Fix pattern anchor completion for partial Smithy patterns

bendrucker · bendrucker · commit 71da4daa74d5 · 2025-11-12T18:33:58.000-08:00
The Smithy models contain many incomplete patterns that are missing
anchors. The Ruby SDK generator added both ^ and $ anchors to ensure
patterns match entire strings, but used different strategies:

1. Patterns ending with quantifiers (* + ? {}) just need $
   Example: "^[a-z]*" → "^[a-z]*$"

2. Patterns ending with delimiters (: /) or literals need .*$
   Example: "^arn:" → "^arn:.*$" (matches "arn:aws:...")
   Example: "^s3://" → "^s3://.*$" (matches "s3://bucket/key")

3. Bare modifier patterns need .*$
   Example: "^(?s)" → "^(?s).*$" (matches any content in dotall mode)

This commit implements these heuristics to maintain backward
compatibility with the Ruby SDK generator, affecting ~20 patterns
across various AWS services.
diff --git a/rules/models/aws_amplify_app_invalid_basic_auth_credentials.go b/rules/models/aws_amplify_app_invalid_basic_auth_credentials.go
@@ -26,7 +26,7 @@ func NewAwsAmplifyAppInvalidBasicAuthCredentialsRule() *AwsAmplifyAppInvalidBasi
 		resourceType:  "aws_amplify_app",
 		attributeName: "basic_auth_credentials",
 		max:           2000,
-		pattern:       regexp.MustCompile(`^(?s)`),
+		pattern:       regexp.MustCompile(`^(?s).*$`),
 	}
 }
 
@@ -80,7 +80,7 @@ func (r *AwsAmplifyAppInvalidBasicAuthCredentialsRule) Check(runner tflint.Runne
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					`basic_auth_credentials does not match valid pattern ^(?s)`,
+					`basic_auth_credentials does not match valid pattern ^(?s).*$`,
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_amplify_app_invalid_description.go b/rules/models/aws_amplify_app_invalid_description.go
@@ -27,7 +27,7 @@ func NewAwsAmplifyAppInvalidDescriptionRule() *AwsAmplifyAppInvalidDescriptionRu
 		resourceType:  "aws_amplify_app",
 		attributeName: "description",
 		max:           1000,
-		pattern:       regexp.MustCompile(`^(?s)`),
+		pattern:       regexp.MustCompile(`^(?s).*$`),
 	}
 }
 
@@ -81,7 +81,7 @@ func (r *AwsAmplifyAppInvalidDescriptionRule) Check(runner tflint.Runner) error
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s)`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s).*$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_amplify_app_invalid_iam_service_role_arn.go b/rules/models/aws_amplify_app_invalid_iam_service_role_arn.go
@@ -27,7 +27,7 @@ func NewAwsAmplifyAppInvalidIAMServiceRoleArnRule() *AwsAmplifyAppInvalidIAMServ
 		resourceType:  "aws_amplify_app",
 		attributeName: "iam_service_role_arn",
 		max:           1000,
-		pattern:       regexp.MustCompile(`^(?s)`),
+		pattern:       regexp.MustCompile(`^(?s).*$`),
 	}
 }
 
@@ -81,7 +81,7 @@ func (r *AwsAmplifyAppInvalidIAMServiceRoleArnRule) Check(runner tflint.Runner)
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s)`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s).*$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_amplify_app_invalid_oauth_token.go b/rules/models/aws_amplify_app_invalid_oauth_token.go
@@ -26,7 +26,7 @@ func NewAwsAmplifyAppInvalidOAuthTokenRule() *AwsAmplifyAppInvalidOAuthTokenRule
 		resourceType:  "aws_amplify_app",
 		attributeName: "oauth_token",
 		max:           1000,
-		pattern:       regexp.MustCompile(`^(?s)`),
+		pattern:       regexp.MustCompile(`^(?s).*$`),
 	}
 }
 
