v1: E3014 Only one of ['SecurityGroups', 'SecurityGroupIds', 'NetworkInterfaces'] is a required property

egut commented 3 months ago

CloudFormation Lint Version

v1.3.0

What operating system are you using?

Ubuntu

Describe the bug

When non of the 'SecurityGroups', 'SecurityGroupIds', 'NetworkInterfaces' is defined in a LaunchTemplate then I get E3014. There are no requirements to have one of them for a LT.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html

Expected behavior

Expected is to accept LT without 'SecurityGroups', 'SecurityGroupIds', 'NetworkInterfaces' one example is when you add a LT to a ComputeEnviroment for Batch job where you need to change block storage, the CE in Batch will handle networking.

Reproduction template

---
AWSTemplateFormatVersion: 2010-09-09
Description: 'Bug E3014 and E1040.'

Parameters:

  BuildId:
    Type: 'AWS::SSM::Parameter::Value<String>'

  ShortName:
    Type: 'String'

Resources:

  LaunchTemplate:
    Type: 'AWS::EC2::LaunchTemplate'
    Properties:
      LaunchTemplateName: !Sub '${ShortName}-Template'
      # E3014 - bug in cfn-lint 1.3.0 ?
      LaunchTemplateData:
        # E1040 - bug in cfn-lint 1.3.0 ?
        ImageId: !GetAtt 'SelectAMI.AMI'

  SelectAMI:
    Type: 'Custom::SelectAMI'
    Properties:
      # expected: E1010 - due to missing lambda function in this test
      ServiceToken: !GetAtt 'SelectAMICustomLambda.Arn'
      RandomNumber: !Ref 'BuildId'

palsivertsen commented 3 months ago

I see this as well. Upgraded from cfn_lint-0.87.7-py3-none-any to cfn_lint-1.3.0-py3-none-any.

palsivertsen commented 3 months ago

The template from aws-cloudformation/cfn-lint/issues/3329 also produces this error.

aws-cloudformation / cfn-lint