From f72070e2855cf243d4b97e07034c60f4590da813 Mon Sep 17 00:00:00 2001
From: wata_mac <watassbass@gmail.com>
Date: Mon, 13 May 2019 00:02:28 +0900
Subject: [PATCH] Auto generate rules from AWS API models

---
 .gitmodules                                   |   3 +
 Gopkg.toml                                    |   1 +
 Makefile                                      |   5 +-
 rules/awsrules/models/aws-sdk-go              |   1 +
 ...cm_certificate_invalid_certificate_body.go |  87 ++++++++
 ...rtificate_invalid_certificate_body_test.go | 124 +++++++++++
 ...m_certificate_invalid_certificate_chain.go |  87 ++++++++
 ...tificate_invalid_certificate_chain_test.go | 142 +++++++++++++
 ...aws_acm_certificate_invalid_private_key.go |  87 ++++++++
 ...cm_certificate_invalid_private_key_test.go | 135 ++++++++++++
 ...mpca_certificate_authority_invalid_type.go |  76 +++++++
 ...certificate_authority_invalid_type_test.go |  87 ++++++++
 ...aws_api_gateway_authorizer_invalid_type.go |  78 +++++++
 ...pi_gateway_authorizer_invalid_type_test.go |  87 ++++++++
 ..._gateway_response_invalid_response_type.go |  95 +++++++++
 ...way_response_invalid_response_type_test.go |  87 ++++++++
 ...ay_gateway_response_invalid_status_code.go |  69 +++++++
 ...teway_response_invalid_status_code_test.go |  87 ++++++++
 ...way_integration_invalid_connection_type.go |  77 +++++++
 ...ntegration_invalid_connection_type_test.go |  87 ++++++++
 ...ay_integration_invalid_content_handling.go |  77 +++++++
 ...tegration_invalid_content_handling_test.go |  87 ++++++++
 ...ws_api_gateway_integration_invalid_type.go |  80 ++++++++
 ...i_gateway_integration_invalid_type_test.go |  87 ++++++++
 ...ation_response_invalid_content_handling.go |  77 +++++++
 ..._response_invalid_content_handling_test.go |  87 ++++++++
 ...ntegration_response_invalid_status_code.go |  69 +++++++
 ...ation_response_invalid_status_code_test.go |  87 ++++++++
 ...way_method_response_invalid_status_code.go |  69 +++++++
 ...ethod_response_invalid_status_code_test.go |  87 ++++++++
 ...gateway_rest_api_invalid_api_key_source.go |  77 +++++++
 ...ay_rest_api_invalid_api_key_source_test.go |  87 ++++++++
 ...ateway_stage_invalid_cache_cluster_size.go |  83 ++++++++
 ...y_stage_invalid_cache_cluster_size_test.go |  87 ++++++++
 ...pautoscaling_policy_invalid_policy_type.go |  77 +++++++
 ...scaling_policy_invalid_policy_type_test.go |  87 ++++++++
 ...aling_policy_invalid_scalable_dimension.go |  86 ++++++++
 ..._policy_invalid_scalable_dimension_test.go |  87 ++++++++
 ...caling_policy_invalid_service_namespace.go |  83 ++++++++
 ...g_policy_invalid_service_namespace_test.go |  87 ++++++++
 ...duled_action_invalid_scalable_dimension.go |  86 ++++++++
 ..._action_invalid_scalable_dimension_test.go |  87 ++++++++
 ...eduled_action_invalid_service_namespace.go |  83 ++++++++
 ...d_action_invalid_service_namespace_test.go |  87 ++++++++
 ...aling_target_invalid_scalable_dimension.go |  86 ++++++++
 ..._target_invalid_scalable_dimension_test.go |  87 ++++++++
 ...caling_target_invalid_service_namespace.go |  83 ++++++++
 ...g_target_invalid_service_namespace_test.go |  87 ++++++++
 .../models/aws_appmesh_mesh_invalid_name.go   |  77 +++++++
 .../aws_appmesh_route_invalid_mesh_name.go    |  77 +++++++
 .../models/aws_appmesh_route_invalid_name.go  |  77 +++++++
 ...pmesh_route_invalid_virtual_router_name.go |  77 +++++++
 ..._appmesh_virtual_node_invalid_mesh_name.go |  77 +++++++
 .../aws_appmesh_virtual_node_invalid_name.go  |  77 +++++++
 ...ppmesh_virtual_router_invalid_mesh_name.go |  77 +++++++
 ...aws_appmesh_virtual_router_invalid_name.go |  77 +++++++
 ...pmesh_virtual_service_invalid_mesh_name.go |  77 +++++++
 ...ws_appmesh_virtual_service_invalid_name.go |  77 +++++++
 .../aws_appsync_datasource_invalid_name.go    |  69 +++++++
 ...ws_appsync_datasource_invalid_name_test.go |  87 ++++++++
 .../aws_appsync_datasource_invalid_type.go    |  81 ++++++++
 ...ws_appsync_datasource_invalid_type_test.go |  87 ++++++++
 ...graphql_api_invalid_authentication_type.go |  79 +++++++
 ...ql_api_invalid_authentication_type_test.go |  87 ++++++++
 ...ws_appsync_resolver_invalid_data_source.go |  69 +++++++
 ...psync_resolver_invalid_data_source_test.go |  87 ++++++++
 .../aws_appsync_resolver_invalid_field.go     |  69 +++++++
 ...aws_appsync_resolver_invalid_field_test.go |  87 ++++++++
 ...psync_resolver_invalid_request_template.go |  77 +++++++
 ...sync_resolver_invalid_response_template.go |  77 +++++++
 .../aws_appsync_resolver_invalid_type.go      |  69 +++++++
 .../aws_appsync_resolver_invalid_type_test.go |  87 ++++++++
 .../aws_athena_database_invalid_name.go       |  77 +++++++
 ...aws_athena_named_query_invalid_database.go |  77 +++++++
 ..._athena_named_query_invalid_description.go |  77 +++++++
 .../aws_athena_named_query_invalid_name.go    |  77 +++++++
 .../aws_athena_named_query_invalid_query.go   |  77 +++++++
 .../aws_launch_template_invalid_name.go       |  87 ++++++++
 .../aws_launch_template_invalid_name_test.go  |  87 ++++++++
 rules/awsrules/models/mappings/acm-pca.hcl    |  14 ++
 rules/awsrules/models/mappings/acm.hcl        | 193 ++++++++++++++++++
 rules/awsrules/models/mappings/apigateway.hcl | 164 +++++++++++++++
 .../mappings/application-autoscaling.hcl      | 104 ++++++++++
 rules/awsrules/models/mappings/appmesh.hcl    | 109 ++++++++++
 rules/awsrules/models/mappings/appsync.hcl    | 111 ++++++++++
 rules/awsrules/models/mappings/athena.hcl     |  54 +++++
 rules/awsrules/models/mappings/ec2.hcl        |  14 ++
 rules/awsrules/models/models_test.go          | 109 ++++++++++
 rules/awsrules/models/pattern_rule.go.tmpl    | 135 ++++++++++++
 .../awsrules/models/pattern_rule_test.go.tmpl |  92 +++++++++
 rules/provider.go                             |   4 +-
 rules/provider_model.go                       |  54 +++++
 rules/provider_model.go.tmpl                  |  11 +
 tools/model-rule-gen/main.go                  |  79 +++++++
 tools/model-rule-gen/provider.go              |  25 +++
 tools/model-rule-gen/rule.go                  |  85 ++++++++
 tools/rule_generator.go                       |  42 +---
 tools/utils/main.go                           |  51 +++++
 98 files changed, 7687 insertions(+), 40 deletions(-)
 create mode 100644 .gitmodules
 create mode 160000 rules/awsrules/models/aws-sdk-go
 create mode 100644 rules/awsrules/models/aws_acm_certificate_invalid_certificate_body.go
 create mode 100644 rules/awsrules/models/aws_acm_certificate_invalid_certificate_body_test.go
 create mode 100644 rules/awsrules/models/aws_acm_certificate_invalid_certificate_chain.go
 create mode 100644 rules/awsrules/models/aws_acm_certificate_invalid_certificate_chain_test.go
 create mode 100644 rules/awsrules/models/aws_acm_certificate_invalid_private_key.go
 create mode 100644 rules/awsrules/models/aws_acm_certificate_invalid_private_key_test.go
 create mode 100644 rules/awsrules/models/aws_acmpca_certificate_authority_invalid_type.go
 create mode 100644 rules/awsrules/models/aws_acmpca_certificate_authority_invalid_type_test.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_authorizer_invalid_type.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_authorizer_invalid_type_test.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_gateway_response_invalid_response_type.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_gateway_response_invalid_response_type_test.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_gateway_response_invalid_status_code.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_gateway_response_invalid_status_code_test.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_integration_invalid_connection_type.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_integration_invalid_connection_type_test.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_integration_invalid_content_handling.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_integration_invalid_content_handling_test.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_integration_invalid_type.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_integration_invalid_type_test.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_integration_response_invalid_content_handling.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_integration_response_invalid_content_handling_test.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_integration_response_invalid_status_code.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_integration_response_invalid_status_code_test.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_method_response_invalid_status_code.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_method_response_invalid_status_code_test.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_rest_api_invalid_api_key_source.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_rest_api_invalid_api_key_source_test.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_stage_invalid_cache_cluster_size.go
 create mode 100644 rules/awsrules/models/aws_api_gateway_stage_invalid_cache_cluster_size_test.go
 create mode 100644 rules/awsrules/models/aws_appautoscaling_policy_invalid_policy_type.go
 create mode 100644 rules/awsrules/models/aws_appautoscaling_policy_invalid_policy_type_test.go
 create mode 100644 rules/awsrules/models/aws_appautoscaling_policy_invalid_scalable_dimension.go
 create mode 100644 rules/awsrules/models/aws_appautoscaling_policy_invalid_scalable_dimension_test.go
 create mode 100644 rules/awsrules/models/aws_appautoscaling_policy_invalid_service_namespace.go
 create mode 100644 rules/awsrules/models/aws_appautoscaling_policy_invalid_service_namespace_test.go
 create mode 100644 rules/awsrules/models/aws_appautoscaling_scheduled_action_invalid_scalable_dimension.go
 create mode 100644 rules/awsrules/models/aws_appautoscaling_scheduled_action_invalid_scalable_dimension_test.go
 create mode 100644 rules/awsrules/models/aws_appautoscaling_scheduled_action_invalid_service_namespace.go
 create mode 100644 rules/awsrules/models/aws_appautoscaling_scheduled_action_invalid_service_namespace_test.go
 create mode 100644 rules/awsrules/models/aws_appautoscaling_target_invalid_scalable_dimension.go
 create mode 100644 rules/awsrules/models/aws_appautoscaling_target_invalid_scalable_dimension_test.go
 create mode 100644 rules/awsrules/models/aws_appautoscaling_target_invalid_service_namespace.go
 create mode 100644 rules/awsrules/models/aws_appautoscaling_target_invalid_service_namespace_test.go
 create mode 100644 rules/awsrules/models/aws_appmesh_mesh_invalid_name.go
 create mode 100644 rules/awsrules/models/aws_appmesh_route_invalid_mesh_name.go
 create mode 100644 rules/awsrules/models/aws_appmesh_route_invalid_name.go
 create mode 100644 rules/awsrules/models/aws_appmesh_route_invalid_virtual_router_name.go
 create mode 100644 rules/awsrules/models/aws_appmesh_virtual_node_invalid_mesh_name.go
 create mode 100644 rules/awsrules/models/aws_appmesh_virtual_node_invalid_name.go
 create mode 100644 rules/awsrules/models/aws_appmesh_virtual_router_invalid_mesh_name.go
 create mode 100644 rules/awsrules/models/aws_appmesh_virtual_router_invalid_name.go
 create mode 100644 rules/awsrules/models/aws_appmesh_virtual_service_invalid_mesh_name.go
 create mode 100644 rules/awsrules/models/aws_appmesh_virtual_service_invalid_name.go
 create mode 100644 rules/awsrules/models/aws_appsync_datasource_invalid_name.go
 create mode 100644 rules/awsrules/models/aws_appsync_datasource_invalid_name_test.go
 create mode 100644 rules/awsrules/models/aws_appsync_datasource_invalid_type.go
 create mode 100644 rules/awsrules/models/aws_appsync_datasource_invalid_type_test.go
 create mode 100644 rules/awsrules/models/aws_appsync_graphql_api_invalid_authentication_type.go
 create mode 100644 rules/awsrules/models/aws_appsync_graphql_api_invalid_authentication_type_test.go
 create mode 100644 rules/awsrules/models/aws_appsync_resolver_invalid_data_source.go
 create mode 100644 rules/awsrules/models/aws_appsync_resolver_invalid_data_source_test.go
 create mode 100644 rules/awsrules/models/aws_appsync_resolver_invalid_field.go
 create mode 100644 rules/awsrules/models/aws_appsync_resolver_invalid_field_test.go
 create mode 100644 rules/awsrules/models/aws_appsync_resolver_invalid_request_template.go
 create mode 100644 rules/awsrules/models/aws_appsync_resolver_invalid_response_template.go
 create mode 100644 rules/awsrules/models/aws_appsync_resolver_invalid_type.go
 create mode 100644 rules/awsrules/models/aws_appsync_resolver_invalid_type_test.go
 create mode 100644 rules/awsrules/models/aws_athena_database_invalid_name.go
 create mode 100644 rules/awsrules/models/aws_athena_named_query_invalid_database.go
 create mode 100644 rules/awsrules/models/aws_athena_named_query_invalid_description.go
 create mode 100644 rules/awsrules/models/aws_athena_named_query_invalid_name.go
 create mode 100644 rules/awsrules/models/aws_athena_named_query_invalid_query.go
 create mode 100644 rules/awsrules/models/aws_launch_template_invalid_name.go
 create mode 100644 rules/awsrules/models/aws_launch_template_invalid_name_test.go
 create mode 100644 rules/awsrules/models/mappings/acm-pca.hcl
 create mode 100644 rules/awsrules/models/mappings/acm.hcl
 create mode 100644 rules/awsrules/models/mappings/apigateway.hcl
 create mode 100644 rules/awsrules/models/mappings/application-autoscaling.hcl
 create mode 100644 rules/awsrules/models/mappings/appmesh.hcl
 create mode 100644 rules/awsrules/models/mappings/appsync.hcl
 create mode 100644 rules/awsrules/models/mappings/athena.hcl
 create mode 100644 rules/awsrules/models/mappings/ec2.hcl
 create mode 100644 rules/awsrules/models/models_test.go
 create mode 100644 rules/awsrules/models/pattern_rule.go.tmpl
 create mode 100644 rules/awsrules/models/pattern_rule_test.go.tmpl
 create mode 100644 rules/provider_model.go
 create mode 100644 rules/provider_model.go.tmpl
 create mode 100644 tools/model-rule-gen/main.go
 create mode 100644 tools/model-rule-gen/provider.go
 create mode 100644 tools/model-rule-gen/rule.go
 create mode 100644 tools/utils/main.go

diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 000000000..0a48921af
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "rules/awsrules/models/aws-sdk-go"]
+	path = rules/awsrules/models/aws-sdk-go
+	url = https://github.com/aws/aws-sdk-go.git
diff --git a/Gopkg.toml b/Gopkg.toml
index 2147e3bca..c35c0075b 100644
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -24,6 +24,7 @@
 #   go-tests = true
 #   unused-packages = true
 
+ignored = ["github.com/wata727/tflint/rules/awsrules/models/aws-sdk-go/*"]
 
 [[constraint]]
   name = "github.com/aws/aws-sdk-go"
diff --git a/Makefile b/Makefile
index 0a760609d..8228debb1 100644
--- a/Makefile
+++ b/Makefile
@@ -5,7 +5,7 @@ prepare:
 	dep ensure
 
 test: prepare
-	go test $$(go list ./... | grep -v vendor | grep -v mock)
+	go test $$(go list ./... | grep -v vendor | grep -v mock | grep -v aws-sdk-go)
 
 build: test
 	go build -v
@@ -57,4 +57,7 @@ image:
 rule:
 	go run tools/rule_generator.go
 
+model_rules:
+	go run github.com/wata727/tflint/tools/model-rule-gen
+
 .PHONY: default prepare test build install release clean mock image rule
diff --git a/rules/awsrules/models/aws-sdk-go b/rules/awsrules/models/aws-sdk-go
new file mode 160000
index 000000000..594c848f3
--- /dev/null
+++ b/rules/awsrules/models/aws-sdk-go
@@ -0,0 +1 @@
+Subproject commit 594c848f324de48d7b9fa434b213db7283a859e3
diff --git a/rules/awsrules/models/aws_acm_certificate_invalid_certificate_body.go b/rules/awsrules/models/aws_acm_certificate_invalid_certificate_body.go
new file mode 100644
index 000000000..5c4fa01cf
--- /dev/null
+++ b/rules/awsrules/models/aws_acm_certificate_invalid_certificate_body.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+	"regexp"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAcmCertificateInvalidCertificateBodyRule checks the pattern is valid
+type AwsAcmCertificateInvalidCertificateBodyRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsAcmCertificateInvalidCertificateBodyRule returns new rule with default attributes
+func NewAwsAcmCertificateInvalidCertificateBodyRule() *AwsAcmCertificateInvalidCertificateBodyRule {
+	return &AwsAcmCertificateInvalidCertificateBodyRule{
+		resourceType:  "aws_acm_certificate",
+		attributeName: "certificate_body",
+		max:           32768,
+		min:           1,
+		pattern:       regexp.MustCompile(`^-{5}BEGIN CERTIFICATE-{5}\x{000D}?\x{000A}([A-Za-z0-9/+]{64}\x{000D}?\x{000A})*[A-Za-z0-9/+]{1,64}={0,2}\x{000D}?\x{000A}-{5}END CERTIFICATE-{5}(\x{000D}?\x{000A})?$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAcmCertificateInvalidCertificateBodyRule) Name() string {
+	return "aws_acm_certificate_invalid_certificate_body"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAcmCertificateInvalidCertificateBodyRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAcmCertificateInvalidCertificateBodyRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAcmCertificateInvalidCertificateBodyRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAcmCertificateInvalidCertificateBodyRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"certificate_body must be 32768 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"certificate_body must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssue(
+					r,
+					`certificate_body does not match valid pattern ^-{5}BEGIN CERTIFICATE-{5}\x{000D}?\x{000A}([A-Za-z0-9/+]{64}\x{000D}?\x{000A})*[A-Za-z0-9/+]{1,64}={0,2}\x{000D}?\x{000A}-{5}END CERTIFICATE-{5}(\x{000D}?\x{000A})?$`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_acm_certificate_invalid_certificate_body_test.go b/rules/awsrules/models/aws_acm_certificate_invalid_certificate_body_test.go
new file mode 100644
index 000000000..1e8a419c9
--- /dev/null
+++ b/rules/awsrules/models/aws_acm_certificate_invalid_certificate_body_test.go
@@ -0,0 +1,124 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAcmCertificateInvalidCertificateBodyRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_acm_certificate" "foo" {
+	certificate_body = <<TEXT
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjjCCAXYCAQAwSTELMAkGA1UEBhMCSkExCjAIBgNVBAgMAWExCjAIBgNVBAcM
+AWIxCjAIBgNVBAoMAWExCjAIBgNVBAsMAWExCjAIBgNVBAMMAWEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5jqT6lQEWbyNeHMEeLJxRN7wPmfJXfWSJ
+L42vYPM8Ny8NxUtUE8eYavsJQSp2PcwBxVYatgVPNeL3saPGxfGpkIuaPgQO1n7a
++O+3Vb/GANe3g9RX/3p280DHdm+pppRp68yhivMrtznjXJCebOix+KdgHBMLUqx2
+7FWmqchJ+vQ74wmuDR1Y5fh69NDn79kB8ZJiUpZWQ0CPrgoi8KxWU8FT0JnQxBvE
+6CJ81P2/1LtJ//ngasyux37j3R64Q4ZLgTX9VtAX+Bnoy9Nh9wTb6zbjh6xzO1bN
+4IwaFvc+y2F5gZvct6m53p/DfskII+WuH6Gc6nHrN/g/V49Vo+3ZAgMBAAGgADAN
+BgkqhkiG9w0BAQsFAAOCAQEAA4W/lkp3oTmjIoyhZxUMv7b1zcRU/s9juzvYdfMB
+nkty65GIKc8VgRSdgdXHg9LyAmG2fw/Ek7fHzMb10a6AR6nNn8dDmDSJgP/Li/qH
+65ufOAZFwaQESmaOKuixXzpOl55k4iJCgWng1ejxZ1CSQczWdchLgW6af+ykUgLK
+i2H5CazWnCBtBRonsDKFE6TYH0NEqdFE/kAyWtKiMOXAV8Jyr2p8K5hMG/8Cusux
+Oe04sLexs2p1Og6LKAv9aWk0wYKB15Zjgx1EqKGJOwHJ5pOVXyGiQAnkqGaC0Q4N
+EUNkhA1s4v7yBuNuulIfhcbyOeLwnzElTz5RrV/1hgMWMg==
+-----END CERTIFICATE REQUEST-----
+TEXT
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_acm_certificate_invalid_certificate_body",
+					Type:     "ERROR",
+					Message:  `certificate_body does not match valid pattern ^-{5}BEGIN CERTIFICATE-{5}\x{000D}?\x{000A}([A-Za-z0-9/+]{64}\x{000D}?\x{000A})*[A-Za-z0-9/+]{1,64}={0,2}\x{000D}?\x{000A}-{5}END CERTIFICATE-{5}(\x{000D}?\x{000A})?$`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_acm_certificate" "foo" {
+	certificate_body = <<TEXT
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAfYCCQCMlVDEcxV0gDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJK
+QTEKMAgGA1UECAwBYTEKMAgGA1UEBwwBYjEKMAgGA1UECgwBYTEKMAgGA1UECwwB
+YTEKMAgGA1UEAwwBYTAeFw0xOTA1MTQxNTUxMjhaFw0yOTA1MTExNTUxMjhaMEkx
+CzAJBgNVBAYTAkpBMQowCAYDVQQIDAFhMQowCAYDVQQHDAFiMQowCAYDVQQKDAFh
+MQowCAYDVQQLDAFhMQowCAYDVQQDDAFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuY6k+pUBFm8jXhzBHiycUTe8D5nyV31kiS+Nr2DzPDcvDcVLVBPH
+mGr7CUEqdj3MAcVWGrYFTzXi97GjxsXxqZCLmj4EDtZ+2vjvt1W/xgDXt4PUV/96
+dvNAx3ZvqaaUaevMoYrzK7c541yQnmzosfinYBwTC1KsduxVpqnISfr0O+MJrg0d
+WOX4evTQ5+/ZAfGSYlKWVkNAj64KIvCsVlPBU9CZ0MQbxOgifNT9v9S7Sf/54GrM
+rsd+490euEOGS4E1/VbQF/gZ6MvTYfcE2+s244escztWzeCMGhb3PstheYGb3Lep
+ud6fw37JCCPlrh+hnOpx6zf4P1ePVaPt2QIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
+AQCoj/sZfrypif6AoLkqg2WimmK2KvWNf4srEVgI8BBIpnQpmvYdMKm4IBta8eWO
+E9Sdh2u8dnTpn9TEwK/hJpisRZey7H4pPXde86QHmJF1YjF+gdwgpsayIHsfCYJ9
+LJxew68jxO9YANwHy6RlS3c+hcNIWfSMOoct/P6vVkcMKOgA/hiMfHELlMzBK68U
+r+Ae7wRjNF4Whbxc6bdTOLocmhOjy6IvPC8x6K5RdOYaxVpRNgUz6WgQUI1gZ3hu
+YjSaGdqonttvSXhhSnoQEAHIpxvHq/PjOc5qEnzOt9nlYp3Ohr6WQAZfF3iwdd3l
+Q2V76qkXAhIjADC7VpZKJiij
+-----END CERTIFICATE-----
+TEXT
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAcmCertificateInvalidCertificateBodyRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAcmCertificateInvalidCertificateBodyRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_acm_certificate_invalid_certificate_chain.go b/rules/awsrules/models/aws_acm_certificate_invalid_certificate_chain.go
new file mode 100644
index 000000000..8bfdda2b8
--- /dev/null
+++ b/rules/awsrules/models/aws_acm_certificate_invalid_certificate_chain.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+	"regexp"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAcmCertificateInvalidCertificateChainRule checks the pattern is valid
+type AwsAcmCertificateInvalidCertificateChainRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsAcmCertificateInvalidCertificateChainRule returns new rule with default attributes
+func NewAwsAcmCertificateInvalidCertificateChainRule() *AwsAcmCertificateInvalidCertificateChainRule {
