 67.9M -
3.10 slim (glibc) full wheel 16.4s 3.67s 223M 67.9M clean
3.10 slim (glibc) full - - 3.50s 217M 67.9M -
3.10 slim (glibc) graph wheel 16.0s 3.77s 221M 67.9M clean
3.10 slim (glibc) graph - - 3.64s 215M 67.9M -
3.10 slim (glibc) cfn-lint wheel 15.6s 3.71s 220M 67.9M clean
3.10 slim (glibc) cfn-lint - - 3.40s 214M 67.9M -
3.11 alpine (musl) full wheel - 4.94s 257.0M 77.3M clean
3.11 alpine (musl) full - - 5.24s 251.4M 77.3M -
3.11 alpine (musl) graph wheel - 5.03s 254.8M 77.3M clean
3.11 alpine (musl) graph - - 5.34s 249.2M 77.3M -
3.11 alpine (musl) cfn-lint wheel - 4.99s 253.3M 77.3M clean
3.11 alpine (musl) cfn-lint - - 5.22s 247.7M 77.3M -
3.11 slim (glibc) full wheel 14.8s 4.58s 258M 77.3M clean
3.11 slim (glibc) full - - 4.43s 252M 77.3M -
3.11 slim (glibc) graph wheel 14.6s 4.45s 255M 77.3M clean
3.11 slim (glibc) graph - - 4.38s 250M 77.3M -
3.11 slim (glibc) cfn-lint wheel 14.1s 4.62s 254M 77.3M clean
3.11 slim (glibc) cfn-lint - - 4.30s 248M 77.3M -
3.12 alpine (musl) full wheel - 5.20s 249.9M 74.3M clean
3.12 alpine (musl) full - - 5.79s 244.2M 74.3M -
3.12 alpine (musl) graph wheel - 5.38s 238.8M 74.3M clean
3.12 alpine (musl) graph - - 5.82s 233.2M 74.3M -
3.12 alpine (musl) cfn-lint wheel - 5.26s 237.4M 74.3M clean
3.12 alpine (musl) cfn-lint - - 5.50s 231.8M 74.3M -
3.12 slim (glibc) full wheel 14.8s 5.27s 250M 74.3M clean
3.12 slim (glibc) full - - 5.71s 245M 74.3M -
3.12 slim (glibc) graph wheel 13.9s 5.29s 239M 74.3M clean
3.12 slim (glibc) graph - - 5.83s 234M 74.3M -
3.12 slim (glibc) cfn-lint wheel 13.6s 5.29s 238M 74.3M clean
3.12 slim (glibc) cfn-lint - - 5.71s 232M 74.3M -
3.13 alpine (musl) full wheel - 4.19s 249.0M 73.1M clean
3.13 alpine (musl) full - - 4.45s 243.3M 73.0M -
3.13 alpine (musl) graph wheel - 4.32s 237.9M 73.1M clean
3.13 alpine (musl) graph - - 4.43s 232.2M 73.0M -
3.13 alpine (musl) cfn-lint wheel - 4.33s 236.6M 73.1M clean
3.13 alpine (musl) cfn-lint - - 4.43s 230.8M 73.0M -
3.13 slim (glibc) full wheel 14.6s 4.26s 250M 73.1M clean
3.13 slim (glibc) full - - 4.79s 244M 73.1M -
3.13 slim (glibc) graph wheel 13.7s 4.27s 238M 73.1M clean
3.13 slim (glibc) graph - - 4.75s 233M 73.1M -
3.13 slim (glibc) cfn-lint wheel 13.4s 4.19s 237M 73.1M clean
3.13 slim (glibc) cfn-lint - - 4.63s 231M 73.1M -
3.9 alpine (musl) full wheel - 4.46s 212.9M 65.8M clean
3.9 alpine (musl) full - - 4.14s 212.8M 65.8M -
3.9 alpine (musl) graph wheel - 4.58s 210.9M 65.9M clean
3.9 alpine (musl) graph - - 4.33s 210.8M 65.8M -
3.9 alpine (musl) cfn-lint wheel - 4.47s 209.6M 65.9M clean
3.9 alpine (musl) cfn-lint - - 4.08s 209.5M 65.8M -
3.9 slim (glibc) full wheel 18.9s 4.35s 213M 65.9M clean
3.9 slim (glibc) full - - 3.85s 213M 65.9M -
3.9 slim (glibc) graph wheel 18.2s 4.34s 211M 65.9M clean
3.9 slim (glibc) graph - - 3.78s 211M 65.9M -
3.9 slim (glibc) cfn-lint wheel 18.2s 4.33s 210M 65.9M clean
3.9 slim (glibc) cfn-lint - - 3.69s 210M 65.9M -
Imports
- CloudFormationLintRule
from cfnlint.rules import CloudFormationLintRule
Quickstart last tested: 2026-04-24
import subprocess
import os
# Create a dummy CloudFormation template file with an intentional error
template_content = """
AWSTemplateFormatVersion: '2010-09-09'
Resources:
MyS3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-unique-bucket-name
# Intentional error: 'InvalidProperty' is not a valid S3 Bucket property
InvalidProperty: true
"""
template_file = "./my_bad_template.yaml"
with open(template_file, "w") as f:
f.write(template_content)
print(f"Linting {template_file} with cfn-lint...")
try:
# Run cfn-lint as a subprocess
# --format text is default, but explicit for clarity
# --non-zero-exit-code error ensures a non-zero exit if errors are found
result = subprocess.run(
['cfn-lint', template_file, '--non-zero-exit-code', 'error'],
capture_output=True, text=True, check=False
)
print("\n--- cfn-lint Output ---")
print(result.stdout)
if result.stderr:
print("\n--- cfn-lint Errors ---")
print(result.stderr)
if result.returncode != 0:
print(f"\ncfn-lint found issues! Exit Code: {result.returncode}")
else:
print("\ncfn-lint found no issues.")
except FileNotFoundError:
print("Error: cfn-lint command not found. Please ensure it's installed and in your PATH.")
except Exception as e:
print(f"An unexpected error occurred: {e}")
finally:
# Clean up the dummy template file
if os.path.exists(template_file):
os.remove(template_file)
print(f"\nCleaned up {template_file}")