@@ -80,7 +80,7 @@ func (r *AwsAmplifyAppInvalidOAuthTokenRule) Check(runner tflint.Runner) error {
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					`oauth_token does not match valid pattern ^(?s)`,
+					`oauth_token does not match valid pattern ^(?s).*$`,
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_amplify_app_invalid_repository.go b/rules/models/aws_amplify_app_invalid_repository.go
@@ -27,7 +27,7 @@ func NewAwsAmplifyAppInvalidRepositoryRule() *AwsAmplifyAppInvalidRepositoryRule
 		resourceType:  "aws_amplify_app",
 		attributeName: "repository",
 		max:           1000,
-		pattern:       regexp.MustCompile(`^(?s)`),
+		pattern:       regexp.MustCompile(`^(?s).*$`),
 	}
 }
 
@@ -81,7 +81,7 @@ func (r *AwsAmplifyAppInvalidRepositoryRule) Check(runner tflint.Runner) error {
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s)`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s).*$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_amplify_branch_invalid_backend_environment_arn.go b/rules/models/aws_amplify_branch_invalid_backend_environment_arn.go
@@ -27,7 +27,7 @@ func NewAwsAmplifyBranchInvalidBackendEnvironmentArnRule() *AwsAmplifyBranchInva
 		resourceType:  "aws_amplify_branch",
 		attributeName: "backend_environment_arn",
 		max:           1000,
-		pattern:       regexp.MustCompile(`^(?s)`),
+		pattern:       regexp.MustCompile(`^(?s).*$`),
 	}
 }
 
@@ -81,7 +81,7 @@ func (r *AwsAmplifyBranchInvalidBackendEnvironmentArnRule) Check(runner tflint.R
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s)`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s).*$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_amplify_branch_invalid_basic_auth_credentials.go b/rules/models/aws_amplify_branch_invalid_basic_auth_credentials.go
@@ -26,7 +26,7 @@ func NewAwsAmplifyBranchInvalidBasicAuthCredentialsRule() *AwsAmplifyBranchInval
 		resourceType:  "aws_amplify_branch",
 		attributeName: "basic_auth_credentials",
 		max:           2000,
-		pattern:       regexp.MustCompile(`^(?s)`),
+		pattern:       regexp.MustCompile(`^(?s).*$`),
 	}
 }
 
@@ -80,7 +80,7 @@ func (r *AwsAmplifyBranchInvalidBasicAuthCredentialsRule) Check(runner tflint.Ru
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					`basic_auth_credentials does not match valid pattern ^(?s)`,
+					`basic_auth_credentials does not match valid pattern ^(?s).*$`,
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_amplify_branch_invalid_description.go b/rules/models/aws_amplify_branch_invalid_description.go
@@ -27,7 +27,7 @@ func NewAwsAmplifyBranchInvalidDescriptionRule() *AwsAmplifyBranchInvalidDescrip
 		resourceType:  "aws_amplify_branch",
 		attributeName: "description",
 		max:           1000,
-		pattern:       regexp.MustCompile(`^(?s)`),
+		pattern:       regexp.MustCompile(`^(?s).*$`),
 	}
 }
 
@@ -81,7 +81,7 @@ func (r *AwsAmplifyBranchInvalidDescriptionRule) Check(runner tflint.Runner) err
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s)`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s).*$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_amplify_branch_invalid_display_name.go b/rules/models/aws_amplify_branch_invalid_display_name.go
@@ -27,7 +27,7 @@ func NewAwsAmplifyBranchInvalidDisplayNameRule() *AwsAmplifyBranchInvalidDisplay
 		resourceType:  "aws_amplify_branch",
 		attributeName: "display_name",
 		max:           255,
-		pattern:       regexp.MustCompile(`^(?s)`),
+		pattern:       regexp.MustCompile(`^(?s).*$`),
 	}
 }
 
@@ -81,7 +81,7 @@ func (r *AwsAmplifyBranchInvalidDisplayNameRule) Check(runner tflint.Runner) err
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s)`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s).*$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_amplify_branch_invalid_framework.go b/rules/models/aws_amplify_branch_invalid_framework.go
@@ -27,7 +27,7 @@ func NewAwsAmplifyBranchInvalidFrameworkRule() *AwsAmplifyBranchInvalidFramework
 		resourceType:  "aws_amplify_branch",
 		attributeName: "framework",
 		max:           255,
-		pattern:       regexp.MustCompile(`^(?s)`),
+		pattern:       regexp.MustCompile(`^(?s).*$`),
 	}
 }
 
@@ -81,7 +81,7 @@ func (r *AwsAmplifyBranchInvalidFrameworkRule) Check(runner tflint.Runner) error
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s)`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s).*$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_amplify_branch_invalid_pull_request_environment_name.go b/rules/models/aws_amplify_branch_invalid_pull_request_environment_name.go
@@ -27,7 +27,7 @@ func NewAwsAmplifyBranchInvalidPullRequestEnvironmentNameRule() *AwsAmplifyBranc
 		resourceType:  "aws_amplify_branch",
 		attributeName: "pull_request_environment_name",
 		max:           20,
-		pattern:       regexp.MustCompile(`^(?s)`),
+		pattern:       regexp.MustCompile(`^(?s).*$`),
 	}
 }
 
@@ -81,7 +81,7 @@ func (r *AwsAmplifyBranchInvalidPullRequestEnvironmentNameRule) Check(runner tfl
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s)`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s).*$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_amplify_webhook_invalid_description.go b/rules/models/aws_amplify_webhook_invalid_description.go
@@ -27,7 +27,7 @@ func NewAwsAmplifyWebhookInvalidDescriptionRule() *AwsAmplifyWebhookInvalidDescr
 		resourceType:  "aws_amplify_webhook",
 		attributeName: "description",
 		max:           1000,
-		pattern:       regexp.MustCompile(`^(?s)`),
+		pattern:       regexp.MustCompile(`^(?s).*$`),
 	}
 }
 
@@ -81,7 +81,7 @@ func (r *AwsAmplifyWebhookInvalidDescriptionRule) Check(runner tflint.Runner) er
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s)`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s).*$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_cloudwatch_metric_alarm_invalid_namespace.go b/rules/models/aws_cloudwatch_metric_alarm_invalid_namespace.go
@@ -29,7 +29,7 @@ func NewAwsCloudwatchMetricAlarmInvalidNamespaceRule() *AwsCloudwatchMetricAlarm
 		attributeName: "namespace",
 		max:           255,
 		min:           1,
-		pattern:       regexp.MustCompile(`^[^:]`),
+		pattern:       regexp.MustCompile(`^[^:].*$`),
 	}
 }
 
@@ -90,7 +90,7 @@ func (r *AwsCloudwatchMetricAlarmInvalidNamespaceRule) Check(runner tflint.Runne
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[^:]`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^[^:].*$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_cloudwatch_metric_alarm_invalid_namespace_test.go b/rules/models/aws_cloudwatch_metric_alarm_invalid_namespace_test.go
@@ -24,7 +24,7 @@ resource "aws_cloudwatch_metric_alarm" "foo" {
 			Expected: helper.Issues{
 				{
 					Rule:    NewAwsCloudwatchMetricAlarmInvalidNamespaceRule(),
-					Message: fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(":EC2"), `^[^:]`),
+					Message: fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(":EC2"), `^[^:].*$`),
 				},
 			},
 		},
diff --git a/rules/models/aws_config_conformance_pack_invalid_template_s3_uri.go b/rules/models/aws_config_conformance_pack_invalid_template_s3_uri.go
@@ -29,7 +29,7 @@ func NewAwsConfigConformancePackInvalidTemplateS3URIRule() *AwsConfigConformance
 		attributeName: "template_s3_uri",
 		max:           1024,
 		min:           1,
-		pattern:       regexp.MustCompile(`^s3://`),
+		pattern:       regexp.MustCompile(`^s3://.*$`),
 	}
 }
 
@@ -90,7 +90,7 @@ func (r *AwsConfigConformancePackInvalidTemplateS3URIRule) Check(runner tflint.R
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^s3://`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^s3://.*$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_config_organization_conformance_pack_invalid_template_s3_uri.go b/rules/models/aws_config_organization_conformance_pack_invalid_template_s3_uri.go
@@ -29,7 +29,7 @@ func NewAwsConfigOrganizationConformancePackInvalidTemplateS3URIRule() *AwsConfi
 		attributeName: "template_s3_uri",
 		max:           1024,
 		min:           1,
-		pattern:       regexp.MustCompile(`^s3://`),
+		pattern:       regexp.MustCompile(`^s3://.*$`),
 	}
 }
 