+	return &AwsAcmCertificateInvalidCertificateChainRule{
+		resourceType:  "aws_acm_certificate",
+		attributeName: "certificate_chain",
+		max:           2097152,
+		min:           1,
+		pattern:       regexp.MustCompile(`^(-{5}BEGIN CERTIFICATE-{5}\x{000D}?\x{000A}([A-Za-z0-9/+]{64}\x{000D}?\x{000A})*[A-Za-z0-9/+]{1,64}={0,2}\x{000D}?\x{000A}-{5}END CERTIFICATE-{5}\x{000D}?\x{000A})*-{5}BEGIN CERTIFICATE-{5}\x{000D}?\x{000A}([A-Za-z0-9/+]{64}\x{000D}?\x{000A})*[A-Za-z0-9/+]{1,64}={0,2}\x{000D}?\x{000A}-{5}END CERTIFICATE-{5}(\x{000D}?\x{000A})?$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAcmCertificateInvalidCertificateChainRule) Name() string {
+	return "aws_acm_certificate_invalid_certificate_chain"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAcmCertificateInvalidCertificateChainRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAcmCertificateInvalidCertificateChainRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAcmCertificateInvalidCertificateChainRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAcmCertificateInvalidCertificateChainRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"certificate_chain must be 2097152 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"certificate_chain must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssue(
+					r,
+					`certificate_chain does not match valid pattern ^(-{5}BEGIN CERTIFICATE-{5}\x{000D}?\x{000A}([A-Za-z0-9/+]{64}\x{000D}?\x{000A})*[A-Za-z0-9/+]{1,64}={0,2}\x{000D}?\x{000A}-{5}END CERTIFICATE-{5}\x{000D}?\x{000A})*-{5}BEGIN CERTIFICATE-{5}\x{000D}?\x{000A}([A-Za-z0-9/+]{64}\x{000D}?\x{000A})*[A-Za-z0-9/+]{1,64}={0,2}\x{000D}?\x{000A}-{5}END CERTIFICATE-{5}(\x{000D}?\x{000A})?$`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_acm_certificate_invalid_certificate_chain_test.go b/rules/awsrules/models/aws_acm_certificate_invalid_certificate_chain_test.go
new file mode 100644
index 000000000..d2df067c4
--- /dev/null
+++ b/rules/awsrules/models/aws_acm_certificate_invalid_certificate_chain_test.go
@@ -0,0 +1,142 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAcmCertificateInvalidCertificateChainRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_acm_certificate" "foo" {
+	certificate_chain = <<TEXT
+-----BEGIN PRIVATE KEY-----
+MIIEpAIBAAKCAQEAuY6k+pUBFm8jXhzBHiycUTe8D5nyV31kiS+Nr2DzPDcvDcVL
+VBPHmGr7CUEqdj3MAcVWGrYFTzXi97GjxsXxqZCLmj4EDtZ+2vjvt1W/xgDXt4PU
+V/96dvNAx3ZvqaaUaevMoYrzK7c541yQnmzosfinYBwTC1KsduxVpqnISfr0O+MJ
+rg0dWOX4evTQ5+/ZAfGSYlKWVkNAj64KIvCsVlPBU9CZ0MQbxOgifNT9v9S7Sf/5
+4GrMrsd+490euEOGS4E1/VbQF/gZ6MvTYfcE2+s244escztWzeCMGhb3PstheYGb
+3Lepud6fw37JCCPlrh+hnOpx6zf4P1ePVaPt2QIDAQABAoIBAGN8EAXtV3zwrzSp
+E/0ai+Cbki+HKUAxEXLf1QX/Y8mYCJlIex+jzzJvwRHwJ1TnwvX8GDMP/f6+9GY6
+joVm4S85OS/EKibOZ4r9RoCz77K4Bu/0NSfM6JrXxpZqcGmzzwSPENJXjhKVFOtK
+WJsn5wZsO0izJJ7Af4jvIujNRH4sq8oO0T5OHNlJprrR8KY7+7IJrAd+JyCWxuX3
+uToqrQALpZjSLi0+60+UZIVH+F4yJtkar1MS+K5bAAtX6gxaq3embIOD5KCooHpf
++CXBuWhUpFIqdWWDKJunnbriuXPBVVx1BZBtALUMPEYZ+gR22l2s/ck0BGixsdcN
+VwDluuUCgYEA9k64okPnwUAQXyoHnA09zSJ0acr4aX/lqixY+fx0yn5Rs46WuFl0
+OkUSZ3YMoj5MM/hmrMgz2v7bleVDrsZYUM4//9bYVxRIf1/gHm6PRJDnAMDEiz7y
+crJCD1HTk/4CTcufbVnyyDt7NQe+qL9wRbTUMIojdZ1PsThv4zOuNhMCgYEAwNvu
+LXhUJ7Wc92xFwRbmhNw8nQu0YgwVkGiD5QMY/6FJhcGdLa/Ih3NvyZI+Q/x/qzTh
+udCHHlMgAftx5uA7IpZxQo0ak5a/T46X1EvRqcPZvOyDliBeYhhAXflyNfusmm5X
+cExL6g3aUXxa7ue255xkKo2Q1VH+b9YeP+pZeeMCgYEA2VqEkiTMWfvXtrLXPj1t
+IR3bjxQe/LJxkCdMaWYABkVMgeA9XvcJmvYjFIvXAEFra50zthuBryqhyfgkLxI3
+Ey++yFzmUonCpCyOESzNXttkDoUNrDdjKhXmN7Ckvf80N0SOLqhml43t3tEzzaQK
+RmkZqq/sNLkafzBnhB6yCGMCgYEAqtFhiXadmzpZ2DBXLCobbSwgp7zZPUqUwv4/
+bFUtDCYQF9+gVvnuNELDjZbxfYgkkEDbeZhARVS88eSDQ0nyNrVnhdmy42xO8KlM
+w2WQQ7xLm/Ekr5Dl6B6wzEuHpFbQz0vSOI3rY1h3uVras+Yac9RqR+JxmO/x256b
+1mK8c58CgYAA2zWV1m34tdbUmhc6ELNznbPxaM4sAe7mVooSxs02pTN5ToxMpkyn
+hLL+1AMBOhv57k6YDTzYf5adR38023TOrf6NuD9G5s0KeaFM8c7SrBt8BHA6MW9C
+7kJKP9RgFcXPFH6Z57rKykRaaDR6M+ELrhd488tOmqlwS9tnnWuoBQ==
+-----END PRIVATE KEY-----
+TEXT
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_acm_certificate_invalid_certificate_chain",
+					Type:     "ERROR",
+					Message:  `certificate_chain does not match valid pattern ^(-{5}BEGIN CERTIFICATE-{5}\x{000D}?\x{000A}([A-Za-z0-9/+]{64}\x{000D}?\x{000A})*[A-Za-z0-9/+]{1,64}={0,2}\x{000D}?\x{000A}-{5}END CERTIFICATE-{5}\x{000D}?\x{000A})*-{5}BEGIN CERTIFICATE-{5}\x{000D}?\x{000A}([A-Za-z0-9/+]{64}\x{000D}?\x{000A})*[A-Za-z0-9/+]{1,64}={0,2}\x{000D}?\x{000A}-{5}END CERTIFICATE-{5}(\x{000D}?\x{000A})?$`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_acm_certificate" "foo" {
+	certificate_chain = <<TEXT
+-----BEGIN CERTIFICATE-----
+MIIEWjCCA0KgAwIBAgIQBUNA0KLEzIER+qg3fUbgbzANBgkqhkiG9w0BAQsFADBa
+MQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl
+clRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2
+MTExNTEyMDMzMVoXDTI1MDUxMDEyMDAwMFowWjELMAkGA1UEBhMCSlAxIzAhBgNV
+BAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBMdGQuMSYwJAYDVQQDEx1DeWJlcnRy
+dXN0IEphcGFuIFB1YmxpYyBDQSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAJRWo0VEVKpgZL+4V59O29R5aF8TBfQ/zSXdPF5Ydxyd5p/jMknvAjo0
+U41S5eM5Zh/nM2G2J8YkVVAnAmXwsIxBjTBeR1uCb8ecoyhDbVh7yBWYTiVvy3Yn
+WwssLLWYI+eLfP13GsRSul0Z7nghTSGa2RJ8MxVrGsmB6traV7fVL84fS/y0M+Cg
+yZQnuydAtpDbrJ51phErSRktw8JDBwm7PW6Io+OKxdKG9mVbNMOfTALlCbosxnZm
+69F2JfQwE/tYYKhY41FvSwgEYY2sqTAvUkGjIsEzWat7WfmTZ0vJiXVS7ylJNJMc
+nJNznBnOXBjNTAknwT/1Sez04t9Lr48CAwEAAaOCARowggEWMB0GA1UdDgQWBBRz
+qAhTKbgV+5mA5cU32Pg5e6QTBjAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6
+tQRN8DASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjA0BggrBgEF
+BQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA6
+BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vT21uaXJv
+b3QyMDI1LmNybDA+BgNVHSAENzA1MDMGBWeBDAECMCowKAYIKwYBBQUHAgEWHGh0
+dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBABqR
+cPGWxhjLeEP8gzZ29OHVpL8EFWNvpnEbpnAWa1uYmFNf0fsSoibP04UCB0Ye21KA
+jPNuTE2OWpgxlTVvl99sIJFKhXCIn6OWCLQpbjFMu8Ro5rdzg4ekedsihWN9NMwU
++K8DqO+oukIYjF2zPnnwcSykKaUhdi0BqUtmzJhHkFjoslJllOXiJ4DQkbpjiQpR
+yjPfliI1wzAcOM3xxswHAxOq8BVHKErKYUqHkHgHFZ6Ycts+sShKqVf+Zdx9zYJV
+pItiSs0DDCCFapxWACouIVY+xPYG8EMUWXz0gK8SAwNHXLRxBtjNWhCGOiSN+ihp
+277L8LbKp8eA8OlOMiU=
+-----END CERTIFICATE-----
+TEXT
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAcmCertificateInvalidCertificateChainRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAcmCertificateInvalidCertificateChainRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_acm_certificate_invalid_private_key.go b/rules/awsrules/models/aws_acm_certificate_invalid_private_key.go
new file mode 100644
index 000000000..0b75ab10d
--- /dev/null
+++ b/rules/awsrules/models/aws_acm_certificate_invalid_private_key.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+	"regexp"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAcmCertificateInvalidPrivateKeyRule checks the pattern is valid
+type AwsAcmCertificateInvalidPrivateKeyRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsAcmCertificateInvalidPrivateKeyRule returns new rule with default attributes
+func NewAwsAcmCertificateInvalidPrivateKeyRule() *AwsAcmCertificateInvalidPrivateKeyRule {
+	return &AwsAcmCertificateInvalidPrivateKeyRule{
+		resourceType:  "aws_acm_certificate",
+		attributeName: "private_key",
+		max:           524288,
+		min:           1,
+		pattern:       regexp.MustCompile(`^-{5}BEGIN PRIVATE KEY-{5}\x{000D}?\x{000A}([A-Za-z0-9/+]{64}\x{000D}?\x{000A})*[A-Za-z0-9/+]{1,64}={0,2}\x{000D}?\x{000A}-{5}END PRIVATE KEY-{5}(\x{000D}?\x{000A})?$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAcmCertificateInvalidPrivateKeyRule) Name() string {
+	return "aws_acm_certificate_invalid_private_key"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAcmCertificateInvalidPrivateKeyRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAcmCertificateInvalidPrivateKeyRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAcmCertificateInvalidPrivateKeyRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAcmCertificateInvalidPrivateKeyRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"private_key must be 524288 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"private_key must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssue(
+					r,
+					`private_key does not match valid pattern ^-{5}BEGIN PRIVATE KEY-{5}\x{000D}?\x{000A}([A-Za-z0-9/+]{64}\x{000D}?\x{000A})*[A-Za-z0-9/+]{1,64}={0,2}\x{000D}?\x{000A}-{5}END PRIVATE KEY-{5}(\x{000D}?\x{000A})?$`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_acm_certificate_invalid_private_key_test.go b/rules/awsrules/models/aws_acm_certificate_invalid_private_key_test.go
new file mode 100644
index 000000000..0d85c5b5c
--- /dev/null
+++ b/rules/awsrules/models/aws_acm_certificate_invalid_private_key_test.go
@@ -0,0 +1,135 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAcmCertificateInvalidPrivateKeyRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_acm_certificate" "foo" {
+	private_key = <<TEXT
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAfYCCQCMlVDEcxV0gDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJK
+QTEKMAgGA1UECAwBYTEKMAgGA1UEBwwBYjEKMAgGA1UECgwBYTEKMAgGA1UECwwB
+YTEKMAgGA1UEAwwBYTAeFw0xOTA1MTQxNTUxMjhaFw0yOTA1MTExNTUxMjhaMEkx
+CzAJBgNVBAYTAkpBMQowCAYDVQQIDAFhMQowCAYDVQQHDAFiMQowCAYDVQQKDAFh
+MQowCAYDVQQLDAFhMQowCAYDVQQDDAFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuY6k+pUBFm8jXhzBHiycUTe8D5nyV31kiS+Nr2DzPDcvDcVLVBPH
+mGr7CUEqdj3MAcVWGrYFTzXi97GjxsXxqZCLmj4EDtZ+2vjvt1W/xgDXt4PUV/96
+dvNAx3ZvqaaUaevMoYrzK7c541yQnmzosfinYBwTC1KsduxVpqnISfr0O+MJrg0d
+WOX4evTQ5+/ZAfGSYlKWVkNAj64KIvCsVlPBU9CZ0MQbxOgifNT9v9S7Sf/54GrM
+rsd+490euEOGS4E1/VbQF/gZ6MvTYfcE2+s244escztWzeCMGhb3PstheYGb3Lep
+ud6fw37JCCPlrh+hnOpx6zf4P1ePVaPt2QIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
+AQCoj/sZfrypif6AoLkqg2WimmK2KvWNf4srEVgI8BBIpnQpmvYdMKm4IBta8eWO
+E9Sdh2u8dnTpn9TEwK/hJpisRZey7H4pPXde86QHmJF1YjF+gdwgpsayIHsfCYJ9
+LJxew68jxO9YANwHy6RlS3c+hcNIWfSMOoct/P6vVkcMKOgA/hiMfHELlMzBK68U
+r+Ae7wRjNF4Whbxc6bdTOLocmhOjy6IvPC8x6K5RdOYaxVpRNgUz6WgQUI1gZ3hu
+YjSaGdqonttvSXhhSnoQEAHIpxvHq/PjOc5qEnzOt9nlYp3Ohr6WQAZfF3iwdd3l
+Q2V76qkXAhIjADC7VpZKJiij
+-----END CERTIFICATE-----
+TEXT
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_acm_certificate_invalid_private_key",
+					Type:     "ERROR",
+					Message:  `private_key does not match valid pattern ^-{5}BEGIN PRIVATE KEY-{5}\x{000D}?\x{000A}([A-Za-z0-9/+]{64}\x{000D}?\x{000A})*[A-Za-z0-9/+]{1,64}={0,2}\x{000D}?\x{000A}-{5}END PRIVATE KEY-{5}(\x{000D}?\x{000A})?$`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_acm_certificate" "foo" {
+	private_key = <<TEXT
+-----BEGIN PRIVATE KEY-----
+MIIEpAIBAAKCAQEAuY6k+pUBFm8jXhzBHiycUTe8D5nyV31kiS+Nr2DzPDcvDcVL
+VBPHmGr7CUEqdj3MAcVWGrYFTzXi97GjxsXxqZCLmj4EDtZ+2vjvt1W/xgDXt4PU
+V/96dvNAx3ZvqaaUaevMoYrzK7c541yQnmzosfinYBwTC1KsduxVpqnISfr0O+MJ
+rg0dWOX4evTQ5+/ZAfGSYlKWVkNAj64KIvCsVlPBU9CZ0MQbxOgifNT9v9S7Sf/5
+4GrMrsd+490euEOGS4E1/VbQF/gZ6MvTYfcE2+s244escztWzeCMGhb3PstheYGb
+3Lepud6fw37JCCPlrh+hnOpx6zf4P1ePVaPt2QIDAQABAoIBAGN8EAXtV3zwrzSp
+E/0ai+Cbki+HKUAxEXLf1QX/Y8mYCJlIex+jzzJvwRHwJ1TnwvX8GDMP/f6+9GY6
+joVm4S85OS/EKibOZ4r9RoCz77K4Bu/0NSfM6JrXxpZqcGmzzwSPENJXjhKVFOtK
+WJsn5wZsO0izJJ7Af4jvIujNRH4sq8oO0T5OHNlJprrR8KY7+7IJrAd+JyCWxuX3
+uToqrQALpZjSLi0+60+UZIVH+F4yJtkar1MS+K5bAAtX6gxaq3embIOD5KCooHpf
++CXBuWhUpFIqdWWDKJunnbriuXPBVVx1BZBtALUMPEYZ+gR22l2s/ck0BGixsdcN
+VwDluuUCgYEA9k64okPnwUAQXyoHnA09zSJ0acr4aX/lqixY+fx0yn5Rs46WuFl0
+OkUSZ3YMoj5MM/hmrMgz2v7bleVDrsZYUM4//9bYVxRIf1/gHm6PRJDnAMDEiz7y
+crJCD1HTk/4CTcufbVnyyDt7NQe+qL9wRbTUMIojdZ1PsThv4zOuNhMCgYEAwNvu
+LXhUJ7Wc92xFwRbmhNw8nQu0YgwVkGiD5QMY/6FJhcGdLa/Ih3NvyZI+Q/x/qzTh
+udCHHlMgAftx5uA7IpZxQo0ak5a/T46X1EvRqcPZvOyDliBeYhhAXflyNfusmm5X
+cExL6g3aUXxa7ue255xkKo2Q1VH+b9YeP+pZeeMCgYEA2VqEkiTMWfvXtrLXPj1t
+IR3bjxQe/LJxkCdMaWYABkVMgeA9XvcJmvYjFIvXAEFra50zthuBryqhyfgkLxI3
+Ey++yFzmUonCpCyOESzNXttkDoUNrDdjKhXmN7Ckvf80N0SOLqhml43t3tEzzaQK
+RmkZqq/sNLkafzBnhB6yCGMCgYEAqtFhiXadmzpZ2DBXLCobbSwgp7zZPUqUwv4/
+bFUtDCYQF9+gVvnuNELDjZbxfYgkkEDbeZhARVS88eSDQ0nyNrVnhdmy42xO8KlM
+w2WQQ7xLm/Ekr5Dl6B6wzEuHpFbQz0vSOI3rY1h3uVras+Yac9RqR+JxmO/x256b
+1mK8c58CgYAA2zWV1m34tdbUmhc6ELNznbPxaM4sAe7mVooSxs02pTN5ToxMpkyn
+hLL+1AMBOhv57k6YDTzYf5adR38023TOrf6NuD9G5s0KeaFM8c7SrBt8BHA6MW9C
+7kJKP9RgFcXPFH6Z57rKykRaaDR6M+ELrhd488tOmqlwS9tnnWuoBQ==
+-----END PRIVATE KEY-----
+TEXT
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAcmCertificateInvalidPrivateKeyRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAcmCertificateInvalidPrivateKeyRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_acmpca_certificate_authority_invalid_type.go b/rules/awsrules/models/aws_acmpca_certificate_authority_invalid_type.go
new file mode 100644
index 000000000..6ba674445
--- /dev/null
+++ b/rules/awsrules/models/aws_acmpca_certificate_authority_invalid_type.go
@@ -0,0 +1,76 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAcmpcaCertificateAuthorityInvalidTypeRule checks the pattern is valid
+type AwsAcmpcaCertificateAuthorityInvalidTypeRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAcmpcaCertificateAuthorityInvalidTypeRule returns new rule with default attributes
+func NewAwsAcmpcaCertificateAuthorityInvalidTypeRule() *AwsAcmpcaCertificateAuthorityInvalidTypeRule {
+	return &AwsAcmpcaCertificateAuthorityInvalidTypeRule{
+		resourceType:  "aws_acmpca_certificate_authority",
+		attributeName: "type",
+		enum: []string{
+			"SUBORDINATE",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAcmpcaCertificateAuthorityInvalidTypeRule) Name() string {
+	return "aws_acmpca_certificate_authority_invalid_type"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAcmpcaCertificateAuthorityInvalidTypeRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAcmpcaCertificateAuthorityInvalidTypeRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAcmpcaCertificateAuthorityInvalidTypeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAcmpcaCertificateAuthorityInvalidTypeRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`type is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_acmpca_certificate_authority_invalid_type_test.go b/rules/awsrules/models/aws_acmpca_certificate_authority_invalid_type_test.go
new file mode 100644
index 000000000..b64156df1
--- /dev/null
+++ b/rules/awsrules/models/aws_acmpca_certificate_authority_invalid_type_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAcmpcaCertificateAuthorityInvalidTypeRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_acmpca_certificate_authority" "foo" {
+	type = "ORDINATE"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_acmpca_certificate_authority_invalid_type",
+					Type:     "ERROR",
+					Message:  `type is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_acmpca_certificate_authority" "foo" {
+	type = "SUBORDINATE"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAcmpcaCertificateAuthorityInvalidTypeRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAcmpcaCertificateAuthorityInvalidTypeRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_api_gateway_authorizer_invalid_type.go b/rules/awsrules/models/aws_api_gateway_authorizer_invalid_type.go
new file mode 100644
index 000000000..8db6af772
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_authorizer_invalid_type.go
@@ -0,0 +1,78 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAPIGatewayAuthorizerInvalidTypeRule checks the pattern is valid
+type AwsAPIGatewayAuthorizerInvalidTypeRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAPIGatewayAuthorizerInvalidTypeRule returns new rule with default attributes
+func NewAwsAPIGatewayAuthorizerInvalidTypeRule() *AwsAPIGatewayAuthorizerInvalidTypeRule {
+	return &AwsAPIGatewayAuthorizerInvalidTypeRule{
+		resourceType:  "aws_api_gateway_authorizer",
+		attributeName: "type",
+		enum: []string{
+			"TOKEN",
+			"REQUEST",
+			"COGNITO_USER_POOLS",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAPIGatewayAuthorizerInvalidTypeRule) Name() string {
+	return "aws_api_gateway_authorizer_invalid_type"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAPIGatewayAuthorizerInvalidTypeRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAPIGatewayAuthorizerInvalidTypeRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAPIGatewayAuthorizerInvalidTypeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAPIGatewayAuthorizerInvalidTypeRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`type is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_api_gateway_authorizer_invalid_type_test.go b/rules/awsrules/models/aws_api_gateway_authorizer_invalid_type_test.go
new file mode 100644
index 000000000..18cecab93
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_authorizer_invalid_type_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAPIGatewayAuthorizerInvalidTypeRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_api_gateway_authorizer" "foo" {
+	type = "RESPONSE"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_api_gateway_authorizer_invalid_type",
+					Type:     "ERROR",
+					Message:  `type is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_api_gateway_authorizer" "foo" {
+	type = "TOKEN"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAPIGatewayAuthorizerInvalidTypeRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAPIGatewayAuthorizerInvalidTypeRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_api_gateway_gateway_response_invalid_response_type.go b/rules/awsrules/models/aws_api_gateway_gateway_response_invalid_response_type.go
new file mode 100644
index 000000000..1ad7f64f6
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_gateway_response_invalid_response_type.go
@@ -0,0 +1,95 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAPIGatewayGatewayResponseInvalidResponseTypeRule checks the pattern is valid
+type AwsAPIGatewayGatewayResponseInvalidResponseTypeRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAPIGatewayGatewayResponseInvalidResponseTypeRule returns new rule with default attributes
+func NewAwsAPIGatewayGatewayResponseInvalidResponseTypeRule() *AwsAPIGatewayGatewayResponseInvalidResponseTypeRule {
+	return &AwsAPIGatewayGatewayResponseInvalidResponseTypeRule{
+		resourceType:  "aws_api_gateway_gateway_response",
+		attributeName: "response_type",
+		enum: []string{
+			"DEFAULT_4XX",
+			"DEFAULT_5XX",
+			"RESOURCE_NOT_FOUND",
+			"UNAUTHORIZED",
+			"INVALID_API_KEY",
+			"ACCESS_DENIED",
+			"AUTHORIZER_FAILURE",
+			"AUTHORIZER_CONFIGURATION_ERROR",
+			"INVALID_SIGNATURE",
+			"EXPIRED_TOKEN",
+			"MISSING_AUTHENTICATION_TOKEN",
+			"INTEGRATION_FAILURE",
+			"INTEGRATION_TIMEOUT",
+			"API_CONFIGURATION_ERROR",
+			"UNSUPPORTED_MEDIA_TYPE",
+			"BAD_REQUEST_PARAMETERS",
+			"BAD_REQUEST_BODY",
+			"REQUEST_TOO_LARGE",
+			"THROTTLED",
+			"QUOTA_EXCEEDED",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAPIGatewayGatewayResponseInvalidResponseTypeRule) Name() string {
+	return "aws_api_gateway_gateway_response_invalid_response_type"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAPIGatewayGatewayResponseInvalidResponseTypeRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAPIGatewayGatewayResponseInvalidResponseTypeRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAPIGatewayGatewayResponseInvalidResponseTypeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAPIGatewayGatewayResponseInvalidResponseTypeRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`response_type is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_api_gateway_gateway_response_invalid_response_type_test.go b/rules/awsrules/models/aws_api_gateway_gateway_response_invalid_response_type_test.go
new file mode 100644
index 000000000..e63c50225
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_gateway_response_invalid_response_type_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAPIGatewayGatewayResponseInvalidResponseTypeRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_api_gateway_gateway_response" "foo" {
+	response_type = "4XX"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_api_gateway_gateway_response_invalid_response_type",
+					Type:     "ERROR",
+					Message:  `response_type is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_api_gateway_gateway_response" "foo" {
+	response_type = "UNAUTHORIZED"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAPIGatewayGatewayResponseInvalidResponseTypeRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAPIGatewayGatewayResponseInvalidResponseTypeRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_api_gateway_gateway_response_invalid_status_code.go b/rules/awsrules/models/aws_api_gateway_gateway_response_invalid_status_code.go
new file mode 100644
index 000000000..17381f6ec
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_gateway_response_invalid_status_code.go
@@ -0,0 +1,69 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+	"regexp"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAPIGatewayGatewayResponseInvalidStatusCodeRule checks the pattern is valid
+type AwsAPIGatewayGatewayResponseInvalidStatusCodeRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsAPIGatewayGatewayResponseInvalidStatusCodeRule returns new rule with default attributes
+func NewAwsAPIGatewayGatewayResponseInvalidStatusCodeRule() *AwsAPIGatewayGatewayResponseInvalidStatusCodeRule {
+	return &AwsAPIGatewayGatewayResponseInvalidStatusCodeRule{
+		resourceType:  "aws_api_gateway_gateway_response",
+		attributeName: "status_code",
+		pattern:       regexp.MustCompile(`^[1-5]\d\d$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAPIGatewayGatewayResponseInvalidStatusCodeRule) Name() string {
