Skip to content

Feature Request: AWS::StepFunctions::StateMachine - (JSONPath) If the 'Key' ends with an ".$", the 'Value' must either start with "$" or a valid intrinsic function call #4085

Open
Open
Feature Request: AWS::StepFunctions::StateMachine - (JSONPath) If the 'Key' ends with an ".$", the 'Value' must either start with "$" or a valid intrinsic function call#4085
Labels
enhancementNew feature or request
@r-heimann

Description

@r-heimann
r-heimann
opened on Apr 8, 2025

Is this feature request related to a new rule or cfn-lint capabilities?

New capability

Describe the feature you'd like to request

Currently cfn-lint is unable to recognize that the 'Value' of a 'Key' ending with `.$" also needs to start with an "$" or a valid intrinsic function call. The following CloudFormation Templates will cause CloudFormation errors:

AWSTemplateFormatVersion: 2010-09-09
Description: Test

Resources:
  StepFunctionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: states.amazonaws.com
            Action: sts:AssumeRole

  StateMachine:
    Type: AWS::StepFunctions::StateMachine
    Properties:
      RoleArn: !GetAtt StepFunctionRole.Arn
      Definition:
        StartAt: Pass
        States:
          Pass:
            Type: Pass
            Assign:
              Variable.$: "Test" # <--------------------------
            Next: Success
          Success:
            Type: Succeed

CloudFormation error:

Resource handler returned message:
"Invalid State Machine Definition: 'SCHEMA_VALIDATION_FAILED:
The value for the field 'Variable.$' must be a valid JSONPath or a valid intrinsic function call at /States/Pass/Assign' 
(Service: Sfn, Status Code: 400, Request ID: 4...1)
(SDK Attempt Count: 1)"
(RequestToken: 2...a, HandlerErrorCode: InvalidRequest)

AWSTemplateFormatVersion: 2010-09-09
Description: Test

Resources:
  StepFunctionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: states.amazonaws.com
            Action: sts:AssumeRole

  StateMachine:
    Type: AWS::StepFunctions::StateMachine
    Properties:
      RoleArn: !GetAtt StepFunctionRole.Arn
      Definition:
        StartAt: Pass
        States:
          Pass:
            Type: Pass
            Parameters:
              Test.$: "Test" # <--------------------------
            Next: Success
          Success:
            Type: Succeed

CloudFormation error:

Resource handler returned message:
"Invalid State Machine Definition: 'SCHEMA_VALIDATION_FAILED:
The value for the field 'Variable.$' must be a valid JSONPath or a valid intrinsic function call at /States/Pass/Parameters'
(Service: Sfn, Status Code: 400, Request ID: 8...3)
(SDK Attempt Count: 1)"
(RequestToken: 5...4, HandlerErrorCode: InvalidRequest)

Describe the solution you'd like

A new/updated rule to notify the user of this error.

Additional context

No response

Is this something that you'd be interested in working on?

  • 👋 I may be able to implement this feature request

Would this feature include a breaking change?

  • ⚠️ This feature might incur a breaking change

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions