E2004 issue with AWS::SSM::Parameter::Value<String> Parameters

[jordan-evans]

cfn-lint version: (cfn-lint --version)
0.33.0

Description of issue.
When using an SSM paramter store lookup to get a CIDR Range to use in a Security group, cfn-lint raised an E2004 error.

Parameters:
  VpcID:
    Description: ID of VPC
    Type: "AWS::SSM::Parameter::Value<String>"
    Default: VpcId
    AllowedValues:
      - VpcId

  VpcCidrRange:
    Description: CIDR range of VPC
    Type: "AWS::SSM::Parameter::Value<String>"
    Default: VpcCIDRRange
    AllowedValues:
      - VpcCIDRRange

Resources:
  SecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Allow HTTP egress
      VpcId: !Ref VpcID
      SecurityGroupEgress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: !Ref VpcCidrRange

Error is E2004 Cidr should be a Cidr Range based string for VpcCIDRRange product.template.yaml:9:3

If I'm not misunderstanding, cfn-lint seems to be complaining that the String VpcCIDRRange is not a valid CIDR, where in fact during runtime CloudFormation will lookup the value of VpcCIDRRange in SSM Parameter Store and use that instead.

I guess a sensible approach here would be to disable E2004 for parameters that have a type of AWS::SSM::Parameter::Value<String> maybe?

[PatMyron]

Good catch, this file will need to be updated:
https://github.com/aws-cloudformation/cfn-python-lint/blob/fe0af928a4ab26a6cedfd76564a26c9a4120b14f/src/cfnlint/rules/parameters/CidrAllowedValues.py#L14