+	return "aws_api_gateway_gateway_response_invalid_status_code"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAPIGatewayGatewayResponseInvalidStatusCodeRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAPIGatewayGatewayResponseInvalidStatusCodeRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAPIGatewayGatewayResponseInvalidStatusCodeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAPIGatewayGatewayResponseInvalidStatusCodeRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssue(
+					r,
+					`status_code does not match valid pattern ^[1-5]\d\d$`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_api_gateway_gateway_response_invalid_status_code_test.go b/rules/awsrules/models/aws_api_gateway_gateway_response_invalid_status_code_test.go
new file mode 100644
index 000000000..e082ba0bd
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_gateway_response_invalid_status_code_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAPIGatewayGatewayResponseInvalidStatusCodeRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_api_gateway_gateway_response" "foo" {
+	status_code = "004"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_api_gateway_gateway_response_invalid_status_code",
+					Type:     "ERROR",
+					Message:  `status_code does not match valid pattern ^[1-5]\d\d$`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_api_gateway_gateway_response" "foo" {
+	status_code = "200"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAPIGatewayGatewayResponseInvalidStatusCodeRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAPIGatewayGatewayResponseInvalidStatusCodeRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_api_gateway_integration_invalid_connection_type.go b/rules/awsrules/models/aws_api_gateway_integration_invalid_connection_type.go
new file mode 100644
index 000000000..885b6caea
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_integration_invalid_connection_type.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAPIGatewayIntegrationInvalidConnectionTypeRule checks the pattern is valid
+type AwsAPIGatewayIntegrationInvalidConnectionTypeRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAPIGatewayIntegrationInvalidConnectionTypeRule returns new rule with default attributes
+func NewAwsAPIGatewayIntegrationInvalidConnectionTypeRule() *AwsAPIGatewayIntegrationInvalidConnectionTypeRule {
+	return &AwsAPIGatewayIntegrationInvalidConnectionTypeRule{
+		resourceType:  "aws_api_gateway_integration",
+		attributeName: "connection_type",
+		enum: []string{
+			"INTERNET",
+			"VPC_LINK",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAPIGatewayIntegrationInvalidConnectionTypeRule) Name() string {
+	return "aws_api_gateway_integration_invalid_connection_type"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAPIGatewayIntegrationInvalidConnectionTypeRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAPIGatewayIntegrationInvalidConnectionTypeRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAPIGatewayIntegrationInvalidConnectionTypeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAPIGatewayIntegrationInvalidConnectionTypeRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`connection_type is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_api_gateway_integration_invalid_connection_type_test.go b/rules/awsrules/models/aws_api_gateway_integration_invalid_connection_type_test.go
new file mode 100644
index 000000000..9324992eb
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_integration_invalid_connection_type_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAPIGatewayIntegrationInvalidConnectionTypeRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_api_gateway_integration" "foo" {
+	connection_type = "INTRANET"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_api_gateway_integration_invalid_connection_type",
+					Type:     "ERROR",
+					Message:  `connection_type is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_api_gateway_integration" "foo" {
+	connection_type = "INTERNET"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAPIGatewayIntegrationInvalidConnectionTypeRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAPIGatewayIntegrationInvalidConnectionTypeRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_api_gateway_integration_invalid_content_handling.go b/rules/awsrules/models/aws_api_gateway_integration_invalid_content_handling.go
new file mode 100644
index 000000000..2d34d8341
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_integration_invalid_content_handling.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAPIGatewayIntegrationInvalidContentHandlingRule checks the pattern is valid
+type AwsAPIGatewayIntegrationInvalidContentHandlingRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAPIGatewayIntegrationInvalidContentHandlingRule returns new rule with default attributes
+func NewAwsAPIGatewayIntegrationInvalidContentHandlingRule() *AwsAPIGatewayIntegrationInvalidContentHandlingRule {
+	return &AwsAPIGatewayIntegrationInvalidContentHandlingRule{
+		resourceType:  "aws_api_gateway_integration",
+		attributeName: "content_handling",
+		enum: []string{
+			"CONVERT_TO_BINARY",
+			"CONVERT_TO_TEXT",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAPIGatewayIntegrationInvalidContentHandlingRule) Name() string {
+	return "aws_api_gateway_integration_invalid_content_handling"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAPIGatewayIntegrationInvalidContentHandlingRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAPIGatewayIntegrationInvalidContentHandlingRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAPIGatewayIntegrationInvalidContentHandlingRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAPIGatewayIntegrationInvalidContentHandlingRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`content_handling is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_api_gateway_integration_invalid_content_handling_test.go b/rules/awsrules/models/aws_api_gateway_integration_invalid_content_handling_test.go
new file mode 100644
index 000000000..fb35d597f
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_integration_invalid_content_handling_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAPIGatewayIntegrationInvalidContentHandlingRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_api_gateway_integration" "foo" {
+	content_handling = "CONVERT_TO_FILE"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_api_gateway_integration_invalid_content_handling",
+					Type:     "ERROR",
+					Message:  `content_handling is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_api_gateway_integration" "foo" {
+	content_handling = "CONVERT_TO_BINARY"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAPIGatewayIntegrationInvalidContentHandlingRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAPIGatewayIntegrationInvalidContentHandlingRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_api_gateway_integration_invalid_type.go b/rules/awsrules/models/aws_api_gateway_integration_invalid_type.go
new file mode 100644
index 000000000..9a58dd270
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_integration_invalid_type.go
@@ -0,0 +1,80 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAPIGatewayIntegrationInvalidTypeRule checks the pattern is valid
+type AwsAPIGatewayIntegrationInvalidTypeRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAPIGatewayIntegrationInvalidTypeRule returns new rule with default attributes
+func NewAwsAPIGatewayIntegrationInvalidTypeRule() *AwsAPIGatewayIntegrationInvalidTypeRule {
+	return &AwsAPIGatewayIntegrationInvalidTypeRule{
+		resourceType:  "aws_api_gateway_integration",
+		attributeName: "type",
+		enum: []string{
+			"HTTP",
+			"AWS",
+			"MOCK",
+			"HTTP_PROXY",
+			"AWS_PROXY",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAPIGatewayIntegrationInvalidTypeRule) Name() string {
+	return "aws_api_gateway_integration_invalid_type"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAPIGatewayIntegrationInvalidTypeRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAPIGatewayIntegrationInvalidTypeRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAPIGatewayIntegrationInvalidTypeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAPIGatewayIntegrationInvalidTypeRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`type is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_api_gateway_integration_invalid_type_test.go b/rules/awsrules/models/aws_api_gateway_integration_invalid_type_test.go
new file mode 100644
index 000000000..ecca232cb
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_integration_invalid_type_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAPIGatewayIntegrationInvalidTypeRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_api_gateway_integration" "foo" {
+	type = "AWS_HTTP"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_api_gateway_integration_invalid_type",
+					Type:     "ERROR",
+					Message:  `type is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_api_gateway_integration" "foo" {
+	type = "HTTP"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAPIGatewayIntegrationInvalidTypeRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAPIGatewayIntegrationInvalidTypeRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_api_gateway_integration_response_invalid_content_handling.go b/rules/awsrules/models/aws_api_gateway_integration_response_invalid_content_handling.go
new file mode 100644
index 000000000..2dc39cf7d
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_integration_response_invalid_content_handling.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAPIGatewayIntegrationResponseInvalidContentHandlingRule checks the pattern is valid
+type AwsAPIGatewayIntegrationResponseInvalidContentHandlingRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAPIGatewayIntegrationResponseInvalidContentHandlingRule returns new rule with default attributes
+func NewAwsAPIGatewayIntegrationResponseInvalidContentHandlingRule() *AwsAPIGatewayIntegrationResponseInvalidContentHandlingRule {
+	return &AwsAPIGatewayIntegrationResponseInvalidContentHandlingRule{
+		resourceType:  "aws_api_gateway_integration_response",
+		attributeName: "content_handling",
+		enum: []string{
+			"CONVERT_TO_BINARY",
+			"CONVERT_TO_TEXT",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAPIGatewayIntegrationResponseInvalidContentHandlingRule) Name() string {
+	return "aws_api_gateway_integration_response_invalid_content_handling"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAPIGatewayIntegrationResponseInvalidContentHandlingRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAPIGatewayIntegrationResponseInvalidContentHandlingRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAPIGatewayIntegrationResponseInvalidContentHandlingRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAPIGatewayIntegrationResponseInvalidContentHandlingRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`content_handling is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_api_gateway_integration_response_invalid_content_handling_test.go b/rules/awsrules/models/aws_api_gateway_integration_response_invalid_content_handling_test.go
new file mode 100644
index 000000000..80a365b43
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_integration_response_invalid_content_handling_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAPIGatewayIntegrationResponseInvalidContentHandlingRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_api_gateway_integration_response" "foo" {
+	content_handling = "CONVERT_TO_FILE"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_api_gateway_integration_response_invalid_content_handling",
+					Type:     "ERROR",
+					Message:  `content_handling is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_api_gateway_integration_response" "foo" {
+	content_handling = "CONVERT_TO_BINARY"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAPIGatewayIntegrationResponseInvalidContentHandlingRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAPIGatewayIntegrationResponseInvalidContentHandlingRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_api_gateway_integration_response_invalid_status_code.go b/rules/awsrules/models/aws_api_gateway_integration_response_invalid_status_code.go
new file mode 100644
index 000000000..cb994365a
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_integration_response_invalid_status_code.go
@@ -0,0 +1,69 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+	"regexp"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAPIGatewayIntegrationResponseInvalidStatusCodeRule checks the pattern is valid
+type AwsAPIGatewayIntegrationResponseInvalidStatusCodeRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsAPIGatewayIntegrationResponseInvalidStatusCodeRule returns new rule with default attributes
+func NewAwsAPIGatewayIntegrationResponseInvalidStatusCodeRule() *AwsAPIGatewayIntegrationResponseInvalidStatusCodeRule {
+	return &AwsAPIGatewayIntegrationResponseInvalidStatusCodeRule{
+		resourceType:  "aws_api_gateway_integration_response",
+		attributeName: "status_code",
+		pattern:       regexp.MustCompile(`^[1-5]\d\d$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAPIGatewayIntegrationResponseInvalidStatusCodeRule) Name() string {
+	return "aws_api_gateway_integration_response_invalid_status_code"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAPIGatewayIntegrationResponseInvalidStatusCodeRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAPIGatewayIntegrationResponseInvalidStatusCodeRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAPIGatewayIntegrationResponseInvalidStatusCodeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAPIGatewayIntegrationResponseInvalidStatusCodeRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssue(
+					r,
+					`status_code does not match valid pattern ^[1-5]\d\d$`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_api_gateway_integration_response_invalid_status_code_test.go b/rules/awsrules/models/aws_api_gateway_integration_response_invalid_status_code_test.go
new file mode 100644
index 000000000..2bb2a4d01
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_integration_response_invalid_status_code_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAPIGatewayIntegrationResponseInvalidStatusCodeRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_api_gateway_integration_response" "foo" {
+	status_code = "004"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_api_gateway_integration_response_invalid_status_code",
+					Type:     "ERROR",
+					Message:  `status_code does not match valid pattern ^[1-5]\d\d$`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_api_gateway_integration_response" "foo" {
+	status_code = "200"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAPIGatewayIntegrationResponseInvalidStatusCodeRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAPIGatewayIntegrationResponseInvalidStatusCodeRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_api_gateway_method_response_invalid_status_code.go b/rules/awsrules/models/aws_api_gateway_method_response_invalid_status_code.go
new file mode 100644
index 000000000..32b88ce0a
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_method_response_invalid_status_code.go
@@ -0,0 +1,69 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+	"regexp"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAPIGatewayMethodResponseInvalidStatusCodeRule checks the pattern is valid
+type AwsAPIGatewayMethodResponseInvalidStatusCodeRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsAPIGatewayMethodResponseInvalidStatusCodeRule returns new rule with default attributes
+func NewAwsAPIGatewayMethodResponseInvalidStatusCodeRule() *AwsAPIGatewayMethodResponseInvalidStatusCodeRule {
+	return &AwsAPIGatewayMethodResponseInvalidStatusCodeRule{
+		resourceType:  "aws_api_gateway_method_response",
+		attributeName: "status_code",
+		pattern:       regexp.MustCompile(`^[1-5]\d\d$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAPIGatewayMethodResponseInvalidStatusCodeRule) Name() string {
+	return "aws_api_gateway_method_response_invalid_status_code"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAPIGatewayMethodResponseInvalidStatusCodeRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAPIGatewayMethodResponseInvalidStatusCodeRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAPIGatewayMethodResponseInvalidStatusCodeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAPIGatewayMethodResponseInvalidStatusCodeRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssue(
+					r,
+					`status_code does not match valid pattern ^[1-5]\d\d$`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_api_gateway_method_response_invalid_status_code_test.go b/rules/awsrules/models/aws_api_gateway_method_response_invalid_status_code_test.go
new file mode 100644
index 000000000..c2f1852d1
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_method_response_invalid_status_code_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAPIGatewayMethodResponseInvalidStatusCodeRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_api_gateway_method_response" "foo" {
+	status_code = "004"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_api_gateway_method_response_invalid_status_code",
+					Type:     "ERROR",
+					Message:  `status_code does not match valid pattern ^[1-5]\d\d$`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_api_gateway_method_response" "foo" {
+	status_code = "200"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAPIGatewayMethodResponseInvalidStatusCodeRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAPIGatewayMethodResponseInvalidStatusCodeRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_api_gateway_rest_api_invalid_api_key_source.go b/rules/awsrules/models/aws_api_gateway_rest_api_invalid_api_key_source.go
new file mode 100644
index 000000000..7c2e66310
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_rest_api_invalid_api_key_source.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAPIGatewayRestAPIInvalidAPIKeySourceRule checks the pattern is valid
+type AwsAPIGatewayRestAPIInvalidAPIKeySourceRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAPIGatewayRestAPIInvalidAPIKeySourceRule returns new rule with default attributes
+func NewAwsAPIGatewayRestAPIInvalidAPIKeySourceRule() *AwsAPIGatewayRestAPIInvalidAPIKeySourceRule {
+	return &AwsAPIGatewayRestAPIInvalidAPIKeySourceRule{
+		resourceType:  "aws_api_gateway_rest_api",
+		attributeName: "api_key_source",
+		enum: []string{
+			"HEADER",
+			"AUTHORIZER",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAPIGatewayRestAPIInvalidAPIKeySourceRule) Name() string {
+	return "aws_api_gateway_rest_api_invalid_api_key_source"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAPIGatewayRestAPIInvalidAPIKeySourceRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAPIGatewayRestAPIInvalidAPIKeySourceRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAPIGatewayRestAPIInvalidAPIKeySourceRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAPIGatewayRestAPIInvalidAPIKeySourceRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`api_key_source is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_api_gateway_rest_api_invalid_api_key_source_test.go b/rules/awsrules/models/aws_api_gateway_rest_api_invalid_api_key_source_test.go
new file mode 100644
index 000000000..d39670013
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_rest_api_invalid_api_key_source_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAPIGatewayRestAPIInvalidAPIKeySourceRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_api_gateway_rest_api" "foo" {
+	api_key_source = "BODY"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_api_gateway_rest_api_invalid_api_key_source",
+					Type:     "ERROR",
+					Message:  `api_key_source is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_api_gateway_rest_api" "foo" {
+	api_key_source = "AUTHORIZER"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAPIGatewayRestAPIInvalidAPIKeySourceRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAPIGatewayRestAPIInvalidAPIKeySourceRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_api_gateway_stage_invalid_cache_cluster_size.go b/rules/awsrules/models/aws_api_gateway_stage_invalid_cache_cluster_size.go
new file mode 100644
index 000000000..4fe4bede5
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_stage_invalid_cache_cluster_size.go
@@ -0,0 +1,83 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAPIGatewayStageInvalidCacheClusterSizeRule checks the pattern is valid
+type AwsAPIGatewayStageInvalidCacheClusterSizeRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAPIGatewayStageInvalidCacheClusterSizeRule returns new rule with default attributes
+func NewAwsAPIGatewayStageInvalidCacheClusterSizeRule() *AwsAPIGatewayStageInvalidCacheClusterSizeRule {
+	return &AwsAPIGatewayStageInvalidCacheClusterSizeRule{
+		resourceType:  "aws_api_gateway_stage",
+		attributeName: "cache_cluster_size",
+		enum: []string{
+			"0.5",
+			"1.6",
+			"6.1",
+			"13.5",
+			"28.4",
+			"58.2",
+			"118",
+			"237",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAPIGatewayStageInvalidCacheClusterSizeRule) Name() string {
+	return "aws_api_gateway_stage_invalid_cache_cluster_size"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAPIGatewayStageInvalidCacheClusterSizeRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAPIGatewayStageInvalidCacheClusterSizeRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAPIGatewayStageInvalidCacheClusterSizeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAPIGatewayStageInvalidCacheClusterSizeRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`cache_cluster_size is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_api_gateway_stage_invalid_cache_cluster_size_test.go b/rules/awsrules/models/aws_api_gateway_stage_invalid_cache_cluster_size_test.go
