.ci/providerlint/passes/AWSAT001/README.md
The AWSAT001 analyzer reports when a resource.TestMatchResourceAttr() call references an Amazon
Resource Name (ARN) attribute. It is preferred to use resource.TestCheckResourceAttrPair() or one
one of the available Terraform AWS Provider ARN testing check functions instead building full ARN
regular expressions. These testing helper functions consider the value of the AWS Account ID,
Partition, and Region of the acceptance test runner.
The resource.TestCheckResourceAttrPair() call can be used when the Terraform state has the ARN
value already available, such as when the current resource is referencing an ARN attribute of
another resource.
Otherwise, available ARN testing check functions include:
acctest.CheckResourceAttrGlobalARNacctest.CheckResourceAttrGlobalARNNoAccountacctest.CheckResourceAttrRegionalARNacctest.MatchResourceAttrGlobalARNacctest.MatchResourceAttrRegionalARNacctest.CheckResourceAttrRegionalARNNoAccountacctest.CheckResourceAttrRegionalARNAccountIDacctest.CheckResourceAttrGlobalARNAccountIDresource.TestMatchResourceAttr("aws_lb_listener.test", "certificate_arn", regexache.MustCompile(`^arn:[^:]+:acm:[^:]+:[^:]+:certificate/.+$`))
resource.TestCheckResourceAttrPair("aws_lb_listener.test", "certificate_arn", "aws_acm_certificate.test", "arn")
acctest.MatchResourceAttrRegionalARN("aws_lb_listener.test", "certificate_arn", "acm", regexache.MustCompile(`certificate/.+`))
The check can be ignored for a certain line via a //lintignore:AWSAT001 comment on the previous line or at the end of the offending line, e.g.
//lintignore:AWSAT001
resource.TestMatchResourceAttr("aws_lb_listener.test", "certificate_arn", regexache.MustCompile(`^arn:[^:]+:acm:[^:]+:[^:]+:certificate/.+$`))