@@ -90,7 +90,7 @@ func (r *AwsConfigOrganizationConformancePackInvalidTemplateS3URIRule) Check(run
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^s3://`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^s3://.*$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_kinesisanalyticsv2_application_invalid_service_execution_role.go b/rules/models/aws_kinesisanalyticsv2_application_invalid_service_execution_role.go
@@ -29,7 +29,7 @@ func NewAwsKinesisanalyticsv2ApplicationInvalidServiceExecutionRoleRule() *AwsKi
 		attributeName: "service_execution_role",
 		max:           2048,
 		min:           1,
-		pattern:       regexp.MustCompile(`^arn:`),
+		pattern:       regexp.MustCompile(`^arn:.*$`),
 	}
 }
 
@@ -90,7 +90,7 @@ func (r *AwsKinesisanalyticsv2ApplicationInvalidServiceExecutionRoleRule) Check(
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:.*$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_networkfirewall_firewall_invalid_firewall_policy_arn.go b/rules/models/aws_networkfirewall_firewall_invalid_firewall_policy_arn.go
@@ -29,7 +29,7 @@ func NewAwsNetworkfirewallFirewallInvalidFirewallPolicyArnRule() *AwsNetworkfire
 		attributeName: "firewall_policy_arn",
 		max:           256,
 		min:           1,
-		pattern:       regexp.MustCompile(`^arn:aws`),
+		pattern:       regexp.MustCompile(`^arn:aws.*$`),
 	}
 }
 
@@ -90,7 +90,7 @@ func (r *AwsNetworkfirewallFirewallInvalidFirewallPolicyArnRule) Check(runner tf
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:aws`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:aws.*$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_networkfirewall_logging_configuration_invalid_firewall_arn.go b/rules/models/aws_networkfirewall_logging_configuration_invalid_firewall_arn.go
@@ -29,7 +29,7 @@ func NewAwsNetworkfirewallLoggingConfigurationInvalidFirewallArnRule() *AwsNetwo
 		attributeName: "firewall_arn",
 		max:           256,
 		min:           1,
-		pattern:       regexp.MustCompile(`^arn:aws`),
+		pattern:       regexp.MustCompile(`^arn:aws.*$`),
 	}
 }
 
@@ -90,7 +90,7 @@ func (r *AwsNetworkfirewallLoggingConfigurationInvalidFirewallArnRule) Check(run
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:aws`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:aws.*$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_networkfirewall_resource_policy_invalid_resource_arn.go b/rules/models/aws_networkfirewall_resource_policy_invalid_resource_arn.go
@@ -29,7 +29,7 @@ func NewAwsNetworkfirewallResourcePolicyInvalidResourceArnRule() *AwsNetworkfire
 		attributeName: "resource_arn",
 		max:           256,
 		min:           1,
-		pattern:       regexp.MustCompile(`^arn:aws`),
+		pattern:       regexp.MustCompile(`^arn:aws.*$`),
 	}
 }
 
@@ -90,7 +90,7 @@ func (r *AwsNetworkfirewallResourcePolicyInvalidResourceArnRule) Check(runner tf
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:aws`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:aws.*$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/aws_shield_protection_invalid_resource_arn.go b/rules/models/aws_shield_protection_invalid_resource_arn.go
@@ -29,7 +29,7 @@ func NewAwsShieldProtectionInvalidResourceArnRule() *AwsShieldProtectionInvalidR
 		attributeName: "resource_arn",
 		max:           2048,
 		min:           1,
-		pattern:       regexp.MustCompile(`^arn:aws`),
+		pattern:       regexp.MustCompile(`^arn:aws.*$`),
 	}
 }
 
@@ -90,7 +90,7 @@ func (r *AwsShieldProtectionInvalidResourceArnRule) Check(runner tflint.Runner)
 			if !r.pattern.MatchString(val) {
 				runner.EmitIssue(
 					r,
-					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:aws`),
+					fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^arn:aws.*$`),
 					attribute.Expr.Range(),
 				)
 			}
diff --git a/rules/models/generator/rule.go b/rules/models/generator/rule.go