new file mode 100644
index 000000000..87a1e9842
--- /dev/null
+++ b/rules/awsrules/models/aws_api_gateway_stage_invalid_cache_cluster_size_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAPIGatewayStageInvalidCacheClusterSizeRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_api_gateway_stage" "foo" {
+	cache_cluster_size = "6.2"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_api_gateway_stage_invalid_cache_cluster_size",
+					Type:     "ERROR",
+					Message:  `cache_cluster_size is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_api_gateway_stage" "foo" {
+	cache_cluster_size = "6.1"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAPIGatewayStageInvalidCacheClusterSizeRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAPIGatewayStageInvalidCacheClusterSizeRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_appautoscaling_policy_invalid_policy_type.go b/rules/awsrules/models/aws_appautoscaling_policy_invalid_policy_type.go
new file mode 100644
index 000000000..39647edd6
--- /dev/null
+++ b/rules/awsrules/models/aws_appautoscaling_policy_invalid_policy_type.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppautoscalingPolicyInvalidPolicyTypeRule checks the pattern is valid
+type AwsAppautoscalingPolicyInvalidPolicyTypeRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAppautoscalingPolicyInvalidPolicyTypeRule returns new rule with default attributes
+func NewAwsAppautoscalingPolicyInvalidPolicyTypeRule() *AwsAppautoscalingPolicyInvalidPolicyTypeRule {
+	return &AwsAppautoscalingPolicyInvalidPolicyTypeRule{
+		resourceType:  "aws_appautoscaling_policy",
+		attributeName: "policy_type",
+		enum: []string{
+			"StepScaling",
+			"TargetTrackingScaling",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppautoscalingPolicyInvalidPolicyTypeRule) Name() string {
+	return "aws_appautoscaling_policy_invalid_policy_type"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppautoscalingPolicyInvalidPolicyTypeRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppautoscalingPolicyInvalidPolicyTypeRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppautoscalingPolicyInvalidPolicyTypeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppautoscalingPolicyInvalidPolicyTypeRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`policy_type is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appautoscaling_policy_invalid_policy_type_test.go b/rules/awsrules/models/aws_appautoscaling_policy_invalid_policy_type_test.go
new file mode 100644
index 000000000..49818c4c3
--- /dev/null
+++ b/rules/awsrules/models/aws_appautoscaling_policy_invalid_policy_type_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAppautoscalingPolicyInvalidPolicyTypeRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_appautoscaling_policy" "foo" {
+	policy_type = "StopScaling"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_appautoscaling_policy_invalid_policy_type",
+					Type:     "ERROR",
+					Message:  `policy_type is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_appautoscaling_policy" "foo" {
+	policy_type = "StepScaling"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAppautoscalingPolicyInvalidPolicyTypeRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAppautoscalingPolicyInvalidPolicyTypeRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_appautoscaling_policy_invalid_scalable_dimension.go b/rules/awsrules/models/aws_appautoscaling_policy_invalid_scalable_dimension.go
new file mode 100644
index 000000000..f17afb329
--- /dev/null
+++ b/rules/awsrules/models/aws_appautoscaling_policy_invalid_scalable_dimension.go
@@ -0,0 +1,86 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppautoscalingPolicyInvalidScalableDimensionRule checks the pattern is valid
+type AwsAppautoscalingPolicyInvalidScalableDimensionRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAppautoscalingPolicyInvalidScalableDimensionRule returns new rule with default attributes
+func NewAwsAppautoscalingPolicyInvalidScalableDimensionRule() *AwsAppautoscalingPolicyInvalidScalableDimensionRule {
+	return &AwsAppautoscalingPolicyInvalidScalableDimensionRule{
+		resourceType:  "aws_appautoscaling_policy",
+		attributeName: "scalable_dimension",
+		enum: []string{
+			"ecs:service:DesiredCount",
+			"ec2:spot-fleet-request:TargetCapacity",
+			"elasticmapreduce:instancegroup:InstanceCount",
+			"appstream:fleet:DesiredCapacity",
+			"dynamodb:table:ReadCapacityUnits",
+			"dynamodb:table:WriteCapacityUnits",
+			"dynamodb:index:ReadCapacityUnits",
+			"dynamodb:index:WriteCapacityUnits",
+			"rds:cluster:ReadReplicaCount",
+			"sagemaker:variant:DesiredInstanceCount",
+			"custom-resource:ResourceType:Property",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppautoscalingPolicyInvalidScalableDimensionRule) Name() string {
+	return "aws_appautoscaling_policy_invalid_scalable_dimension"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppautoscalingPolicyInvalidScalableDimensionRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppautoscalingPolicyInvalidScalableDimensionRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppautoscalingPolicyInvalidScalableDimensionRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppautoscalingPolicyInvalidScalableDimensionRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`scalable_dimension is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appautoscaling_policy_invalid_scalable_dimension_test.go b/rules/awsrules/models/aws_appautoscaling_policy_invalid_scalable_dimension_test.go
new file mode 100644
index 000000000..818f4067b
--- /dev/null
+++ b/rules/awsrules/models/aws_appautoscaling_policy_invalid_scalable_dimension_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAppautoscalingPolicyInvalidScalableDimensionRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_appautoscaling_policy" "foo" {
+	scalable_dimension = "ecs:service:DesireCount"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_appautoscaling_policy_invalid_scalable_dimension",
+					Type:     "ERROR",
+					Message:  `scalable_dimension is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_appautoscaling_policy" "foo" {
+	scalable_dimension = "ecs:service:DesiredCount"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAppautoscalingPolicyInvalidScalableDimensionRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAppautoscalingPolicyInvalidScalableDimensionRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_appautoscaling_policy_invalid_service_namespace.go b/rules/awsrules/models/aws_appautoscaling_policy_invalid_service_namespace.go
new file mode 100644
index 000000000..e65045aa5
--- /dev/null
+++ b/rules/awsrules/models/aws_appautoscaling_policy_invalid_service_namespace.go
@@ -0,0 +1,83 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppautoscalingPolicyInvalidServiceNamespaceRule checks the pattern is valid
+type AwsAppautoscalingPolicyInvalidServiceNamespaceRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAppautoscalingPolicyInvalidServiceNamespaceRule returns new rule with default attributes
+func NewAwsAppautoscalingPolicyInvalidServiceNamespaceRule() *AwsAppautoscalingPolicyInvalidServiceNamespaceRule {
+	return &AwsAppautoscalingPolicyInvalidServiceNamespaceRule{
+		resourceType:  "aws_appautoscaling_policy",
+		attributeName: "service_namespace",
+		enum: []string{
+			"ecs",
+			"elasticmapreduce",
+			"ec2",
+			"appstream",
+			"dynamodb",
+			"rds",
+			"sagemaker",
+			"custom-resource",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppautoscalingPolicyInvalidServiceNamespaceRule) Name() string {
+	return "aws_appautoscaling_policy_invalid_service_namespace"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppautoscalingPolicyInvalidServiceNamespaceRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppautoscalingPolicyInvalidServiceNamespaceRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppautoscalingPolicyInvalidServiceNamespaceRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppautoscalingPolicyInvalidServiceNamespaceRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`service_namespace is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appautoscaling_policy_invalid_service_namespace_test.go b/rules/awsrules/models/aws_appautoscaling_policy_invalid_service_namespace_test.go
new file mode 100644
index 000000000..a5c8b4a3a
--- /dev/null
+++ b/rules/awsrules/models/aws_appautoscaling_policy_invalid_service_namespace_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAppautoscalingPolicyInvalidServiceNamespaceRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_appautoscaling_policy" "foo" {
+	service_namespace = "eks"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_appautoscaling_policy_invalid_service_namespace",
+					Type:     "ERROR",
+					Message:  `service_namespace is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_appautoscaling_policy" "foo" {
+	service_namespace = "ecs"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAppautoscalingPolicyInvalidServiceNamespaceRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAppautoscalingPolicyInvalidServiceNamespaceRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_appautoscaling_scheduled_action_invalid_scalable_dimension.go b/rules/awsrules/models/aws_appautoscaling_scheduled_action_invalid_scalable_dimension.go
new file mode 100644
index 000000000..ff3414170
--- /dev/null
+++ b/rules/awsrules/models/aws_appautoscaling_scheduled_action_invalid_scalable_dimension.go
@@ -0,0 +1,86 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppautoscalingScheduledActionInvalidScalableDimensionRule checks the pattern is valid
+type AwsAppautoscalingScheduledActionInvalidScalableDimensionRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAppautoscalingScheduledActionInvalidScalableDimensionRule returns new rule with default attributes
+func NewAwsAppautoscalingScheduledActionInvalidScalableDimensionRule() *AwsAppautoscalingScheduledActionInvalidScalableDimensionRule {
+	return &AwsAppautoscalingScheduledActionInvalidScalableDimensionRule{
+		resourceType:  "aws_appautoscaling_scheduled_action",
+		attributeName: "scalable_dimension",
+		enum: []string{
+			"ecs:service:DesiredCount",
+			"ec2:spot-fleet-request:TargetCapacity",
+			"elasticmapreduce:instancegroup:InstanceCount",
+			"appstream:fleet:DesiredCapacity",
+			"dynamodb:table:ReadCapacityUnits",
+			"dynamodb:table:WriteCapacityUnits",
+			"dynamodb:index:ReadCapacityUnits",
+			"dynamodb:index:WriteCapacityUnits",
+			"rds:cluster:ReadReplicaCount",
+			"sagemaker:variant:DesiredInstanceCount",
+			"custom-resource:ResourceType:Property",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppautoscalingScheduledActionInvalidScalableDimensionRule) Name() string {
+	return "aws_appautoscaling_scheduled_action_invalid_scalable_dimension"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppautoscalingScheduledActionInvalidScalableDimensionRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppautoscalingScheduledActionInvalidScalableDimensionRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppautoscalingScheduledActionInvalidScalableDimensionRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppautoscalingScheduledActionInvalidScalableDimensionRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`scalable_dimension is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appautoscaling_scheduled_action_invalid_scalable_dimension_test.go b/rules/awsrules/models/aws_appautoscaling_scheduled_action_invalid_scalable_dimension_test.go
new file mode 100644
index 000000000..38d4c4191
--- /dev/null
+++ b/rules/awsrules/models/aws_appautoscaling_scheduled_action_invalid_scalable_dimension_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAppautoscalingScheduledActionInvalidScalableDimensionRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_appautoscaling_scheduled_action" "foo" {
+	scalable_dimension = "ecs:service:DesireCount"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_appautoscaling_scheduled_action_invalid_scalable_dimension",
+					Type:     "ERROR",
+					Message:  `scalable_dimension is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_appautoscaling_scheduled_action" "foo" {
+	scalable_dimension = "ecs:service:DesiredCount"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAppautoscalingScheduledActionInvalidScalableDimensionRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAppautoscalingScheduledActionInvalidScalableDimensionRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_appautoscaling_scheduled_action_invalid_service_namespace.go b/rules/awsrules/models/aws_appautoscaling_scheduled_action_invalid_service_namespace.go
new file mode 100644
index 000000000..47f729797
--- /dev/null
+++ b/rules/awsrules/models/aws_appautoscaling_scheduled_action_invalid_service_namespace.go
@@ -0,0 +1,83 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppautoscalingScheduledActionInvalidServiceNamespaceRule checks the pattern is valid
+type AwsAppautoscalingScheduledActionInvalidServiceNamespaceRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAppautoscalingScheduledActionInvalidServiceNamespaceRule returns new rule with default attributes
+func NewAwsAppautoscalingScheduledActionInvalidServiceNamespaceRule() *AwsAppautoscalingScheduledActionInvalidServiceNamespaceRule {
+	return &AwsAppautoscalingScheduledActionInvalidServiceNamespaceRule{
+		resourceType:  "aws_appautoscaling_scheduled_action",
+		attributeName: "service_namespace",
+		enum: []string{
+			"ecs",
+			"elasticmapreduce",
+			"ec2",
+			"appstream",
+			"dynamodb",
+			"rds",
+			"sagemaker",
+			"custom-resource",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppautoscalingScheduledActionInvalidServiceNamespaceRule) Name() string {
+	return "aws_appautoscaling_scheduled_action_invalid_service_namespace"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppautoscalingScheduledActionInvalidServiceNamespaceRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppautoscalingScheduledActionInvalidServiceNamespaceRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppautoscalingScheduledActionInvalidServiceNamespaceRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppautoscalingScheduledActionInvalidServiceNamespaceRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`service_namespace is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appautoscaling_scheduled_action_invalid_service_namespace_test.go b/rules/awsrules/models/aws_appautoscaling_scheduled_action_invalid_service_namespace_test.go
new file mode 100644
index 000000000..3d034ae8b
--- /dev/null
+++ b/rules/awsrules/models/aws_appautoscaling_scheduled_action_invalid_service_namespace_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAppautoscalingScheduledActionInvalidServiceNamespaceRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_appautoscaling_scheduled_action" "foo" {
+	service_namespace = "eks"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_appautoscaling_scheduled_action_invalid_service_namespace",
+					Type:     "ERROR",
+					Message:  `service_namespace is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_appautoscaling_scheduled_action" "foo" {
+	service_namespace = "ecs"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAppautoscalingScheduledActionInvalidServiceNamespaceRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAppautoscalingScheduledActionInvalidServiceNamespaceRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_appautoscaling_target_invalid_scalable_dimension.go b/rules/awsrules/models/aws_appautoscaling_target_invalid_scalable_dimension.go
new file mode 100644
index 000000000..8521484ec
--- /dev/null
+++ b/rules/awsrules/models/aws_appautoscaling_target_invalid_scalable_dimension.go
@@ -0,0 +1,86 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppautoscalingTargetInvalidScalableDimensionRule checks the pattern is valid
+type AwsAppautoscalingTargetInvalidScalableDimensionRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAppautoscalingTargetInvalidScalableDimensionRule returns new rule with default attributes
+func NewAwsAppautoscalingTargetInvalidScalableDimensionRule() *AwsAppautoscalingTargetInvalidScalableDimensionRule {
+	return &AwsAppautoscalingTargetInvalidScalableDimensionRule{
+		resourceType:  "aws_appautoscaling_target",
+		attributeName: "scalable_dimension",
+		enum: []string{
+			"ecs:service:DesiredCount",
+			"ec2:spot-fleet-request:TargetCapacity",
+			"elasticmapreduce:instancegroup:InstanceCount",
+			"appstream:fleet:DesiredCapacity",
+			"dynamodb:table:ReadCapacityUnits",
+			"dynamodb:table:WriteCapacityUnits",
+			"dynamodb:index:ReadCapacityUnits",
+			"dynamodb:index:WriteCapacityUnits",
+			"rds:cluster:ReadReplicaCount",
+			"sagemaker:variant:DesiredInstanceCount",
+			"custom-resource:ResourceType:Property",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppautoscalingTargetInvalidScalableDimensionRule) Name() string {
+	return "aws_appautoscaling_target_invalid_scalable_dimension"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppautoscalingTargetInvalidScalableDimensionRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppautoscalingTargetInvalidScalableDimensionRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppautoscalingTargetInvalidScalableDimensionRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppautoscalingTargetInvalidScalableDimensionRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`scalable_dimension is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appautoscaling_target_invalid_scalable_dimension_test.go b/rules/awsrules/models/aws_appautoscaling_target_invalid_scalable_dimension_test.go
new file mode 100644
index 000000000..f2267c4da
--- /dev/null
+++ b/rules/awsrules/models/aws_appautoscaling_target_invalid_scalable_dimension_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAppautoscalingTargetInvalidScalableDimensionRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_appautoscaling_target" "foo" {
+	scalable_dimension = "ecs:service:DesireCount"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_appautoscaling_target_invalid_scalable_dimension",
+					Type:     "ERROR",
+					Message:  `scalable_dimension is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_appautoscaling_target" "foo" {
+	scalable_dimension = "ecs:service:DesiredCount"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAppautoscalingTargetInvalidScalableDimensionRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAppautoscalingTargetInvalidScalableDimensionRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_appautoscaling_target_invalid_service_namespace.go b/rules/awsrules/models/aws_appautoscaling_target_invalid_service_namespace.go
new file mode 100644
index 000000000..b72ed6b88
--- /dev/null
+++ b/rules/awsrules/models/aws_appautoscaling_target_invalid_service_namespace.go
@@ -0,0 +1,83 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppautoscalingTargetInvalidServiceNamespaceRule checks the pattern is valid
+type AwsAppautoscalingTargetInvalidServiceNamespaceRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAppautoscalingTargetInvalidServiceNamespaceRule returns new rule with default attributes
+func NewAwsAppautoscalingTargetInvalidServiceNamespaceRule() *AwsAppautoscalingTargetInvalidServiceNamespaceRule {
+	return &AwsAppautoscalingTargetInvalidServiceNamespaceRule{
+		resourceType:  "aws_appautoscaling_target",
+		attributeName: "service_namespace",
+		enum: []string{
+			"ecs",
+			"elasticmapreduce",
+			"ec2",
+			"appstream",
+			"dynamodb",
+			"rds",
+			"sagemaker",
+			"custom-resource",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppautoscalingTargetInvalidServiceNamespaceRule) Name() string {
+	return "aws_appautoscaling_target_invalid_service_namespace"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppautoscalingTargetInvalidServiceNamespaceRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppautoscalingTargetInvalidServiceNamespaceRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppautoscalingTargetInvalidServiceNamespaceRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppautoscalingTargetInvalidServiceNamespaceRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`service_namespace is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appautoscaling_target_invalid_service_namespace_test.go b/rules/awsrules/models/aws_appautoscaling_target_invalid_service_namespace_test.go
new file mode 100644
index 000000000..2df31dc4d
--- /dev/null
+++ b/rules/awsrules/models/aws_appautoscaling_target_invalid_service_namespace_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAppautoscalingTargetInvalidServiceNamespaceRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_appautoscaling_target" "foo" {
+	service_namespace = "eks"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_appautoscaling_target_invalid_service_namespace",
+					Type:     "ERROR",
+					Message:  `service_namespace is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_appautoscaling_target" "foo" {
+	service_namespace = "ecs"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAppautoscalingTargetInvalidServiceNamespaceRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAppautoscalingTargetInvalidServiceNamespaceRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_appmesh_mesh_invalid_name.go b/rules/awsrules/models/aws_appmesh_mesh_invalid_name.go
new file mode 100644
index 000000000..ac37ee8c2
--- /dev/null
+++ b/rules/awsrules/models/aws_appmesh_mesh_invalid_name.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppmeshMeshInvalidNameRule checks the pattern is valid
+type AwsAppmeshMeshInvalidNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsAppmeshMeshInvalidNameRule returns new rule with default attributes
