Hard coded resource names #4351
Description
Is this feature request related to a new rule or cfn-lint capabilities?
rules
Describe the feature you'd like to request
A rule to warn when CloudFormation resources have hardcoded physical names (e.g., BucketName, TableName, QueueName), which prevents deploying
the same infrastructure twice in the same AWS account.
This is explicitly called out in https://docs.aws.amazon.com/cdk/v2/guide/best-practices.html:
Use generated resource names, not physical names
Names are a precious resource. Each name can only be used once. Therefore, if you hardcode a table name or bucket name into your
infrastructure and application, you can't deploy that piece of infrastructure twice in the same account.
This is a common issue in shared development accounts where multiple developers or feature branches need isolated deployments.
Describe the solution you'd like
A new rule (e.g., W3050) that warns when resources have hardcoded physical name properties:
- AWS::S3::Bucket → BucketName
- AWS::DynamoDB::Table → TableName
- AWS::SQS::Queue → QueueName
- AWS::SNS::Topic → TopicName
- AWS::Lambda::Function → FunctionName
- AWS::IAM::Role → RoleName
- AWS::SecretsManager::Secret → Name
- AWS::Logs::LogGroup → LogGroupName
- (and other resources with physical name properties)
The rule should:
- Warn when these properties contain plain strings
- Pass when they use intrinsic functions (Ref, Fn::Sub, etc.) or are omitted entirely
- Be configurable to ignore specific resource types if needed
I've implemented a working custom rule here: https://github.com/kaihendry/hardcodeDetector/blob/main/cfn_lint_rules/hardcoded_names.py
Additional context
No response
Is this something that you'd be interested in working on?
- 👋 I may be able to implement this feature request
Would this feature include a breaking change?
-
⚠️ This feature might incur a breaking change