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ func NewAwsAmplifyAppInvalidBasicAuthCredentialsRule() *AwsAmplifyAppInvalidBasi`
`26`	`26`	`resourceType: "aws_amplify_app",`
`27`	`27`	`attributeName: "basic_auth_credentials",`
`28`	`28`	`max: 2000,`
`29`		- pattern: regexp.MustCompile(`^(?s)`),
	`29`	+ pattern: regexp.MustCompile(`^(?s).*$`),
`30`	`30`	`}`
`31`	`31`	`}`
`32`	`32`
`@@ -80,7 +80,7 @@ func (r *AwsAmplifyAppInvalidBasicAuthCredentialsRule) Check(runner tflint.Runne`
`80`	`80`	`if !r.pattern.MatchString(val) {`
`81`	`81`	`runner.EmitIssue(`
`82`	`82`	`r,`
`83`		- `basic_auth_credentials does not match valid pattern ^(?s)`,
	`83`	+ `basic_auth_credentials does not match valid pattern ^(?s).*$`,
`84`	`84`	`attribute.Expr.Range(),`
`85`	`85`	`)`
`86`	`86`	`}`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ func NewAwsAmplifyAppInvalidDescriptionRule() *AwsAmplifyAppInvalidDescriptionRu`
`27`	`27`	`resourceType: "aws_amplify_app",`
`28`	`28`	`attributeName: "description",`
`29`	`29`	`max: 1000,`
`30`		- pattern: regexp.MustCompile(`^(?s)`),
	`30`	+ pattern: regexp.MustCompile(`^(?s).*$`),
`31`	`31`	`}`
`32`	`32`	`}`
`33`	`33`
`@@ -81,7 +81,7 @@ func (r *AwsAmplifyAppInvalidDescriptionRule) Check(runner tflint.Runner) error`
`81`	`81`	`if !r.pattern.MatchString(val) {`
`82`	`82`	`runner.EmitIssue(`
`83`	`83`	`r,`
`84`		- fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s)`),
	`84`	+ fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s).*$`),
`85`	`85`	`attribute.Expr.Range(),`
`86`	`86`	`)`
`87`	`87`	`}`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ func NewAwsAmplifyBranchInvalidBackendEnvironmentArnRule() *AwsAmplifyBranchInva`
`27`	`27`	`resourceType: "aws_amplify_branch",`
`28`	`28`	`attributeName: "backend_environment_arn",`
`29`	`29`	`max: 1000,`
`30`		- pattern: regexp.MustCompile(`^(?s)`),
	`30`	+ pattern: regexp.MustCompile(`^(?s).*$`),
`31`	`31`	`}`
`32`	`32`	`}`
`33`	`33`
`@@ -81,7 +81,7 @@ func (r *AwsAmplifyBranchInvalidBackendEnvironmentArnRule) Check(runner tflint.R`
`81`	`81`	`if !r.pattern.MatchString(val) {`
`82`	`82`	`runner.EmitIssue(`
`83`	`83`	`r,`
`84`		- fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s)`),
	`84`	+ fmt.Sprintf(`"%s" does not match valid pattern %s`, truncateLongMessage(val), `^(?s).*$`),
`85`	`85`	`attribute.Expr.Range(),`
`86`	`86`	`)`
`87`	`87`	`}`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ func NewAwsAmplifyBranchInvalidBasicAuthCredentialsRule() *AwsAmplifyBranchInval`
`26`	`26`	`resourceType: "aws_amplify_branch",`
`27`	`27`	`attributeName: "basic_auth_credentials",`
`28`	`28`	`max: 2000,`
`29`		- pattern: regexp.MustCompile(`^(?s)`),
	`29`	+ pattern: regexp.MustCompile(`^(?s).*$`),
`30`	`30`	`}`
`31`	`31`	`}`
`32`	`32`
`@@ -80,7 +80,7 @@ func (r *AwsAmplifyBranchInvalidBasicAuthCredentialsRule) Check(runner tflint.Ru`
`80`	`80`	`if !r.pattern.MatchString(val) {`
`81`	`81`	`runner.EmitIssue(`
`82`	`82`	`r,`
`83`		- `basic_auth_credentials does not match valid pattern ^(?s)`,
	`83`	+ `basic_auth_credentials does not match valid pattern ^(?s).*$`,
`84`	`84`	`attribute.Expr.Range(),`
`85`	`85`	`)`
`86`	`86`	`}`