+func NewAwsAppmeshMeshInvalidNameRule() *AwsAppmeshMeshInvalidNameRule {
+	return &AwsAppmeshMeshInvalidNameRule{
+		resourceType:  "aws_appmesh_mesh",
+		attributeName: "name",
+		max:           255,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppmeshMeshInvalidNameRule) Name() string {
+	return "aws_appmesh_mesh_invalid_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppmeshMeshInvalidNameRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppmeshMeshInvalidNameRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppmeshMeshInvalidNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppmeshMeshInvalidNameRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"name must be 255 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"name must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appmesh_route_invalid_mesh_name.go b/rules/awsrules/models/aws_appmesh_route_invalid_mesh_name.go
new file mode 100644
index 000000000..a52bee078
--- /dev/null
+++ b/rules/awsrules/models/aws_appmesh_route_invalid_mesh_name.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppmeshRouteInvalidMeshNameRule checks the pattern is valid
+type AwsAppmeshRouteInvalidMeshNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsAppmeshRouteInvalidMeshNameRule returns new rule with default attributes
+func NewAwsAppmeshRouteInvalidMeshNameRule() *AwsAppmeshRouteInvalidMeshNameRule {
+	return &AwsAppmeshRouteInvalidMeshNameRule{
+		resourceType:  "aws_appmesh_route",
+		attributeName: "mesh_name",
+		max:           255,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppmeshRouteInvalidMeshNameRule) Name() string {
+	return "aws_appmesh_route_invalid_mesh_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppmeshRouteInvalidMeshNameRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppmeshRouteInvalidMeshNameRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppmeshRouteInvalidMeshNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppmeshRouteInvalidMeshNameRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"mesh_name must be 255 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"mesh_name must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appmesh_route_invalid_name.go b/rules/awsrules/models/aws_appmesh_route_invalid_name.go
new file mode 100644
index 000000000..8d0965c37
--- /dev/null
+++ b/rules/awsrules/models/aws_appmesh_route_invalid_name.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppmeshRouteInvalidNameRule checks the pattern is valid
+type AwsAppmeshRouteInvalidNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsAppmeshRouteInvalidNameRule returns new rule with default attributes
+func NewAwsAppmeshRouteInvalidNameRule() *AwsAppmeshRouteInvalidNameRule {
+	return &AwsAppmeshRouteInvalidNameRule{
+		resourceType:  "aws_appmesh_route",
+		attributeName: "name",
+		max:           255,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppmeshRouteInvalidNameRule) Name() string {
+	return "aws_appmesh_route_invalid_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppmeshRouteInvalidNameRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppmeshRouteInvalidNameRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppmeshRouteInvalidNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppmeshRouteInvalidNameRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"name must be 255 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"name must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appmesh_route_invalid_virtual_router_name.go b/rules/awsrules/models/aws_appmesh_route_invalid_virtual_router_name.go
new file mode 100644
index 000000000..3595f6f22
--- /dev/null
+++ b/rules/awsrules/models/aws_appmesh_route_invalid_virtual_router_name.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppmeshRouteInvalidVirtualRouterNameRule checks the pattern is valid
+type AwsAppmeshRouteInvalidVirtualRouterNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsAppmeshRouteInvalidVirtualRouterNameRule returns new rule with default attributes
+func NewAwsAppmeshRouteInvalidVirtualRouterNameRule() *AwsAppmeshRouteInvalidVirtualRouterNameRule {
+	return &AwsAppmeshRouteInvalidVirtualRouterNameRule{
+		resourceType:  "aws_appmesh_route",
+		attributeName: "virtual_router_name",
+		max:           255,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppmeshRouteInvalidVirtualRouterNameRule) Name() string {
+	return "aws_appmesh_route_invalid_virtual_router_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppmeshRouteInvalidVirtualRouterNameRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppmeshRouteInvalidVirtualRouterNameRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppmeshRouteInvalidVirtualRouterNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppmeshRouteInvalidVirtualRouterNameRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"virtual_router_name must be 255 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"virtual_router_name must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appmesh_virtual_node_invalid_mesh_name.go b/rules/awsrules/models/aws_appmesh_virtual_node_invalid_mesh_name.go
new file mode 100644
index 000000000..039d235af
--- /dev/null
+++ b/rules/awsrules/models/aws_appmesh_virtual_node_invalid_mesh_name.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppmeshVirtualNodeInvalidMeshNameRule checks the pattern is valid
+type AwsAppmeshVirtualNodeInvalidMeshNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsAppmeshVirtualNodeInvalidMeshNameRule returns new rule with default attributes
+func NewAwsAppmeshVirtualNodeInvalidMeshNameRule() *AwsAppmeshVirtualNodeInvalidMeshNameRule {
+	return &AwsAppmeshVirtualNodeInvalidMeshNameRule{
+		resourceType:  "aws_appmesh_virtual_node",
+		attributeName: "mesh_name",
+		max:           255,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppmeshVirtualNodeInvalidMeshNameRule) Name() string {
+	return "aws_appmesh_virtual_node_invalid_mesh_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppmeshVirtualNodeInvalidMeshNameRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppmeshVirtualNodeInvalidMeshNameRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppmeshVirtualNodeInvalidMeshNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppmeshVirtualNodeInvalidMeshNameRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"mesh_name must be 255 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"mesh_name must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appmesh_virtual_node_invalid_name.go b/rules/awsrules/models/aws_appmesh_virtual_node_invalid_name.go
new file mode 100644
index 000000000..c7e3aa8b3
--- /dev/null
+++ b/rules/awsrules/models/aws_appmesh_virtual_node_invalid_name.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppmeshVirtualNodeInvalidNameRule checks the pattern is valid
+type AwsAppmeshVirtualNodeInvalidNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsAppmeshVirtualNodeInvalidNameRule returns new rule with default attributes
+func NewAwsAppmeshVirtualNodeInvalidNameRule() *AwsAppmeshVirtualNodeInvalidNameRule {
+	return &AwsAppmeshVirtualNodeInvalidNameRule{
+		resourceType:  "aws_appmesh_virtual_node",
+		attributeName: "name",
+		max:           255,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppmeshVirtualNodeInvalidNameRule) Name() string {
+	return "aws_appmesh_virtual_node_invalid_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppmeshVirtualNodeInvalidNameRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppmeshVirtualNodeInvalidNameRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppmeshVirtualNodeInvalidNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppmeshVirtualNodeInvalidNameRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"name must be 255 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"name must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appmesh_virtual_router_invalid_mesh_name.go b/rules/awsrules/models/aws_appmesh_virtual_router_invalid_mesh_name.go
new file mode 100644
index 000000000..3c92b32dd
--- /dev/null
+++ b/rules/awsrules/models/aws_appmesh_virtual_router_invalid_mesh_name.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppmeshVirtualRouterInvalidMeshNameRule checks the pattern is valid
+type AwsAppmeshVirtualRouterInvalidMeshNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsAppmeshVirtualRouterInvalidMeshNameRule returns new rule with default attributes
+func NewAwsAppmeshVirtualRouterInvalidMeshNameRule() *AwsAppmeshVirtualRouterInvalidMeshNameRule {
+	return &AwsAppmeshVirtualRouterInvalidMeshNameRule{
+		resourceType:  "aws_appmesh_virtual_router",
+		attributeName: "mesh_name",
+		max:           255,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppmeshVirtualRouterInvalidMeshNameRule) Name() string {
+	return "aws_appmesh_virtual_router_invalid_mesh_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppmeshVirtualRouterInvalidMeshNameRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppmeshVirtualRouterInvalidMeshNameRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppmeshVirtualRouterInvalidMeshNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppmeshVirtualRouterInvalidMeshNameRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"mesh_name must be 255 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"mesh_name must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appmesh_virtual_router_invalid_name.go b/rules/awsrules/models/aws_appmesh_virtual_router_invalid_name.go
new file mode 100644
index 000000000..f45ed15c4
--- /dev/null
+++ b/rules/awsrules/models/aws_appmesh_virtual_router_invalid_name.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppmeshVirtualRouterInvalidNameRule checks the pattern is valid
+type AwsAppmeshVirtualRouterInvalidNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsAppmeshVirtualRouterInvalidNameRule returns new rule with default attributes
+func NewAwsAppmeshVirtualRouterInvalidNameRule() *AwsAppmeshVirtualRouterInvalidNameRule {
+	return &AwsAppmeshVirtualRouterInvalidNameRule{
+		resourceType:  "aws_appmesh_virtual_router",
+		attributeName: "name",
+		max:           255,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppmeshVirtualRouterInvalidNameRule) Name() string {
+	return "aws_appmesh_virtual_router_invalid_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppmeshVirtualRouterInvalidNameRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppmeshVirtualRouterInvalidNameRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppmeshVirtualRouterInvalidNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppmeshVirtualRouterInvalidNameRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"name must be 255 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"name must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appmesh_virtual_service_invalid_mesh_name.go b/rules/awsrules/models/aws_appmesh_virtual_service_invalid_mesh_name.go
new file mode 100644
index 000000000..d92ba3744
--- /dev/null
+++ b/rules/awsrules/models/aws_appmesh_virtual_service_invalid_mesh_name.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppmeshVirtualServiceInvalidMeshNameRule checks the pattern is valid
+type AwsAppmeshVirtualServiceInvalidMeshNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsAppmeshVirtualServiceInvalidMeshNameRule returns new rule with default attributes
+func NewAwsAppmeshVirtualServiceInvalidMeshNameRule() *AwsAppmeshVirtualServiceInvalidMeshNameRule {
+	return &AwsAppmeshVirtualServiceInvalidMeshNameRule{
+		resourceType:  "aws_appmesh_virtual_service",
+		attributeName: "mesh_name",
+		max:           255,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppmeshVirtualServiceInvalidMeshNameRule) Name() string {
+	return "aws_appmesh_virtual_service_invalid_mesh_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppmeshVirtualServiceInvalidMeshNameRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppmeshVirtualServiceInvalidMeshNameRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppmeshVirtualServiceInvalidMeshNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppmeshVirtualServiceInvalidMeshNameRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"mesh_name must be 255 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"mesh_name must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appmesh_virtual_service_invalid_name.go b/rules/awsrules/models/aws_appmesh_virtual_service_invalid_name.go
new file mode 100644
index 000000000..1cc14e1d0
--- /dev/null
+++ b/rules/awsrules/models/aws_appmesh_virtual_service_invalid_name.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppmeshVirtualServiceInvalidNameRule checks the pattern is valid
+type AwsAppmeshVirtualServiceInvalidNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsAppmeshVirtualServiceInvalidNameRule returns new rule with default attributes
+func NewAwsAppmeshVirtualServiceInvalidNameRule() *AwsAppmeshVirtualServiceInvalidNameRule {
+	return &AwsAppmeshVirtualServiceInvalidNameRule{
+		resourceType:  "aws_appmesh_virtual_service",
+		attributeName: "name",
+		max:           255,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppmeshVirtualServiceInvalidNameRule) Name() string {
+	return "aws_appmesh_virtual_service_invalid_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppmeshVirtualServiceInvalidNameRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppmeshVirtualServiceInvalidNameRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppmeshVirtualServiceInvalidNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppmeshVirtualServiceInvalidNameRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"name must be 255 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"name must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appsync_datasource_invalid_name.go b/rules/awsrules/models/aws_appsync_datasource_invalid_name.go
new file mode 100644
index 000000000..1dae6ffea
--- /dev/null
+++ b/rules/awsrules/models/aws_appsync_datasource_invalid_name.go
@@ -0,0 +1,69 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+	"regexp"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppsyncDatasourceInvalidNameRule checks the pattern is valid
+type AwsAppsyncDatasourceInvalidNameRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsAppsyncDatasourceInvalidNameRule returns new rule with default attributes
+func NewAwsAppsyncDatasourceInvalidNameRule() *AwsAppsyncDatasourceInvalidNameRule {
+	return &AwsAppsyncDatasourceInvalidNameRule{
+		resourceType:  "aws_appsync_datasource",
+		attributeName: "name",
+		pattern:       regexp.MustCompile(`^[_A-Za-z][_0-9A-Za-z]*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppsyncDatasourceInvalidNameRule) Name() string {
+	return "aws_appsync_datasource_invalid_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppsyncDatasourceInvalidNameRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppsyncDatasourceInvalidNameRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppsyncDatasourceInvalidNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppsyncDatasourceInvalidNameRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssue(
+					r,
+					`name does not match valid pattern ^[_A-Za-z][_0-9A-Za-z]*$`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appsync_datasource_invalid_name_test.go b/rules/awsrules/models/aws_appsync_datasource_invalid_name_test.go
new file mode 100644
index 000000000..dea2c342b
--- /dev/null
+++ b/rules/awsrules/models/aws_appsync_datasource_invalid_name_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAppsyncDatasourceInvalidNameRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_appsync_datasource" "foo" {
+	name = "01_tf_example"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_appsync_datasource_invalid_name",
+					Type:     "ERROR",
+					Message:  `name does not match valid pattern ^[_A-Za-z][_0-9A-Za-z]*$`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_appsync_datasource" "foo" {
+	name = "tf_appsync_example"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAppsyncDatasourceInvalidNameRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAppsyncDatasourceInvalidNameRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_appsync_datasource_invalid_type.go b/rules/awsrules/models/aws_appsync_datasource_invalid_type.go
new file mode 100644
index 000000000..6282dee2e
--- /dev/null
+++ b/rules/awsrules/models/aws_appsync_datasource_invalid_type.go
@@ -0,0 +1,81 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppsyncDatasourceInvalidTypeRule checks the pattern is valid
+type AwsAppsyncDatasourceInvalidTypeRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAppsyncDatasourceInvalidTypeRule returns new rule with default attributes
+func NewAwsAppsyncDatasourceInvalidTypeRule() *AwsAppsyncDatasourceInvalidTypeRule {
+	return &AwsAppsyncDatasourceInvalidTypeRule{
+		resourceType:  "aws_appsync_datasource",
+		attributeName: "type",
+		enum: []string{
+			"AWS_LAMBDA",
+			"AMAZON_DYNAMODB",
+			"AMAZON_ELASTICSEARCH",
+			"NONE",
+			"HTTP",
+			"RELATIONAL_DATABASE",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppsyncDatasourceInvalidTypeRule) Name() string {
+	return "aws_appsync_datasource_invalid_type"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppsyncDatasourceInvalidTypeRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppsyncDatasourceInvalidTypeRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppsyncDatasourceInvalidTypeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppsyncDatasourceInvalidTypeRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`type is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appsync_datasource_invalid_type_test.go b/rules/awsrules/models/aws_appsync_datasource_invalid_type_test.go
new file mode 100644
index 000000000..537510e6e
--- /dev/null
+++ b/rules/awsrules/models/aws_appsync_datasource_invalid_type_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAppsyncDatasourceInvalidTypeRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_appsync_datasource" "foo" {
+	type = "AMAZON_SIMPLEDB"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_appsync_datasource_invalid_type",
+					Type:     "ERROR",
+					Message:  `type is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_appsync_datasource" "foo" {
+	type = "AWS_LAMBDA"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAppsyncDatasourceInvalidTypeRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAppsyncDatasourceInvalidTypeRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_appsync_graphql_api_invalid_authentication_type.go b/rules/awsrules/models/aws_appsync_graphql_api_invalid_authentication_type.go
new file mode 100644
index 000000000..01022dad8
--- /dev/null
+++ b/rules/awsrules/models/aws_appsync_graphql_api_invalid_authentication_type.go
@@ -0,0 +1,79 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppsyncGraphqlAPIInvalidAuthenticationTypeRule checks the pattern is valid
+type AwsAppsyncGraphqlAPIInvalidAuthenticationTypeRule struct {
+	resourceType  string
+	attributeName string
+	enum          []string
+}
+
+// NewAwsAppsyncGraphqlAPIInvalidAuthenticationTypeRule returns new rule with default attributes
+func NewAwsAppsyncGraphqlAPIInvalidAuthenticationTypeRule() *AwsAppsyncGraphqlAPIInvalidAuthenticationTypeRule {
+	return &AwsAppsyncGraphqlAPIInvalidAuthenticationTypeRule{
+		resourceType:  "aws_appsync_graphql_api",
+		attributeName: "authentication_type",
+		enum: []string{
+			"API_KEY",
+			"AWS_IAM",
+			"AMAZON_COGNITO_USER_POOLS",
+			"OPENID_CONNECT",
+		},
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppsyncGraphqlAPIInvalidAuthenticationTypeRule) Name() string {
+	return "aws_appsync_graphql_api_invalid_authentication_type"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppsyncGraphqlAPIInvalidAuthenticationTypeRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppsyncGraphqlAPIInvalidAuthenticationTypeRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppsyncGraphqlAPIInvalidAuthenticationTypeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppsyncGraphqlAPIInvalidAuthenticationTypeRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`authentication_type is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appsync_graphql_api_invalid_authentication_type_test.go b/rules/awsrules/models/aws_appsync_graphql_api_invalid_authentication_type_test.go
new file mode 100644
index 000000000..2f6fba238
--- /dev/null
+++ b/rules/awsrules/models/aws_appsync_graphql_api_invalid_authentication_type_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAppsyncGraphqlAPIInvalidAuthenticationTypeRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_appsync_graphql_api" "foo" {
+	authentication_type = "AWS_KEY"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_appsync_graphql_api_invalid_authentication_type",
+					Type:     "ERROR",
+					Message:  `authentication_type is not a valid value`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_appsync_graphql_api" "foo" {
+	authentication_type = "API_KEY"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAppsyncGraphqlAPIInvalidAuthenticationTypeRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAppsyncGraphqlAPIInvalidAuthenticationTypeRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_appsync_resolver_invalid_data_source.go b/rules/awsrules/models/aws_appsync_resolver_invalid_data_source.go
new file mode 100644
index 000000000..e4183f0dc
--- /dev/null
+++ b/rules/awsrules/models/aws_appsync_resolver_invalid_data_source.go
@@ -0,0 +1,69 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+	"regexp"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppsyncResolverInvalidDataSourceRule checks the pattern is valid
