Skip to content

feat: add rule E3697 to validate Lambda env var 4KB size limit#4405

Merged
kddejong merged 2 commits into
aws-cloudformation:mainfrom
raajheshkannaa:feat/lambda-env-var-limit
Mar 24, 2026
Merged

feat: add rule E3697 to validate Lambda env var 4KB size limit#4405
kddejong merged 2 commits into
aws-cloudformation:mainfrom
raajheshkannaa:feat/lambda-env-var-limit

Conversation

@raajheshkannaa
Copy link
Copy Markdown
Contributor

@raajheshkannaa raajheshkannaa commented Mar 23, 2026

Closes #1945

Summary

  • New rule E3697 that validates AWS::Lambda::Function environment variables do not exceed the 4KB (4096 bytes) limit
  • Sums byte lengths of all keys and string values in Environment.Variables
  • Reports the actual total size in the error message for easy debugging
  • Follows existing CfnLintKeyword pattern used by other Lambda rules

Changes

  • src/cfnlint/rules/resources/lmbd/FunctionEnvironmentSize.py: New rule
  • test/unit/rules/resources/lmbd/test_function_environment_size.py: 5 parametrized tests

Test plan

  • All 98 Lambda rule tests pass (93 existing + 5 new)
  • Edge cases: empty vars (pass), exactly 4096 bytes (pass), 4097 bytes (fail)
  • Many small keys exceeding limit detected correctly

@raajheshkannaa
Add rule E3697: validate Lambda env var total size limit (4 KB)
52e1292 
AWS Lambda enforces a hard 4 KB limit on the total size of all
environment variable keys and values. If exceeded, CloudFormation
deployment fails. This rule catches that at lint time.

Fixes #1945
@codecov
Copy link
Copy Markdown

codecov Bot commented Mar 24, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 92.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 93.44%. Comparing base (0bbabc9) to head (1f96080).
⚠️ Report is 33 commits behind head on main.

Files with missing lines Patch % Lines
...nt/rules/resources/lmbd/FunctionEnvironmentSize.py 92.00% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4405      +/-   ##
==========================================
- Coverage   93.54%   93.44%   -0.10%     
==========================================
  Files         418      423       +5     
  Lines       14145    14350     +205     
  Branches     2817     2865      +48     
==========================================
+ Hits        13232    13410     +178     
- Misses        567      582      +15     
- Partials      346      358      +12
Flag Coverage Δ
unittests 93.44% <92.00%> (-0.09%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@kddejong kddejong merged commit f4372db into aws-cloudformation:main Mar 24, 2026
17 of 18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kddejong kddejong kddejong approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

AWS::Lambda::Function maximum env var limit

2 participants

@raajheshkannaa @kddejong