#
#####################################
##           Gherkin               ##
#####################################
# Rule Identifier:
#    LAMBDA_CONCURRENCY_CHECK
#
# Description:
#    Checks whether the AWS Lambda function is configured with function-level concurrent execution limit.
#
# Reports on:
#    AWS::Lambda::Function
#
# Evaluates:
#    AWS CloudFormation
#
# Rule Parameters:
#    NA
#
# Scenarios:
# a) SKIP: when no AWS Lambda functions are present
# b) PASS: when all AWS Lambda functions are configured with function-level concurrent execution limits
# c) FAIL: when any AWS Lambda functions are not configured with function-level concurrent execution limits
# d) SKIP: hen metadata includes the suppression for rule LAMBDA_CONCURRENCY_CHECK

#
# Select all AWS Lambda Function resources from incoming template (payload)
#
let aws_lambda_functions_concurrency = Resources.*[ Type == 'AWS::Lambda::Function' 
  Metadata.guard.SuppressedRules not exists or
  Metadata.guard.SuppressedRules.* != "LAMBDA_CONCURRENCY_CHECK"
]

rule LAMBDA_CONCURRENCY_CHECK when %aws_lambda_functions_concurrency !empty {
  %aws_lambda_functions_concurrency.Properties.ReservedConcurrentExecutions >= 0
  <<
    Violation: All AWS Lambda Functions must have concurrent execution limits configured
    Fix: Set the ReservedConcurrentExecutions property to an integer greater than or equal to 0
  >>
}