+type AwsAppsyncResolverInvalidDataSourceRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsAppsyncResolverInvalidDataSourceRule returns new rule with default attributes
+func NewAwsAppsyncResolverInvalidDataSourceRule() *AwsAppsyncResolverInvalidDataSourceRule {
+	return &AwsAppsyncResolverInvalidDataSourceRule{
+		resourceType:  "aws_appsync_resolver",
+		attributeName: "data_source",
+		pattern:       regexp.MustCompile(`^[_A-Za-z][_0-9A-Za-z]*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppsyncResolverInvalidDataSourceRule) Name() string {
+	return "aws_appsync_resolver_invalid_data_source"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppsyncResolverInvalidDataSourceRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppsyncResolverInvalidDataSourceRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppsyncResolverInvalidDataSourceRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppsyncResolverInvalidDataSourceRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssue(
+					r,
+					`data_source does not match valid pattern ^[_A-Za-z][_0-9A-Za-z]*$`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appsync_resolver_invalid_data_source_test.go b/rules/awsrules/models/aws_appsync_resolver_invalid_data_source_test.go
new file mode 100644
index 000000000..036cc1c8c
--- /dev/null
+++ b/rules/awsrules/models/aws_appsync_resolver_invalid_data_source_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAppsyncResolverInvalidDataSourceRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_appsync_resolver" "foo" {
+	data_source = "tf-example"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_appsync_resolver_invalid_data_source",
+					Type:     "ERROR",
+					Message:  `data_source does not match valid pattern ^[_A-Za-z][_0-9A-Za-z]*$`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_appsync_resolver" "foo" {
+	data_source = "tfexample"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAppsyncResolverInvalidDataSourceRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAppsyncResolverInvalidDataSourceRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_appsync_resolver_invalid_field.go b/rules/awsrules/models/aws_appsync_resolver_invalid_field.go
new file mode 100644
index 000000000..6809cfc12
--- /dev/null
+++ b/rules/awsrules/models/aws_appsync_resolver_invalid_field.go
@@ -0,0 +1,69 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+	"regexp"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppsyncResolverInvalidFieldRule checks the pattern is valid
+type AwsAppsyncResolverInvalidFieldRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsAppsyncResolverInvalidFieldRule returns new rule with default attributes
+func NewAwsAppsyncResolverInvalidFieldRule() *AwsAppsyncResolverInvalidFieldRule {
+	return &AwsAppsyncResolverInvalidFieldRule{
+		resourceType:  "aws_appsync_resolver",
+		attributeName: "field",
+		pattern:       regexp.MustCompile(`^[_A-Za-z][_0-9A-Za-z]*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppsyncResolverInvalidFieldRule) Name() string {
+	return "aws_appsync_resolver_invalid_field"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppsyncResolverInvalidFieldRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppsyncResolverInvalidFieldRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppsyncResolverInvalidFieldRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppsyncResolverInvalidFieldRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssue(
+					r,
+					`field does not match valid pattern ^[_A-Za-z][_0-9A-Za-z]*$`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appsync_resolver_invalid_field_test.go b/rules/awsrules/models/aws_appsync_resolver_invalid_field_test.go
new file mode 100644
index 000000000..e4ea0e151
--- /dev/null
+++ b/rules/awsrules/models/aws_appsync_resolver_invalid_field_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAppsyncResolverInvalidFieldRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_appsync_resolver" "foo" {
+	field = "single-post"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_appsync_resolver_invalid_field",
+					Type:     "ERROR",
+					Message:  `field does not match valid pattern ^[_A-Za-z][_0-9A-Za-z]*$`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_appsync_resolver" "foo" {
+	field = "singlePost"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAppsyncResolverInvalidFieldRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAppsyncResolverInvalidFieldRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_appsync_resolver_invalid_request_template.go b/rules/awsrules/models/aws_appsync_resolver_invalid_request_template.go
new file mode 100644
index 000000000..5dc31c7f5
--- /dev/null
+++ b/rules/awsrules/models/aws_appsync_resolver_invalid_request_template.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppsyncResolverInvalidRequestTemplateRule checks the pattern is valid
+type AwsAppsyncResolverInvalidRequestTemplateRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsAppsyncResolverInvalidRequestTemplateRule returns new rule with default attributes
+func NewAwsAppsyncResolverInvalidRequestTemplateRule() *AwsAppsyncResolverInvalidRequestTemplateRule {
+	return &AwsAppsyncResolverInvalidRequestTemplateRule{
+		resourceType:  "aws_appsync_resolver",
+		attributeName: "request_template",
+		max:           65536,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppsyncResolverInvalidRequestTemplateRule) Name() string {
+	return "aws_appsync_resolver_invalid_request_template"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppsyncResolverInvalidRequestTemplateRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppsyncResolverInvalidRequestTemplateRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppsyncResolverInvalidRequestTemplateRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppsyncResolverInvalidRequestTemplateRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"request_template must be 65536 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"request_template must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appsync_resolver_invalid_response_template.go b/rules/awsrules/models/aws_appsync_resolver_invalid_response_template.go
new file mode 100644
index 000000000..5f7529be4
--- /dev/null
+++ b/rules/awsrules/models/aws_appsync_resolver_invalid_response_template.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppsyncResolverInvalidResponseTemplateRule checks the pattern is valid
+type AwsAppsyncResolverInvalidResponseTemplateRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsAppsyncResolverInvalidResponseTemplateRule returns new rule with default attributes
+func NewAwsAppsyncResolverInvalidResponseTemplateRule() *AwsAppsyncResolverInvalidResponseTemplateRule {
+	return &AwsAppsyncResolverInvalidResponseTemplateRule{
+		resourceType:  "aws_appsync_resolver",
+		attributeName: "response_template",
+		max:           65536,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppsyncResolverInvalidResponseTemplateRule) Name() string {
+	return "aws_appsync_resolver_invalid_response_template"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppsyncResolverInvalidResponseTemplateRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppsyncResolverInvalidResponseTemplateRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppsyncResolverInvalidResponseTemplateRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppsyncResolverInvalidResponseTemplateRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"response_template must be 65536 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"response_template must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appsync_resolver_invalid_type.go b/rules/awsrules/models/aws_appsync_resolver_invalid_type.go
new file mode 100644
index 000000000..c6684dcd7
--- /dev/null
+++ b/rules/awsrules/models/aws_appsync_resolver_invalid_type.go
@@ -0,0 +1,69 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+	"regexp"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAppsyncResolverInvalidTypeRule checks the pattern is valid
+type AwsAppsyncResolverInvalidTypeRule struct {
+	resourceType  string
+	attributeName string
+	pattern       *regexp.Regexp
+}
+
+// NewAwsAppsyncResolverInvalidTypeRule returns new rule with default attributes
+func NewAwsAppsyncResolverInvalidTypeRule() *AwsAppsyncResolverInvalidTypeRule {
+	return &AwsAppsyncResolverInvalidTypeRule{
+		resourceType:  "aws_appsync_resolver",
+		attributeName: "type",
+		pattern:       regexp.MustCompile(`^[_A-Za-z][_0-9A-Za-z]*$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAppsyncResolverInvalidTypeRule) Name() string {
+	return "aws_appsync_resolver_invalid_type"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAppsyncResolverInvalidTypeRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAppsyncResolverInvalidTypeRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAppsyncResolverInvalidTypeRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAppsyncResolverInvalidTypeRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssue(
+					r,
+					`type does not match valid pattern ^[_A-Za-z][_0-9A-Za-z]*$`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_appsync_resolver_invalid_type_test.go b/rules/awsrules/models/aws_appsync_resolver_invalid_type_test.go
new file mode 100644
index 000000000..6fc853fd4
--- /dev/null
+++ b/rules/awsrules/models/aws_appsync_resolver_invalid_type_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsAppsyncResolverInvalidTypeRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_appsync_resolver" "foo" {
+	type = "User-Config"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_appsync_resolver_invalid_type",
+					Type:     "ERROR",
+					Message:  `type does not match valid pattern ^[_A-Za-z][_0-9A-Za-z]*$`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_appsync_resolver" "foo" {
+	type = "Query"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsAppsyncResolverInvalidTypeRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsAppsyncResolverInvalidTypeRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/aws_athena_database_invalid_name.go b/rules/awsrules/models/aws_athena_database_invalid_name.go
new file mode 100644
index 000000000..214ea5851
--- /dev/null
+++ b/rules/awsrules/models/aws_athena_database_invalid_name.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAthenaDatabaseInvalidNameRule checks the pattern is valid
+type AwsAthenaDatabaseInvalidNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsAthenaDatabaseInvalidNameRule returns new rule with default attributes
+func NewAwsAthenaDatabaseInvalidNameRule() *AwsAthenaDatabaseInvalidNameRule {
+	return &AwsAthenaDatabaseInvalidNameRule{
+		resourceType:  "aws_athena_database",
+		attributeName: "name",
+		max:           255,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAthenaDatabaseInvalidNameRule) Name() string {
+	return "aws_athena_database_invalid_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAthenaDatabaseInvalidNameRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAthenaDatabaseInvalidNameRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAthenaDatabaseInvalidNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAthenaDatabaseInvalidNameRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"name must be 255 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"name must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_athena_named_query_invalid_database.go b/rules/awsrules/models/aws_athena_named_query_invalid_database.go
new file mode 100644
index 000000000..d5dedfac5
--- /dev/null
+++ b/rules/awsrules/models/aws_athena_named_query_invalid_database.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAthenaNamedQueryInvalidDatabaseRule checks the pattern is valid
+type AwsAthenaNamedQueryInvalidDatabaseRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsAthenaNamedQueryInvalidDatabaseRule returns new rule with default attributes
+func NewAwsAthenaNamedQueryInvalidDatabaseRule() *AwsAthenaNamedQueryInvalidDatabaseRule {
+	return &AwsAthenaNamedQueryInvalidDatabaseRule{
+		resourceType:  "aws_athena_named_query",
+		attributeName: "database",
+		max:           255,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAthenaNamedQueryInvalidDatabaseRule) Name() string {
+	return "aws_athena_named_query_invalid_database"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAthenaNamedQueryInvalidDatabaseRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAthenaNamedQueryInvalidDatabaseRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAthenaNamedQueryInvalidDatabaseRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAthenaNamedQueryInvalidDatabaseRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"database must be 255 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"database must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_athena_named_query_invalid_description.go b/rules/awsrules/models/aws_athena_named_query_invalid_description.go
new file mode 100644
index 000000000..2990e5bcc
--- /dev/null
+++ b/rules/awsrules/models/aws_athena_named_query_invalid_description.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAthenaNamedQueryInvalidDescriptionRule checks the pattern is valid
+type AwsAthenaNamedQueryInvalidDescriptionRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsAthenaNamedQueryInvalidDescriptionRule returns new rule with default attributes
+func NewAwsAthenaNamedQueryInvalidDescriptionRule() *AwsAthenaNamedQueryInvalidDescriptionRule {
+	return &AwsAthenaNamedQueryInvalidDescriptionRule{
+		resourceType:  "aws_athena_named_query",
+		attributeName: "description",
+		max:           1024,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAthenaNamedQueryInvalidDescriptionRule) Name() string {
+	return "aws_athena_named_query_invalid_description"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAthenaNamedQueryInvalidDescriptionRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAthenaNamedQueryInvalidDescriptionRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAthenaNamedQueryInvalidDescriptionRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAthenaNamedQueryInvalidDescriptionRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"description must be 1024 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"description must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_athena_named_query_invalid_name.go b/rules/awsrules/models/aws_athena_named_query_invalid_name.go
new file mode 100644
index 000000000..7311e4531
--- /dev/null
+++ b/rules/awsrules/models/aws_athena_named_query_invalid_name.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAthenaNamedQueryInvalidNameRule checks the pattern is valid
+type AwsAthenaNamedQueryInvalidNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsAthenaNamedQueryInvalidNameRule returns new rule with default attributes
+func NewAwsAthenaNamedQueryInvalidNameRule() *AwsAthenaNamedQueryInvalidNameRule {
+	return &AwsAthenaNamedQueryInvalidNameRule{
+		resourceType:  "aws_athena_named_query",
+		attributeName: "name",
+		max:           128,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAthenaNamedQueryInvalidNameRule) Name() string {
+	return "aws_athena_named_query_invalid_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAthenaNamedQueryInvalidNameRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAthenaNamedQueryInvalidNameRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAthenaNamedQueryInvalidNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAthenaNamedQueryInvalidNameRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"name must be 128 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"name must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_athena_named_query_invalid_query.go b/rules/awsrules/models/aws_athena_named_query_invalid_query.go
new file mode 100644
index 000000000..8563a096c
--- /dev/null
+++ b/rules/awsrules/models/aws_athena_named_query_invalid_query.go
@@ -0,0 +1,77 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsAthenaNamedQueryInvalidQueryRule checks the pattern is valid
+type AwsAthenaNamedQueryInvalidQueryRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+}
+
+// NewAwsAthenaNamedQueryInvalidQueryRule returns new rule with default attributes
+func NewAwsAthenaNamedQueryInvalidQueryRule() *AwsAthenaNamedQueryInvalidQueryRule {
+	return &AwsAthenaNamedQueryInvalidQueryRule{
+		resourceType:  "aws_athena_named_query",
+		attributeName: "query",
+		max:           262144,
+		min:           1,
+	}
+}
+
+// Name returns the rule name
+func (r *AwsAthenaNamedQueryInvalidQueryRule) Name() string {
+	return "aws_athena_named_query_invalid_query"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsAthenaNamedQueryInvalidQueryRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsAthenaNamedQueryInvalidQueryRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsAthenaNamedQueryInvalidQueryRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsAthenaNamedQueryInvalidQueryRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"query must be 262144 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"query must be 1 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_launch_template_invalid_name.go b/rules/awsrules/models/aws_launch_template_invalid_name.go
new file mode 100644
index 000000000..23630524b
--- /dev/null
+++ b/rules/awsrules/models/aws_launch_template_invalid_name.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+	"regexp"
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// AwsLaunchTemplateInvalidNameRule checks the pattern is valid
+type AwsLaunchTemplateInvalidNameRule struct {
+	resourceType  string
+	attributeName string
+	max           int
+	min           int
+	pattern       *regexp.Regexp
+}
+
+// NewAwsLaunchTemplateInvalidNameRule returns new rule with default attributes
+func NewAwsLaunchTemplateInvalidNameRule() *AwsLaunchTemplateInvalidNameRule {
+	return &AwsLaunchTemplateInvalidNameRule{
+		resourceType:  "aws_launch_template",
+		attributeName: "name",
+		max:           128,
+		min:           3,
+		pattern:       regexp.MustCompile(`^[a-zA-Z0-9\(\)\.\-/_]+$`),
+	}
+}
+
+// Name returns the rule name
+func (r *AwsLaunchTemplateInvalidNameRule) Name() string {
+	return "aws_launch_template_invalid_name"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *AwsLaunchTemplateInvalidNameRule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *AwsLaunchTemplateInvalidNameRule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *AwsLaunchTemplateInvalidNameRule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *AwsLaunchTemplateInvalidNameRule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"name must be 128 characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"name must be 3 characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssue(
+					r,
+					`name does not match valid pattern ^[a-zA-Z0-9\(\)\.\-/_]+$`,
+					attribute.Expr.Range(),
+				)
+			}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/aws_launch_template_invalid_name_test.go b/rules/awsrules/models/aws_launch_template_invalid_name_test.go
new file mode 100644
index 000000000..024fe3f21
--- /dev/null
+++ b/rules/awsrules/models/aws_launch_template_invalid_name_test.go
@@ -0,0 +1,87 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_AwsLaunchTemplateInvalidNameRule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "aws_launch_template" "foo" {
+	name = "foo[bar]"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_launch_template_invalid_name",
+					Type:     "ERROR",
+					Message:  `name does not match valid pattern ^[a-zA-Z0-9\(\)\.\-/_]+$`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_launch_template" "foo" {
+	name = "foo"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "AwsLaunchTemplateInvalidNameRule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsLaunchTemplateInvalidNameRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/mappings/acm-pca.hcl b/rules/awsrules/models/mappings/acm-pca.hcl
new file mode 100644
index 000000000..8ca1b3358
--- /dev/null
+++ b/rules/awsrules/models/mappings/acm-pca.hcl
@@ -0,0 +1,14 @@
+mapping {
+  resource {
+    type      = "aws_acmpca_certificate_authority"
+    attribute = "type"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/acm-pca/2017-08-22/api-2.json"
+    shape = "CertificateAuthorityType"
+  }
+  test {
+    ok = "SUBORDINATE"
+    ng = "ORDINATE"
+  }
+}
diff --git a/rules/awsrules/models/mappings/acm.hcl b/rules/awsrules/models/mappings/acm.hcl
new file mode 100644
index 000000000..10d233e76
--- /dev/null
+++ b/rules/awsrules/models/mappings/acm.hcl
@@ -0,0 +1,193 @@
+mapping {
+  resource {
+    type      = "aws_acm_certificate"
+    attribute = "certificate_body"
+  }
+
+  model {
+    path  = "aws-sdk-go/models/apis/acm/2015-12-08/api-2.json"
+    shape = "CertificateBody"
+  }
+
+  test {
+    ok = <<CERTIFICATE
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAfYCCQCMlVDEcxV0gDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJK
+QTEKMAgGA1UECAwBYTEKMAgGA1UEBwwBYjEKMAgGA1UECgwBYTEKMAgGA1UECwwB
+YTEKMAgGA1UEAwwBYTAeFw0xOTA1MTQxNTUxMjhaFw0yOTA1MTExNTUxMjhaMEkx
+CzAJBgNVBAYTAkpBMQowCAYDVQQIDAFhMQowCAYDVQQHDAFiMQowCAYDVQQKDAFh
+MQowCAYDVQQLDAFhMQowCAYDVQQDDAFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuY6k+pUBFm8jXhzBHiycUTe8D5nyV31kiS+Nr2DzPDcvDcVLVBPH
+mGr7CUEqdj3MAcVWGrYFTzXi97GjxsXxqZCLmj4EDtZ+2vjvt1W/xgDXt4PUV/96
+dvNAx3ZvqaaUaevMoYrzK7c541yQnmzosfinYBwTC1KsduxVpqnISfr0O+MJrg0d
+WOX4evTQ5+/ZAfGSYlKWVkNAj64KIvCsVlPBU9CZ0MQbxOgifNT9v9S7Sf/54GrM
+rsd+490euEOGS4E1/VbQF/gZ6MvTYfcE2+s244escztWzeCMGhb3PstheYGb3Lep
+ud6fw37JCCPlrh+hnOpx6zf4P1ePVaPt2QIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
+AQCoj/sZfrypif6AoLkqg2WimmK2KvWNf4srEVgI8BBIpnQpmvYdMKm4IBta8eWO
