How is this different from cfn-lint?

cfn-lint is a CLI tool you install and run locally. This is a browser-based linter that provides instant feedback without installation. It covers similar checks for syntax, required fields, and best practices, making it convenient for quick validation or when you do not have cfn-lint installed.

Does this tool validate nested stacks?

The linter validates the template you provide. If your template references nested stacks via AWS::CloudFormation::Stack, it checks that the resource properties are correct but cannot follow the TemplateURL to validate the nested template itself. Paste each nested template separately for full coverage.

Can it check SAM templates?

The linter recognizes standard CloudFormation syntax. AWS SAM templates use a Transform and additional resource types like AWS::Serverless::Function. Basic structural checks apply, but SAM-specific validations may not be fully covered.

CloudFormation Template Linter

MonitoringAWS

Lint CloudFormation JSON templates for missing DeletionPolicy, hardcoded IDs, open security groups, invalid refs, and score 0-100.

Input

Presets:

CloudFormation Template (JSON)

CloudFormation Best Practices

DeletionPolicy & UpdateReplacePolicy

Always set DeletionPolicy and UpdateReplacePolicy on stateful resources like RDS instances, DynamoDB tables, and S3 buckets. This prevents accidental data loss during stack deletion or updates that require resource replacement.

Security Hardening

Never expose SSH (22), RDP (3389), or database ports to 0.0.0.0/0. Use NoEcho for password parameters. Avoid hardcoding secrets in templates. Use AWS Secrets Manager or SSM Parameter Store instead.

Template Organization

Include a Description for documentation. Use Outputs for cross-stack references. Keep templates under 50 resources and use nested stacks for larger architectures. Tag all resources for cost tracking.

Portability

Avoid hardcoding account IDs and AMI IDs. Use pseudo parameters like AWS::AccountId and AWS::Region. Store AMI IDs in SSM Parameter Store or use Mappings for multi-region deployments.

About This Tool

The CloudFormation Template Linter analyzes your AWS CloudFormation templates for syntax errors, missing required fields, and deviations from best practices. It checks resource type validity, required property presence, parameter and output structure, and flags common mistakes like circular dependencies or missing DependsOn attributes. The linter runs entirely in your browser and provides categorized findings with severity levels so you can prioritize fixes before deploying to AWS.

When to Use This Tool

•Validate CloudFormation templates before deployment to catch syntax errors and missing required properties that would cause stack creation failures.
•Check templates for best practices like proper use of Conditions, Mappings, and DeletionPolicy to improve template quality.
•Integrate linting into your development workflow by validating templates before committing them to version control.
•Audit legacy CloudFormation templates for deprecated resource types and outdated patterns.

Frequently Asked Questions

How is this different from cfn-lint?: cfn-lint is a CLI tool you install and run locally. This is a browser-based linter that provides instant feedback without installation. It covers similar checks for syntax, required fields, and best practices, making it convenient for quick validation or when you do not have cfn-lint installed.
Does this tool validate nested stacks?: The linter validates the template you provide. If your template references nested stacks via AWS::CloudFormation::Stack, it checks that the resource properties are correct but cannot follow the TemplateURL to validate the nested template itself. Paste each nested template separately for full coverage.
Can it check SAM templates?: The linter recognizes standard CloudFormation syntax. AWS SAM templates use a Transform and additional resource types like AWS::Serverless::Function. Basic structural checks apply, but SAM-specific validations may not be fully covered.

Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.