AWS::SNS::Subscription.Protocol AllowedValues expansion (firehose)

[evilneuro]

Issue #, if available:

Description of changes: When creating a resource of type AWS::SNS::Subscription, using "Protocol": "firehose", cfn-lint returns "E3030: You must specify a valid value for Protocol (firehose). Valid values are ["application", "email-json", "email", "http", "https", "lambda", "sms", "sqs"]". To fix this, the protocol "firehose" must be added to the list of valid values for an SNS Subscription resource.

Problem: SNS was recently updated to support delivering messages from SNS topics to Kinesis Data Firehose delivery streams. The CloudFormation documentation for the AWS::SNS::Subscription resource points at the SNS API documentation for the Subscribe action for a list of valid SNS subscription protocols. This list has been updated to include the firehose protocol for a delivery stream, however cfn-lint has not been updated; it fails to validate a template if the firehose protocol is used, but the template will deploy successfully when executed in CloudFormation.

Example:

"MyKinesisFireHoseSNSSub": {
    "Type": "AWS::SNS::Subscription",
    "Properties": {
        "TopicArn": { "Fn::GetAtt": ["MySNSTopic", "Arn"] },
        "SubscriptionRoleArn": { "Fn::GetAtt": [ "MySNSSubIAMRole", "Arn" ] },
        "Endpoint": {
            "Fn::GetAtt": ["MyKinesisFirehoseDeliveryStream", "Arn"]
        },
        "Protocol": "firehose",
        "RawMessageDelivery": true
    }
}

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[evilneuro]

Thanks, Kevin!