+E9Sdh2u8dnTpn9TEwK/hJpisRZey7H4pPXde86QHmJF1YjF+gdwgpsayIHsfCYJ9
+LJxew68jxO9YANwHy6RlS3c+hcNIWfSMOoct/P6vVkcMKOgA/hiMfHELlMzBK68U
+r+Ae7wRjNF4Whbxc6bdTOLocmhOjy6IvPC8x6K5RdOYaxVpRNgUz6WgQUI1gZ3hu
+YjSaGdqonttvSXhhSnoQEAHIpxvHq/PjOc5qEnzOt9nlYp3Ohr6WQAZfF3iwdd3l
+Q2V76qkXAhIjADC7VpZKJiij
+-----END CERTIFICATE-----
+CERTIFICATE
+
+    ng = <<CERTIFICATE
+-----BEGIN CERTIFICATE REQUEST-----
+MIICjjCCAXYCAQAwSTELMAkGA1UEBhMCSkExCjAIBgNVBAgMAWExCjAIBgNVBAcM
+AWIxCjAIBgNVBAoMAWExCjAIBgNVBAsMAWExCjAIBgNVBAMMAWEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5jqT6lQEWbyNeHMEeLJxRN7wPmfJXfWSJ
+L42vYPM8Ny8NxUtUE8eYavsJQSp2PcwBxVYatgVPNeL3saPGxfGpkIuaPgQO1n7a
++O+3Vb/GANe3g9RX/3p280DHdm+pppRp68yhivMrtznjXJCebOix+KdgHBMLUqx2
+7FWmqchJ+vQ74wmuDR1Y5fh69NDn79kB8ZJiUpZWQ0CPrgoi8KxWU8FT0JnQxBvE
+6CJ81P2/1LtJ//ngasyux37j3R64Q4ZLgTX9VtAX+Bnoy9Nh9wTb6zbjh6xzO1bN
+4IwaFvc+y2F5gZvct6m53p/DfskII+WuH6Gc6nHrN/g/V49Vo+3ZAgMBAAGgADAN
+BgkqhkiG9w0BAQsFAAOCAQEAA4W/lkp3oTmjIoyhZxUMv7b1zcRU/s9juzvYdfMB
+nkty65GIKc8VgRSdgdXHg9LyAmG2fw/Ek7fHzMb10a6AR6nNn8dDmDSJgP/Li/qH
+65ufOAZFwaQESmaOKuixXzpOl55k4iJCgWng1ejxZ1CSQczWdchLgW6af+ykUgLK
+i2H5CazWnCBtBRonsDKFE6TYH0NEqdFE/kAyWtKiMOXAV8Jyr2p8K5hMG/8Cusux
+Oe04sLexs2p1Og6LKAv9aWk0wYKB15Zjgx1EqKGJOwHJ5pOVXyGiQAnkqGaC0Q4N
+EUNkhA1s4v7yBuNuulIfhcbyOeLwnzElTz5RrV/1hgMWMg==
+-----END CERTIFICATE REQUEST-----
+CERTIFICATE
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_acm_certificate"
+    attribute = "certificate_chain"
+  }
+
+  model {
+    path  = "aws-sdk-go/models/apis/acm/2015-12-08/api-2.json"
+    shape = "CertificateChain"
+  }
+
+  test {
+    ok = <<CHAIN
+-----BEGIN CERTIFICATE-----
+MIIEWjCCA0KgAwIBAgIQBUNA0KLEzIER+qg3fUbgbzANBgkqhkiG9w0BAQsFADBa
+MQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl
+clRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTE2
+MTExNTEyMDMzMVoXDTI1MDUxMDEyMDAwMFowWjELMAkGA1UEBhMCSlAxIzAhBgNV
+BAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBMdGQuMSYwJAYDVQQDEx1DeWJlcnRy
+dXN0IEphcGFuIFB1YmxpYyBDQSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAJRWo0VEVKpgZL+4V59O29R5aF8TBfQ/zSXdPF5Ydxyd5p/jMknvAjo0
+U41S5eM5Zh/nM2G2J8YkVVAnAmXwsIxBjTBeR1uCb8ecoyhDbVh7yBWYTiVvy3Yn
+WwssLLWYI+eLfP13GsRSul0Z7nghTSGa2RJ8MxVrGsmB6traV7fVL84fS/y0M+Cg
+yZQnuydAtpDbrJ51phErSRktw8JDBwm7PW6Io+OKxdKG9mVbNMOfTALlCbosxnZm
+69F2JfQwE/tYYKhY41FvSwgEYY2sqTAvUkGjIsEzWat7WfmTZ0vJiXVS7ylJNJMc
+nJNznBnOXBjNTAknwT/1Sez04t9Lr48CAwEAAaOCARowggEWMB0GA1UdDgQWBBRz
+qAhTKbgV+5mA5cU32Pg5e6QTBjAfBgNVHSMEGDAWgBTlnVkwgkdYzKz6CFQ2hns6
+tQRN8DASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjA0BggrBgEF
+BQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTA6
+BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vT21uaXJv
+b3QyMDI1LmNybDA+BgNVHSAENzA1MDMGBWeBDAECMCowKAYIKwYBBQUHAgEWHGh0
+dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDQYJKoZIhvcNAQELBQADggEBABqR
+cPGWxhjLeEP8gzZ29OHVpL8EFWNvpnEbpnAWa1uYmFNf0fsSoibP04UCB0Ye21KA
+jPNuTE2OWpgxlTVvl99sIJFKhXCIn6OWCLQpbjFMu8Ro5rdzg4ekedsihWN9NMwU
++K8DqO+oukIYjF2zPnnwcSykKaUhdi0BqUtmzJhHkFjoslJllOXiJ4DQkbpjiQpR
+yjPfliI1wzAcOM3xxswHAxOq8BVHKErKYUqHkHgHFZ6Ycts+sShKqVf+Zdx9zYJV
+pItiSs0DDCCFapxWACouIVY+xPYG8EMUWXz0gK8SAwNHXLRxBtjNWhCGOiSN+ihp
+277L8LbKp8eA8OlOMiU=
+-----END CERTIFICATE-----
+CHAIN
+
+    ng = <<CHAIN
+-----BEGIN PRIVATE KEY-----
+MIIEpAIBAAKCAQEAuY6k+pUBFm8jXhzBHiycUTe8D5nyV31kiS+Nr2DzPDcvDcVL
+VBPHmGr7CUEqdj3MAcVWGrYFTzXi97GjxsXxqZCLmj4EDtZ+2vjvt1W/xgDXt4PU
+V/96dvNAx3ZvqaaUaevMoYrzK7c541yQnmzosfinYBwTC1KsduxVpqnISfr0O+MJ
+rg0dWOX4evTQ5+/ZAfGSYlKWVkNAj64KIvCsVlPBU9CZ0MQbxOgifNT9v9S7Sf/5
+4GrMrsd+490euEOGS4E1/VbQF/gZ6MvTYfcE2+s244escztWzeCMGhb3PstheYGb
+3Lepud6fw37JCCPlrh+hnOpx6zf4P1ePVaPt2QIDAQABAoIBAGN8EAXtV3zwrzSp
+E/0ai+Cbki+HKUAxEXLf1QX/Y8mYCJlIex+jzzJvwRHwJ1TnwvX8GDMP/f6+9GY6
+joVm4S85OS/EKibOZ4r9RoCz77K4Bu/0NSfM6JrXxpZqcGmzzwSPENJXjhKVFOtK
+WJsn5wZsO0izJJ7Af4jvIujNRH4sq8oO0T5OHNlJprrR8KY7+7IJrAd+JyCWxuX3
+uToqrQALpZjSLi0+60+UZIVH+F4yJtkar1MS+K5bAAtX6gxaq3embIOD5KCooHpf
++CXBuWhUpFIqdWWDKJunnbriuXPBVVx1BZBtALUMPEYZ+gR22l2s/ck0BGixsdcN
+VwDluuUCgYEA9k64okPnwUAQXyoHnA09zSJ0acr4aX/lqixY+fx0yn5Rs46WuFl0
+OkUSZ3YMoj5MM/hmrMgz2v7bleVDrsZYUM4//9bYVxRIf1/gHm6PRJDnAMDEiz7y
+crJCD1HTk/4CTcufbVnyyDt7NQe+qL9wRbTUMIojdZ1PsThv4zOuNhMCgYEAwNvu
+LXhUJ7Wc92xFwRbmhNw8nQu0YgwVkGiD5QMY/6FJhcGdLa/Ih3NvyZI+Q/x/qzTh
+udCHHlMgAftx5uA7IpZxQo0ak5a/T46X1EvRqcPZvOyDliBeYhhAXflyNfusmm5X
+cExL6g3aUXxa7ue255xkKo2Q1VH+b9YeP+pZeeMCgYEA2VqEkiTMWfvXtrLXPj1t
+IR3bjxQe/LJxkCdMaWYABkVMgeA9XvcJmvYjFIvXAEFra50zthuBryqhyfgkLxI3
+Ey++yFzmUonCpCyOESzNXttkDoUNrDdjKhXmN7Ckvf80N0SOLqhml43t3tEzzaQK
+RmkZqq/sNLkafzBnhB6yCGMCgYEAqtFhiXadmzpZ2DBXLCobbSwgp7zZPUqUwv4/
+bFUtDCYQF9+gVvnuNELDjZbxfYgkkEDbeZhARVS88eSDQ0nyNrVnhdmy42xO8KlM
+w2WQQ7xLm/Ekr5Dl6B6wzEuHpFbQz0vSOI3rY1h3uVras+Yac9RqR+JxmO/x256b
+1mK8c58CgYAA2zWV1m34tdbUmhc6ELNznbPxaM4sAe7mVooSxs02pTN5ToxMpkyn
+hLL+1AMBOhv57k6YDTzYf5adR38023TOrf6NuD9G5s0KeaFM8c7SrBt8BHA6MW9C
+7kJKP9RgFcXPFH6Z57rKykRaaDR6M+ELrhd488tOmqlwS9tnnWuoBQ==
+-----END PRIVATE KEY-----
+CHAIN
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_acm_certificate"
+    attribute = "private_key"
+  }
+
+  model {
+    path  = "aws-sdk-go/models/apis/acm/2015-12-08/api-2.json"
+    shape = "PrivateKey"
+  }
+
+  test {
+    ok = <<KEY
+-----BEGIN PRIVATE KEY-----
+MIIEpAIBAAKCAQEAuY6k+pUBFm8jXhzBHiycUTe8D5nyV31kiS+Nr2DzPDcvDcVL
+VBPHmGr7CUEqdj3MAcVWGrYFTzXi97GjxsXxqZCLmj4EDtZ+2vjvt1W/xgDXt4PU
+V/96dvNAx3ZvqaaUaevMoYrzK7c541yQnmzosfinYBwTC1KsduxVpqnISfr0O+MJ
+rg0dWOX4evTQ5+/ZAfGSYlKWVkNAj64KIvCsVlPBU9CZ0MQbxOgifNT9v9S7Sf/5
+4GrMrsd+490euEOGS4E1/VbQF/gZ6MvTYfcE2+s244escztWzeCMGhb3PstheYGb
+3Lepud6fw37JCCPlrh+hnOpx6zf4P1ePVaPt2QIDAQABAoIBAGN8EAXtV3zwrzSp
+E/0ai+Cbki+HKUAxEXLf1QX/Y8mYCJlIex+jzzJvwRHwJ1TnwvX8GDMP/f6+9GY6
+joVm4S85OS/EKibOZ4r9RoCz77K4Bu/0NSfM6JrXxpZqcGmzzwSPENJXjhKVFOtK
+WJsn5wZsO0izJJ7Af4jvIujNRH4sq8oO0T5OHNlJprrR8KY7+7IJrAd+JyCWxuX3
+uToqrQALpZjSLi0+60+UZIVH+F4yJtkar1MS+K5bAAtX6gxaq3embIOD5KCooHpf
++CXBuWhUpFIqdWWDKJunnbriuXPBVVx1BZBtALUMPEYZ+gR22l2s/ck0BGixsdcN
+VwDluuUCgYEA9k64okPnwUAQXyoHnA09zSJ0acr4aX/lqixY+fx0yn5Rs46WuFl0
+OkUSZ3YMoj5MM/hmrMgz2v7bleVDrsZYUM4//9bYVxRIf1/gHm6PRJDnAMDEiz7y
+crJCD1HTk/4CTcufbVnyyDt7NQe+qL9wRbTUMIojdZ1PsThv4zOuNhMCgYEAwNvu
+LXhUJ7Wc92xFwRbmhNw8nQu0YgwVkGiD5QMY/6FJhcGdLa/Ih3NvyZI+Q/x/qzTh
+udCHHlMgAftx5uA7IpZxQo0ak5a/T46X1EvRqcPZvOyDliBeYhhAXflyNfusmm5X
+cExL6g3aUXxa7ue255xkKo2Q1VH+b9YeP+pZeeMCgYEA2VqEkiTMWfvXtrLXPj1t
+IR3bjxQe/LJxkCdMaWYABkVMgeA9XvcJmvYjFIvXAEFra50zthuBryqhyfgkLxI3
+Ey++yFzmUonCpCyOESzNXttkDoUNrDdjKhXmN7Ckvf80N0SOLqhml43t3tEzzaQK
+RmkZqq/sNLkafzBnhB6yCGMCgYEAqtFhiXadmzpZ2DBXLCobbSwgp7zZPUqUwv4/
+bFUtDCYQF9+gVvnuNELDjZbxfYgkkEDbeZhARVS88eSDQ0nyNrVnhdmy42xO8KlM
+w2WQQ7xLm/Ekr5Dl6B6wzEuHpFbQz0vSOI3rY1h3uVras+Yac9RqR+JxmO/x256b
+1mK8c58CgYAA2zWV1m34tdbUmhc6ELNznbPxaM4sAe7mVooSxs02pTN5ToxMpkyn
+hLL+1AMBOhv57k6YDTzYf5adR38023TOrf6NuD9G5s0KeaFM8c7SrBt8BHA6MW9C
+7kJKP9RgFcXPFH6Z57rKykRaaDR6M+ELrhd488tOmqlwS9tnnWuoBQ==
+-----END PRIVATE KEY-----
+KEY
+
+    ng = <<KEY
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAfYCCQCMlVDEcxV0gDANBgkqhkiG9w0BAQUFADBJMQswCQYDVQQGEwJK
+QTEKMAgGA1UECAwBYTEKMAgGA1UEBwwBYjEKMAgGA1UECgwBYTEKMAgGA1UECwwB
+YTEKMAgGA1UEAwwBYTAeFw0xOTA1MTQxNTUxMjhaFw0yOTA1MTExNTUxMjhaMEkx
+CzAJBgNVBAYTAkpBMQowCAYDVQQIDAFhMQowCAYDVQQHDAFiMQowCAYDVQQKDAFh
+MQowCAYDVQQLDAFhMQowCAYDVQQDDAFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuY6k+pUBFm8jXhzBHiycUTe8D5nyV31kiS+Nr2DzPDcvDcVLVBPH
+mGr7CUEqdj3MAcVWGrYFTzXi97GjxsXxqZCLmj4EDtZ+2vjvt1W/xgDXt4PUV/96
+dvNAx3ZvqaaUaevMoYrzK7c541yQnmzosfinYBwTC1KsduxVpqnISfr0O+MJrg0d
+WOX4evTQ5+/ZAfGSYlKWVkNAj64KIvCsVlPBU9CZ0MQbxOgifNT9v9S7Sf/54GrM
+rsd+490euEOGS4E1/VbQF/gZ6MvTYfcE2+s244escztWzeCMGhb3PstheYGb3Lep
+ud6fw37JCCPlrh+hnOpx6zf4P1ePVaPt2QIDAQABMA0GCSqGSIb3DQEBBQUAA4IB
+AQCoj/sZfrypif6AoLkqg2WimmK2KvWNf4srEVgI8BBIpnQpmvYdMKm4IBta8eWO
+E9Sdh2u8dnTpn9TEwK/hJpisRZey7H4pPXde86QHmJF1YjF+gdwgpsayIHsfCYJ9
+LJxew68jxO9YANwHy6RlS3c+hcNIWfSMOoct/P6vVkcMKOgA/hiMfHELlMzBK68U
+r+Ae7wRjNF4Whbxc6bdTOLocmhOjy6IvPC8x6K5RdOYaxVpRNgUz6WgQUI1gZ3hu
+YjSaGdqonttvSXhhSnoQEAHIpxvHq/PjOc5qEnzOt9nlYp3Ohr6WQAZfF3iwdd3l
+Q2V76qkXAhIjADC7VpZKJiij
+-----END CERTIFICATE-----
+KEY
+  }
+}
diff --git a/rules/awsrules/models/mappings/apigateway.hcl b/rules/awsrules/models/mappings/apigateway.hcl
new file mode 100644
index 000000000..722653999
--- /dev/null
+++ b/rules/awsrules/models/mappings/apigateway.hcl
@@ -0,0 +1,164 @@
+mapping {
+  resource {
+    type      = "aws_api_gateway_gateway_response"
+    attribute = "status_code"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/apigateway/2015-07-09/api-2.json"
+    shape = "StatusCode"
+  }
+  test {
+    ok = "200"
+    ng = "004"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_api_gateway_integration_response"
+    attribute = "status_code"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/apigateway/2015-07-09/api-2.json"
+    shape = "StatusCode"
+  }
+  test {
+    ok = "200"
+    ng = "004"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_api_gateway_method_response"
+    attribute = "status_code"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/apigateway/2015-07-09/api-2.json"
+    shape = "StatusCode"
+  }
+  test {
+    ok = "200"
+    ng = "004"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_api_gateway_authorizer"
+    attribute = "type"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/apigateway/2015-07-09/api-2.json"
+    shape = "AuthorizerType"
+  }
+  test {
+    ok = "TOKEN"
+    ng = "RESPONSE"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_api_gateway_gateway_response"
+    attribute = "response_type"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/apigateway/2015-07-09/api-2.json"
+    shape = "GatewayResponseType"
+  }
+  test {
+    ok = "UNAUTHORIZED"
+    ng = "4XX"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_api_gateway_integration"
+    attribute = "type"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/apigateway/2015-07-09/api-2.json"
+    shape = "IntegrationType"
+  }
+  test {
+    ok = "HTTP"
+    ng = "AWS_HTTP"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_api_gateway_integration"
+    attribute = "connection_type"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/apigateway/2015-07-09/api-2.json"
+    shape = "ConnectionType"
+  }
+  test {
+    ok = "INTERNET"
+    ng = "INTRANET"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_api_gateway_integration"
+    attribute = "content_handling"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/apigateway/2015-07-09/api-2.json"
+    shape = "ContentHandlingStrategy"
+  }
+  test {
+    ok = "CONVERT_TO_BINARY"
+    ng = "CONVERT_TO_FILE"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_api_gateway_integration_response"
+    attribute = "content_handling"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/apigateway/2015-07-09/api-2.json"
+    shape = "ContentHandlingStrategy"
+  }
+  test {
+    ok = "CONVERT_TO_BINARY"
+    ng = "CONVERT_TO_FILE"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_api_gateway_rest_api"
+    attribute = "api_key_source"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/apigateway/2015-07-09/api-2.json"
+    shape = "ApiKeySourceType"
+  }
+  test {
+    ok = "AUTHORIZER"
+    ng = "BODY"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_api_gateway_stage"
+    attribute = "cache_cluster_size"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/apigateway/2015-07-09/api-2.json"
+    shape = "CacheClusterSize"
+  }
+  test {
+    ok = "6.1"
+    ng = "6.2"
+  }
+}
diff --git a/rules/awsrules/models/mappings/application-autoscaling.hcl b/rules/awsrules/models/mappings/application-autoscaling.hcl
new file mode 100644
index 000000000..9af7cc25a
--- /dev/null
+++ b/rules/awsrules/models/mappings/application-autoscaling.hcl
@@ -0,0 +1,104 @@
+mapping {
+  resource {
+    type      = "aws_appautoscaling_policy"
+    attribute = "policy_type"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/application-autoscaling/2016-02-06/api-2.json"
+    shape = "PolicyType"
+  }
+  test {
+    ok = "StepScaling"
+    ng = "StopScaling"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appautoscaling_policy"
+    attribute = "scalable_dimension"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/application-autoscaling/2016-02-06/api-2.json"
+    shape = "ScalableDimension"
+  }
+  test {
+    ok = "ecs:service:DesiredCount"
+    ng = "ecs:service:DesireCount"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appautoscaling_scheduled_action"
+    attribute = "scalable_dimension"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/application-autoscaling/2016-02-06/api-2.json"
+    shape = "ScalableDimension"
+  }
+  test {
+    ok = "ecs:service:DesiredCount"
+    ng = "ecs:service:DesireCount"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appautoscaling_target"
+    attribute = "scalable_dimension"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/application-autoscaling/2016-02-06/api-2.json"
+    shape = "ScalableDimension"
+  }
+  test {
+    ok = "ecs:service:DesiredCount"
+    ng = "ecs:service:DesireCount"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appautoscaling_policy"
+    attribute = "service_namespace"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/application-autoscaling/2016-02-06/api-2.json"
+    shape = "ServiceNamespace"
+  }
+  test {
+    ok = "ecs"
+    ng = "eks"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appautoscaling_scheduled_action"
+    attribute = "service_namespace"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/application-autoscaling/2016-02-06/api-2.json"
+    shape = "ServiceNamespace"
+  }
+  test {
+    ok = "ecs"
+    ng = "eks"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appautoscaling_target"
+    attribute = "service_namespace"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/application-autoscaling/2016-02-06/api-2.json"
+    shape = "ServiceNamespace"
+  }
+  test {
+    ok = "ecs"
+    ng = "eks"
+  }
+}
diff --git a/rules/awsrules/models/mappings/appmesh.hcl b/rules/awsrules/models/mappings/appmesh.hcl
new file mode 100644
index 000000000..042bc1521
--- /dev/null
+++ b/rules/awsrules/models/mappings/appmesh.hcl
@@ -0,0 +1,109 @@
+mapping {
+  resource {
+    type      = "aws_appmesh_mesh"
+    attribute = "name"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appmesh/2019-01-25/api-2.json"
+    shape = "ResourceName"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appmesh_route"
+    attribute = "name"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appmesh/2019-01-25/api-2.json"
+    shape = "ResourceName"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appmesh_route"
+    attribute = "mesh_name"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appmesh/2019-01-25/api-2.json"
+    shape = "ResourceName"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appmesh_route"
+    attribute = "virtual_router_name"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appmesh/2019-01-25/api-2.json"
+    shape = "ResourceName"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appmesh_virtual_node"
+    attribute = "name"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appmesh/2019-01-25/api-2.json"
+    shape = "ResourceName"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appmesh_virtual_node"
+    attribute = "mesh_name"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appmesh/2019-01-25/api-2.json"
+    shape = "ResourceName"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appmesh_virtual_router"
+    attribute = "name"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appmesh/2019-01-25/api-2.json"
+    shape = "ResourceName"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appmesh_virtual_router"
+    attribute = "mesh_name"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appmesh/2019-01-25/api-2.json"
+    shape = "ResourceName"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appmesh_virtual_service"
+    attribute = "name"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appmesh/2019-01-25/api-2.json"
+    shape = "ResourceName"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appmesh_virtual_service"
+    attribute = "mesh_name"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appmesh/2019-01-25/api-2.json"
+    shape = "ResourceName"
+  }
+}
diff --git a/rules/awsrules/models/mappings/appsync.hcl b/rules/awsrules/models/mappings/appsync.hcl
new file mode 100644
index 000000000..496c35607
--- /dev/null
+++ b/rules/awsrules/models/mappings/appsync.hcl
@@ -0,0 +1,111 @@
+mapping {
+  resource {
+    type      = "aws_appsync_datasource"
+    attribute = "name"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appsync/2017-07-25/api-2.json"
+    shape = "ResourceName"
+  }
+  test {
+    ok = "tf_appsync_example"
+    ng = "01_tf_example"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appsync_datasource"
+    attribute = "type"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appsync/2017-07-25/api-2.json"
+    shape = "DataSourceType"
+  }
+  test {
+    ok = "AWS_LAMBDA"
+    ng = "AMAZON_SIMPLEDB"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appsync_graphql_api"
+    attribute = "authentication_type"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appsync/2017-07-25/api-2.json"
+    shape = "AuthenticationType"
+  }
+  test {
+    ok = "API_KEY"
+    ng = "AWS_KEY"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appsync_resolver"
+    attribute = "type"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appsync/2017-07-25/api-2.json"
+    shape = "ResourceName"
+  }
+  test {
+    ok = "Query"
+    ng = "User-Config"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appsync_resolver"
+    attribute = "field"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appsync/2017-07-25/api-2.json"
+    shape = "ResourceName"
+  }
+  test {
+    ok = "singlePost"
+    ng = "single-post"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appsync_resolver"
+    attribute = "data_source"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appsync/2017-07-25/api-2.json"
+    shape = "ResourceName"
+  }
+  test {
+    ok = "tfexample"
+    ng = "tf-example"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appsync_resolver"
+    attribute = "request_template"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appsync/2017-07-25/api-2.json"
+    shape = "MappingTemplate"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_appsync_resolver"
+    attribute = "response_template"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/appsync/2017-07-25/api-2.json"
+    shape = "MappingTemplate"
+  }
+}
diff --git a/rules/awsrules/models/mappings/athena.hcl b/rules/awsrules/models/mappings/athena.hcl
new file mode 100644
index 000000000..51b8e1c9c
--- /dev/null
+++ b/rules/awsrules/models/mappings/athena.hcl
@@ -0,0 +1,54 @@
+mapping {
+  resource {
+    type      = "aws_athena_database"
+    attribute = "name"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/athena/2017-05-18/api-2.json"
+    shape = "DatabaseString"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_athena_named_query"
+    attribute = "name"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/athena/2017-05-18/api-2.json"
+    shape = "NameString"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_athena_named_query"
+    attribute = "database"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/athena/2017-05-18/api-2.json"
+    shape = "DatabaseString"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_athena_named_query"
+    attribute = "query"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/athena/2017-05-18/api-2.json"
+    shape = "QueryString"
+  }
+}
+
+mapping {
+  resource {
+    type      = "aws_athena_named_query"
+    attribute = "description"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/athena/2017-05-18/api-2.json"
+    shape = "DescriptionString"
+  }
+}
diff --git a/rules/awsrules/models/mappings/ec2.hcl b/rules/awsrules/models/mappings/ec2.hcl
new file mode 100644
index 000000000..52b3cb37f
--- /dev/null
+++ b/rules/awsrules/models/mappings/ec2.hcl
@@ -0,0 +1,14 @@
+mapping {
+  resource {
+    type      = "aws_launch_template"
+    attribute = "name"
+  }
+  model {
+    path  = "aws-sdk-go/models/apis/ec2/2016-11-15/api-2.json"
+    shape = "LaunchTemplateName"
+  }
+  test {
+    ok = "foo"
+    ng = "foo[bar]"
+  }
+}
diff --git a/rules/awsrules/models/models_test.go b/rules/awsrules/models/models_test.go
new file mode 100644
index 000000000..55d988b95
--- /dev/null
+++ b/rules/awsrules/models/models_test.go
@@ -0,0 +1,109 @@
+package models
+
+import (
+	"io/ioutil"
+	"log"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func TestMain(m *testing.M) {
+	log.SetOutput(ioutil.Discard)
+	os.Exit(m.Run())
+}
+
+// This test is a manual test on length
+// it is implemented for only one rule to test that the minimal logic works correctly.
+func Test_Length(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It is too short",
+			Content: `
+resource "aws_launch_template" "foo" {
+	name = "go"
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_launch_template_invalid_name",
+					Type:     "ERROR",
+					Message:  `name must be 3 characters or higher`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is too long",
+			Content: `
+resource "aws_launch_template" "foo" {
+	name = "Lorem_ipsum_dolor_sit_amet_consectetur_adipisicing_elit_sed_do_eiusmod_tempor_incididunt_ut_labore_et_dolore_magna_aliqua.Ut_enim_ad_minim_veniam_quis_nostrud_exercitation_ullamco_laboris_nisi_ut_aliquip_ex_ea_commodo_consequat.Duis_aute_irure_dolor_in_reprehenderit_in_voluptate_velit_esse_cillum_dolore_eu_fugiat_nulla_pariatur.Excepteur_sint_occaecat_cupidatat_non_proident_sunt_in_culpa_qui_officia_deserunt_mollit_anim_id_est_laborum."
