From bc98561a8b474ac68c42e7c0ea7943707184bd58 Mon Sep 17 00:00:00 2001
From: Roger Zhang <ruojiazh@amazon.com>
Date: Tue, 21 Apr 2026 14:28:32 -0700
Subject: [PATCH] fix: add cfn-lint ignore rules for new format validation
 checks

cfn-lint 1.49.0 expanded format keyword coverage (aws-cloudformation/cfn-lint#4442),
adding validation for ACM Certificate ARNs (E1159), IAM Role ARNs (E1156),
KMS Key ARNs (E1157), Ref/GetAtt format matching (E1041), and Fn::Sub
resolved value checking (W1031).

These new rules flag placeholder/fake ARN values in test fixture files
under tests/translator/output/. Since these are intentionally simplified
test values (not real templates), suppress the checks in .cfnlintrc.yaml.
---
 .cfnlintrc.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.cfnlintrc.yaml b/.cfnlintrc.yaml
index 560779164..aabf634ce 100644
--- a/.cfnlintrc.yaml
+++ b/.cfnlintrc.yaml
@@ -120,3 +120,8 @@ ignore_checks:
   - W2001 # Parameter not used
   - E3006 # Resource type check; we have some Foo Bar resources
   - W3037 # Ignore cfn-lint check for non existing IAM permissions
+  - E1041 # Ref/GetAtt format mismatch; test fixtures use refs that resolve correctly at deploy time
+  - E1156 # Invalid IAM Role ARN format; test fixtures use placeholder values
+  - E1157 # Invalid KMS Key ARN format; test fixtures use placeholder values
+  - E1159 # Invalid ACM Certificate ARN format; test fixtures use placeholder values
+  - W1031 # Fn::Sub resolved value format mismatch; test fixtures use simplified ARN patterns