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "aws_launch_template_invalid_name",
+					Type:     "ERROR",
+					Message:  `name must be 128 characters or less`,
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "aws_launch_template" "foo" {
+	name = "foo"
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "Models__length")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := NewAwsLaunchTemplateInvalidNameRule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/awsrules/models/pattern_rule.go.tmpl b/rules/awsrules/models/pattern_rule.go.tmpl
new file mode 100644
index 000000000..282b848f3
--- /dev/null
+++ b/rules/awsrules/models/pattern_rule.go.tmpl
@@ -0,0 +1,135 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"log"
+{{- if ne .Pattern "" }}
+	"regexp"
+{{- end }}
+
+	"github.com/hashicorp/hcl2/hcl"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+// {{ .RuleNameCC }}Rule checks the pattern is valid
+type {{ .RuleNameCC }}Rule struct {
+	resourceType  string
+	attributeName string
+{{- if ne .Max 0 }}
+	max           int
+{{- end }}
+{{- if ne .Min 0 }}
+	min           int
+{{- end }}
+{{- if ne .Pattern "" }}
+	pattern       *regexp.Regexp
+{{- end }}
+{{- if ne (len .Enum) 0 }}
+	enum          []string
+{{- end }}
+}
+
+// New{{ .RuleNameCC }}Rule returns new rule with default attributes
+func New{{ .RuleNameCC }}Rule() *{{ .RuleNameCC }}Rule {
+	return &{{ .RuleNameCC }}Rule{
+		resourceType:  "{{ .ResourceType }}",
+		attributeName: "{{ .AttributeName }}",
+{{- if ne .Max 0 }}
+		max:           {{ .Max }},
+{{- end }}
+{{- if ne .Min 0 }}
+		min:           {{ .Min }},
+{{- end }}
+{{- if ne .Pattern "" }}
+		pattern:       regexp.MustCompile(`^{{ .Pattern }}$`),
+{{- end }}
+{{- if ne (len .Enum) 0 }}
+		enum: []string{
+{{- range $v := .Enum }}
+			"{{ $v }}",
+{{- end }}
+		},
+{{- end }}
+	}
+}
+
+// Name returns the rule name
+func (r *{{ .RuleNameCC }}Rule) Name() string {
+	return "{{ .RuleName }}"
+}
+
+// Enabled returns whether the rule is enabled by default
+func (r *{{ .RuleNameCC }}Rule) Enabled() bool {
+	return true
+}
+
+// Type returns the rule severity
+func (r *{{ .RuleNameCC }}Rule) Type() string {
+	return issue.ERROR
+}
+
+// Link returns the rule reference link
+func (r *{{ .RuleNameCC }}Rule) Link() string {
+	return ""
+}
+
+// Check checks the pattern is valid
+func (r *{{ .RuleNameCC }}Rule) Check(runner *tflint.Runner) error {
+	log.Printf("[INFO] Check `%s` rule for `%s` runner", r.Name(), runner.TFConfigPath())
+
+	return runner.WalkResourceAttributes(r.resourceType, r.attributeName, func(attribute *hcl.Attribute) error {
+		var val string
+		err := runner.EvaluateExpr(attribute.Expr, &val)
+
+		return runner.EnsureNoError(err, func() error {
+{{- if ne .Max 0 }}
+			if len(val) > r.max {
+				runner.EmitIssue(
+					r,
+					"{{ .AttributeName }} must be {{ .Max }} characters or less",
+					attribute.Expr.Range(),
+				)
+			}
+{{- end }}
+
+{{- if ne .Min 0 }}
+			if len(val) < r.min {
+				runner.EmitIssue(
+					r,
+					"{{ .AttributeName }} must be {{ .Min }} characters or higher",
+					attribute.Expr.Range(),
+				)
+			}
+{{- end }}
+
+{{- if ne .Pattern "" }}
+			if !r.pattern.MatchString(val) {
+				runner.EmitIssue(
+					r,
+					`{{ .AttributeName }} does not match valid pattern ^{{ .Pattern }}$`,
+					attribute.Expr.Range(),
+				)
+			}
+{{- end }}
+
+{{- if ne (len .Enum) 0 }}
+			found := false
+			for _, item := range r.enum {
+				if item == val {
+					found = true
+				}
+			}
+			if !found {
+				runner.EmitIssue(
+					r,
+					`{{ .AttributeName }} is not a valid value`,
+					attribute.Expr.Range(),
+				)
+			}
+{{- end }}
+			return nil
+		})
+	})
+}
diff --git a/rules/awsrules/models/pattern_rule_test.go.tmpl b/rules/awsrules/models/pattern_rule_test.go.tmpl
new file mode 100644
index 000000000..2a891f302
--- /dev/null
+++ b/rules/awsrules/models/pattern_rule_test.go.tmpl
@@ -0,0 +1,92 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package models
+
+import (
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+	"github.com/hashicorp/terraform/configs"
+	"github.com/hashicorp/terraform/configs/configload"
+	"github.com/hashicorp/terraform/terraform"
+	"github.com/wata727/tflint/issue"
+	"github.com/wata727/tflint/tflint"
+)
+
+func Test_{{ .RuleNameCC }}Rule(t *testing.T) {
+	cases := []struct {
+		Name     string
+		Content  string
+		Expected issue.Issues
+	}{
+		{
+			Name: "It includes invalid characters",
+			Content: `
+resource "{{ .ResourceType }}" "foo" {
+	{{ .AttributeName }} = {{ .TestNG }}
+}`,
+			Expected: []*issue.Issue{
+				{
+					Detector: "{{ .RuleName }}",
+					Type:     "ERROR",
+{{- if ne .Pattern "" }}
+					Message:  `{{ .AttributeName }} does not match valid pattern ^{{ .Pattern }}$`,
+{{- end }}
+{{- if ne (len .Enum) 0 }}
+					Message:  `{{ .AttributeName }} is not a valid value`,
+{{- end }}
+					Line:     3,
+					File:     "resource.tf",
+				},
+			},
+		},
+		{
+			Name: "It is valid",
+			Content: `
+resource "{{ .ResourceType }}" "foo" {
+	{{ .AttributeName }} = {{ .TestOK }}
+}`,
+			Expected: []*issue.Issue{},
+		},
+	}
+
+	dir, err := ioutil.TempDir("", "{{ .RuleNameCC }}Rule")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(dir)
+
+	for _, tc := range cases {
+		loader, err := configload.NewLoader(&configload.Config{})
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		err = ioutil.WriteFile(dir+"/resource.tf", []byte(tc.Content), os.ModePerm)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		mod, diags := loader.Parser().LoadConfigDir(dir)
+		if diags.HasErrors() {
+			t.Fatal(diags)
+		}
+		cfg, tfdiags := configs.BuildConfig(mod, configs.DisabledModuleWalker)
+		if tfdiags.HasErrors() {
+			t.Fatal(tfdiags)
+		}
+
+		runner := tflint.NewRunner(tflint.EmptyConfig(), cfg, map[string]*terraform.InputValue{})
+		rule := New{{ .RuleNameCC }}Rule()
+
+		if err = rule.Check(runner); err != nil {
+			t.Fatalf("Unexpected error occurred: %s", err)
+		}
+
+		if !cmp.Equal(tc.Expected, runner.Issues) {
+			t.Fatalf("Expected issues are not matched:\n %s\n", cmp.Diff(tc.Expected, runner.Issues))
+		}
+	}
+}
diff --git a/rules/provider.go b/rules/provider.go
index c5c2c7497..fe79cd857 100644
--- a/rules/provider.go
+++ b/rules/provider.go
@@ -16,7 +16,9 @@ type Rule interface {
 }
 
 // DefaultRules is rules by default
-var DefaultRules = []Rule{
+var DefaultRules = append(manualRules, modelRules...)
+
+var manualRules = []Rule{
 	awsrules.NewAwsCloudwatchMetricAlarmInvalidUnitRule(),
 	awsrules.NewAwsDBInstanceDefaultParameterGroupRule(),
 	awsrules.NewAwsDBInstanceInvalidTypeRule(),
diff --git a/rules/provider_model.go b/rules/provider_model.go
new file mode 100644
index 000000000..78d5350fb
--- /dev/null
+++ b/rules/provider_model.go
@@ -0,0 +1,54 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package rules
+
+import awsmodelrules "github.com/wata727/tflint/rules/awsrules/models"
+
+var modelRules = []Rule{
+	awsmodelrules.NewAwsAcmpcaCertificateAuthorityInvalidTypeRule(),
+	awsmodelrules.NewAwsAcmCertificateInvalidCertificateBodyRule(),
+	awsmodelrules.NewAwsAcmCertificateInvalidCertificateChainRule(),
+	awsmodelrules.NewAwsAcmCertificateInvalidPrivateKeyRule(),
+	awsmodelrules.NewAwsAPIGatewayGatewayResponseInvalidStatusCodeRule(),
+	awsmodelrules.NewAwsAPIGatewayIntegrationResponseInvalidStatusCodeRule(),
+	awsmodelrules.NewAwsAPIGatewayMethodResponseInvalidStatusCodeRule(),
+	awsmodelrules.NewAwsAPIGatewayAuthorizerInvalidTypeRule(),
+	awsmodelrules.NewAwsAPIGatewayGatewayResponseInvalidResponseTypeRule(),
+	awsmodelrules.NewAwsAPIGatewayIntegrationInvalidTypeRule(),
+	awsmodelrules.NewAwsAPIGatewayIntegrationInvalidConnectionTypeRule(),
+	awsmodelrules.NewAwsAPIGatewayIntegrationInvalidContentHandlingRule(),
+	awsmodelrules.NewAwsAPIGatewayIntegrationResponseInvalidContentHandlingRule(),
+	awsmodelrules.NewAwsAPIGatewayRestAPIInvalidAPIKeySourceRule(),
+	awsmodelrules.NewAwsAPIGatewayStageInvalidCacheClusterSizeRule(),
+	awsmodelrules.NewAwsAppautoscalingPolicyInvalidPolicyTypeRule(),
+	awsmodelrules.NewAwsAppautoscalingPolicyInvalidScalableDimensionRule(),
+	awsmodelrules.NewAwsAppautoscalingScheduledActionInvalidScalableDimensionRule(),
+	awsmodelrules.NewAwsAppautoscalingTargetInvalidScalableDimensionRule(),
+	awsmodelrules.NewAwsAppautoscalingPolicyInvalidServiceNamespaceRule(),
+	awsmodelrules.NewAwsAppautoscalingScheduledActionInvalidServiceNamespaceRule(),
+	awsmodelrules.NewAwsAppautoscalingTargetInvalidServiceNamespaceRule(),
+	awsmodelrules.NewAwsAppmeshMeshInvalidNameRule(),
+	awsmodelrules.NewAwsAppmeshRouteInvalidNameRule(),
+	awsmodelrules.NewAwsAppmeshRouteInvalidMeshNameRule(),
+	awsmodelrules.NewAwsAppmeshRouteInvalidVirtualRouterNameRule(),
+	awsmodelrules.NewAwsAppmeshVirtualNodeInvalidNameRule(),
+	awsmodelrules.NewAwsAppmeshVirtualNodeInvalidMeshNameRule(),
+	awsmodelrules.NewAwsAppmeshVirtualRouterInvalidNameRule(),
+	awsmodelrules.NewAwsAppmeshVirtualRouterInvalidMeshNameRule(),
+	awsmodelrules.NewAwsAppmeshVirtualServiceInvalidNameRule(),
+	awsmodelrules.NewAwsAppmeshVirtualServiceInvalidMeshNameRule(),
+	awsmodelrules.NewAwsAppsyncDatasourceInvalidNameRule(),
+	awsmodelrules.NewAwsAppsyncDatasourceInvalidTypeRule(),
+	awsmodelrules.NewAwsAppsyncGraphqlAPIInvalidAuthenticationTypeRule(),
+	awsmodelrules.NewAwsAppsyncResolverInvalidTypeRule(),
+	awsmodelrules.NewAwsAppsyncResolverInvalidFieldRule(),
+	awsmodelrules.NewAwsAppsyncResolverInvalidDataSourceRule(),
+	awsmodelrules.NewAwsAppsyncResolverInvalidRequestTemplateRule(),
+	awsmodelrules.NewAwsAppsyncResolverInvalidResponseTemplateRule(),
+	awsmodelrules.NewAwsAthenaDatabaseInvalidNameRule(),
+	awsmodelrules.NewAwsAthenaNamedQueryInvalidNameRule(),
+	awsmodelrules.NewAwsAthenaNamedQueryInvalidDatabaseRule(),
+	awsmodelrules.NewAwsAthenaNamedQueryInvalidQueryRule(),
+	awsmodelrules.NewAwsAthenaNamedQueryInvalidDescriptionRule(),
+	awsmodelrules.NewAwsLaunchTemplateInvalidNameRule(),
+}
diff --git a/rules/provider_model.go.tmpl b/rules/provider_model.go.tmpl
new file mode 100644
index 000000000..223d02601
--- /dev/null
+++ b/rules/provider_model.go.tmpl
@@ -0,0 +1,11 @@
+// This file generated by `tools/model-rule-gen/main.go`. DO NOT EDIT
+
+package rules
+
+import awsmodelrules "github.com/wata727/tflint/rules/awsrules/models"
+
+var modelRules = []Rule{
+	{{- range $v := .RuleNameCCList }}
+	awsmodelrules.New{{ $v }}Rule(),
+	{{- end }}
+}
diff --git a/tools/model-rule-gen/main.go b/tools/model-rule-gen/main.go
new file mode 100644
index 000000000..39ea6627e
--- /dev/null
+++ b/tools/model-rule-gen/main.go
@@ -0,0 +1,79 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"path/filepath"
+
+	"github.com/hashicorp/hcl2/gohcl"
+	"github.com/hashicorp/hcl2/hclparse"
+)
+
+type mappingFile struct {
+	Mappings []mapping `hcl:"mapping,block"`
+}
+
+type mapping struct {
+	Resource resource `hcl:"resource,block"`
+	Model    model    `hcl:"model,block"`
+	Test     *test    `hcl:"test,block"`
+}
+
+type mappings []mapping
+
+type resource struct {
+	Type      string `hcl:"type"`
+	Attribute string `hcl:"attribute"`
+}
+
+type model struct {
+	Path  string `hcl:"path"`
+	Shape string `hcl:"shape"`
+}
+
+type test struct {
+	OK string `hcl:"ok"`
+	NG string `hcl:"ng"`
+}
+
+func main() {
+	files, err := filepath.Glob("rules/awsrules/models/mappings/*.hcl")
+	if err != nil {
+		panic(err)
+	}
+
+	mappings := mappings{}
+	for _, file := range files {
+		parser := hclparse.NewParser()
+		f, diags := parser.ParseHCLFile(file)
+		if diags.HasErrors() {
+			panic(diags)
+		}
+
+		var mf mappingFile
+		diags = gohcl.DecodeBody(f.Body, nil, &mf)
+		if diags.HasErrors() {
+			panic(diags)
+		}
+		mappings = append(mappings, mf.Mappings...)
+	}
+
+	for _, mapping := range mappings {
+		raw, err := ioutil.ReadFile(fmt.Sprintf("rules/awsrules/models/%s", mapping.Model.Path))
+		if err != nil {
+			panic(err)
+		}
+
+		var api map[string]interface{}
+		err = json.Unmarshal(raw, &api)
+		if err != nil {
+			panic(err)
+		}
+		shapes := api["shapes"].(map[string]interface{})
+
+		generateRuleFile(mapping, shapes)
+	}
+
+	generateProviderFile(mappings)
+}
diff --git a/tools/model-rule-gen/provider.go b/tools/model-rule-gen/provider.go
new file mode 100644
index 000000000..80ff24c93
--- /dev/null
+++ b/tools/model-rule-gen/provider.go
@@ -0,0 +1,25 @@
+package main
+
+import (
+	"fmt"
+
+	"github.com/wata727/tflint/tools/utils"
+)
+
+type providerMeta struct {
+	RuleNameCCList []string
+}
+
+func generateProviderFile(mappings mappings) {
+	meta := &providerMeta{}
+
+	for _, mapping := range mappings {
+		resource := mapping.Resource.Type
+		attribute := mapping.Resource.Attribute
+		ruleName := fmt.Sprintf("%s_invalid_%s", resource, attribute)
+
+		meta.RuleNameCCList = append(meta.RuleNameCCList, utils.ToCamel(ruleName))
+	}
+
+	utils.GenerateFile("rules/provider_model.go", "rules/provider_model.go.tmpl", meta)
+}
diff --git a/tools/model-rule-gen/rule.go b/tools/model-rule-gen/rule.go
new file mode 100644
index 000000000..ed482c644
--- /dev/null
+++ b/tools/model-rule-gen/rule.go
@@ -0,0 +1,85 @@
+package main
+
+import (
+	"fmt"
+	"regexp"
+	"strings"
+
+	"github.com/wata727/tflint/tools/utils"
+)
+
+type ruleMeta struct {
+	RuleName      string
+	RuleNameCC    string
+	ResourceType  string
+	AttributeName string
+	Max           int
+	Min           int
+	Pattern       string
+	Enum          []string
+	TestOK        string
+	TestNG        string
+}
+
+func generateRuleFile(mapping mapping, shapes map[string]interface{}) {
+	resource := mapping.Resource.Type
+	attribute := mapping.Resource.Attribute
+	ruleName := fmt.Sprintf("%s_invalid_%s", resource, attribute)
+	model := shapes[mapping.Model.Shape].(map[string]interface{})
+
+	meta := &ruleMeta{
+		RuleName:      ruleName,
+		RuleNameCC:    utils.ToCamel(ruleName),
+		ResourceType:  resource,
+		AttributeName: attribute,
+		Max:           fetchNumber(model, "max"),
+		Min:           fetchNumber(model, "min"),
+		Pattern:       replacePattern(fetchString(model, "pattern")),
+		Enum:          fetchStrings(model, "enum"),
+	}
+
+	utils.GenerateFile(fmt.Sprintf("rules/awsrules/models/%s.go", ruleName), "rules/awsrules/models/pattern_rule.go.tmpl", meta)
+	if mapping.Test != nil {
+		meta.TestOK = formatTest(mapping.Test.OK)
+		meta.TestNG = formatTest(mapping.Test.NG)
+		utils.GenerateFile(fmt.Sprintf("rules/awsrules/models/%s_test.go", ruleName), "rules/awsrules/models/pattern_rule_test.go.tmpl", meta)
+	}
+}
+
+func fetchNumber(model map[string]interface{}, key string) int {
+	if v, ok := model[key]; ok {
+		return int(v.(float64))
+	}
+	return 0
+}
+
+func fetchStrings(model map[string]interface{}, key string) []string {
+	if raw, ok := model[key]; ok {
+		list := raw.([]interface{})
+		ret := make([]string, len(list))
+		for i, v := range list {
+			ret[i] = v.(string)
+		}
+		return ret
+	}
+	return []string{}
+}
+
+func fetchString(model map[string]interface{}, key string) string {
+	if v, ok := model[key]; ok {
+		return v.(string)
+	}
+	return ""
+}
+
+func replacePattern(pattern string) string {
+	reg := regexp.MustCompile(`\\u([0-9A-F]{4})`)
+	return reg.ReplaceAllString(pattern, `\x{$1}`)
+}
+
+func formatTest(body string) string {
+	if strings.Contains(body, "\n") {
+		return fmt.Sprintf("<<TEXT\n%sTEXT", body)
+	}
+	return fmt.Sprintf(`"%s"`, body)
+}
diff --git a/tools/rule_generator.go b/tools/rule_generator.go
index be888c40d..bb6559fd5 100644
--- a/tools/rule_generator.go
+++ b/tools/rule_generator.go
@@ -5,9 +5,8 @@ import (
 	"fmt"
 	"os"
 	"strings"
-	"text/template"
 
-	"github.com/iancoleman/strcase"
+	"github.com/wata727/tflint/tools/utils"
 )
 
 type metadata struct {
@@ -24,41 +23,8 @@ func main() {
 	}
 	ruleName = strings.Trim(ruleName, "\n")
 
-	meta := &metadata{RuleNameCC: toCamelCase(ruleName), RuleName: ruleName}
+	meta := &metadata{RuleNameCC: utils.ToCamel(ruleName), RuleName: ruleName}
 
-	generate(fmt.Sprintf("rules/awsrules/%s.go", ruleName), "rules/rule.go.tmpl", meta)
-	generate(fmt.Sprintf("rules/awsrules/%s_test.go", ruleName), "rules/rule_test.go.tmpl", meta)
-}
-
-func generate(fileName string, tmplName string, meta *metadata) {
-	file, err := os.Create(fileName)
-	if err != nil {
-		panic(err)
-	}
-
-	tmpl := template.Must(template.ParseFiles(tmplName))
-	err = tmpl.Execute(file, meta)
-	if err != nil {
-		panic(err)
-	}
-
-	fmt.Printf("Create: %s\n", fileName)
-}
-
-func toCamelCase(str string) string {
-	exceptions := map[string]string{
-		"ami":         "AMI",
-		"db":          "DB",
-		"alb":         "ALB",
-		"elb":         "ELB",
-		"vpc":         "VPC",
-		"elasticache": "ElastiCache",
-		"iam":         "IAM",
-	}
-	for pattern, conv := range exceptions {
-		str = strings.Replace(str, "_"+pattern+"_", "_"+conv+"_", -1)
-		str = strings.Replace(str, pattern+"_", conv+"_", -1)
-		str = strings.Replace(str, "_"+pattern, "_"+conv, -1)
-	}
-	return strcase.ToCamel(str)
+	utils.GenerateFileWithLogs(fmt.Sprintf("rules/awsrules/%s.go", ruleName), "rules/rule.go.tmpl", meta)
+	utils.GenerateFileWithLogs(fmt.Sprintf("rules/awsrules/%s_test.go", ruleName), "rules/rule_test.go.tmpl", meta)
 }
diff --git a/tools/utils/main.go b/tools/utils/main.go
new file mode 100644
index 000000000..eeca58f47
--- /dev/null
+++ b/tools/utils/main.go
@@ -0,0 +1,51 @@
+package utils
+
+import (
+	"fmt"
+	"os"
+	"strings"
+	"text/template"
+
+	"github.com/iancoleman/strcase"
+)
+
+// ToCamel converts a string to CamelCase
+func ToCamel(str string) string {
+	exceptions := map[string]string{
+		"ami":         "AMI",
+		"api":         "API",
+		"db":          "DB",
+		"alb":         "ALB",
+		"elb":         "ELB",
+		"vpc":         "VPC",
+		"elasticache": "ElastiCache",
+		"iam":         "IAM",
+	}
+	for pattern, conv := range exceptions {
+		str = strings.Replace(str, "_"+pattern+"_", "_"+conv+"_", -1)
+		str = strings.Replace(str, pattern+"_", conv+"_", -1)
+		str = strings.Replace(str, "_"+pattern, "_"+conv, -1)
+	}
+	return strcase.ToCamel(str)
+}
+
+// GenerateFile generates a new file from the passed template and metadata
+func GenerateFile(fileName string, tmplName string, meta interface{}) {
+	file, err := os.Create(fileName)
+	if err != nil {
+		panic(err)
+	}
+
+	tmpl := template.Must(template.ParseFiles(tmplName))
+	err = tmpl.Execute(file, meta)
+	if err != nil {
+		panic(err)
+	}
+}
+
+// GenerateFileWithLogs generates a new file from the passed template and metadata
+// The difference from GenerateFile function is to output logs
+func GenerateFileWithLogs(fileName string, tmplName string, meta interface{}) {
+	GenerateFile(fileName, tmplName, meta)
+	fmt.Printf("Create: %s\n", fileName)
+}