Questions tagged [amazon-cloudformation]

1

votes
2

answer
2.2k

Views

What does “!Sub |” mean in AWS UserData field with YAML syntax?

In this example from AWS docs we have a UserData field that allows a multiline string, using the following syntax: UserData: Fn::Base64: !Sub | #!/bin/bash -xe yum update -y aws-cfn-bootstrap /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfig --region ${AWS::Region} /opt/aws/...
sashoalm
0

votes
0

answer
2

Views

How to pass a role to cli command “aws cloudformation deploy” or “sam deploy”?

I am creating a cloudformation stack using a SAM template and the CLI. I have successfully done this using an account that gets all the required permissions from policies directly attached to it. It's poor security practice to give this account all these permissions so I've created a role with the s...
Harfel Jaquez
1

votes
1

answer
346

Views

Using Ref for Resource in Step function inside cloudformation template

I have a step function inside cloudformation. The cloudformation stack also create Lambdas which i will use as resource in step function. I have something like TestLambda: Type: 'AWS::Lambda::Function' Properties: Handler: 'test_lambda.lambda_handler' Role: 'arn:aws:iam::1234342334:role/Lambda' Code...
Anandan
1

votes
1

answer
530

Views

How to use importValue and join in Cloudformation

I have a stack which depends on a value which is exported in a different stack (value is supertest) I try to use it as below OriginAccessIdentity: !Join [ '', [ 'origin-access-identity/cloudfront/', !ImportValue: !Sub 'supertest-${Environment}' ] ] But I got a syntax error while this works (hardcodi...
mealesbia
1

votes
1

answer
301

Views

Cloudformation LaunchTemplate referencing IamInstanceProfile fails to create

I am trying to create a LaunchTemplate, which references an IamInstanceProfile, in my Cloudformation stack. Here is the code- i have omitted the irrelevant parts: ... Resources: ServerLaunchTemplate: Type: 'AWS::EC2::LaunchTemplate' Properties: LaunchTemplateData: InstanceType: !Ref InstanceType Sec...
1

votes
1

answer
52

Views

Tool to track SQL schema like infrastructure as code?

I have been using AWS Cloudformation and Terraform to manage cloud infrastructure as code (IAC). The benefits are obvious. 1) Template file to concisely describe your infrastructure 2) Versioning 3) Rollbacks I also have a PostgreSQL DB where I can dump the schema into a single file. Now, it would b...
Jon Vogel
1

votes
2

answer
29

Views

Reference resource in CloudFormation template in inline code property of a Lambda function

I have a CloudFormation template that has a Lambda function resource that is triggered by a CloudWatch event when a new AMI is registered. In the Lambda resource block, I pass my inline code in the Code property. The function triggers an SSM automation document execution if the AMI id is the desired...
dmn0972
0

votes
0

answer
5

Views
1

votes
1

answer
368

Views

AWS Nested Stacks - Referencing a Parent Stack's Resource

I'm trying to pass resources (ApiGatewayRestApi and a custom authorizer) to a nested stack through stack parameters, however, they continually fail with Embedded stack was not successfully created: The following resource(s) failed to create. Here's my set up in Serverless: Parent Stack { ... 'Neste...
Justin Kruse
1

votes
1

answer
126

Views

CAPABILITY_NAMED_IAM using cloud9

I am trying to do all my dev work using cloud9 template for serverless apps It complains that i don't have CAPABILITY_NAMED_IAM due to the fact that I am creating a role. How do I edit cloud9 deploy defaults to include CAPABILITY_NAMED_IAM?
andrew shved
1

votes
0

answer
430

Views

AWS Cloudformation DynamoDB Alarms

I am unable to properly create/link a CloudWatch alarm with a DynamoDB Table using CloudFormation. DynamoDBTable: Type: AWS::DynamoDB::Table Properties: AttributeDefinitions: - AttributeName: 'Bucket' AttributeType: 'S' - AttributeName: 'Key' AttributeType: 'S' - AttributeName: 'IngestedDate' Attri...
Alessandroempire
1

votes
2

answer
382

Views

AWS Cloud Formation - Requested configuration not supported AWS::EC2::Instance

I am getting below error on one of my cloud formation template - 13:00:10 UTC+0550 CREATE_FAILED AWS::EC2::Instance WebApplicationServer The requested configuration is currently not supported. Please check the documentation for supported configurations. My CloudFormation template is - { 'AWST...
Jeet
1

votes
0

answer
329

Views

How to pass a variable or resolver as an argument to a hook in Sceptre?

I'm trying to use one of the outputs of my CloudFormation template as a parameter to a !cmd hook - e.g. hooks: after_create: - !cmd 'echo {{ value of cloudformation output }}' Is there a way to do this?
Scott Odle
1

votes
0

answer
39

Views

AWS architecture Account migration strategy

I will soon be asked to migrated an AWS architecture, including instances' content and DB records from one AWS account to another and I would like to hear from you all how would you define a possible strategy to tackle it: Say we have 2 AWS accounts (A1, A2). A1 was used as Proof of Concept to decid...
user3665949
1

votes
0

answer
78

Views

Custom domain name for api , domain already exists in the stack

I want to create a custom api for my gateway I'm following this tutorial , https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html I pre createed my certificate and assigned it a domain in my stack myDomainName: Type: AWS::ApiGateway::DomainName Proper...
Shachaf.Gortler
1

votes
1

answer
406

Views

How to add cognito user pool authorizer to Lambda Proxy integration in Cloud Formation Template?

I have the following cloud formation JSON template. This template is the default template provided by AWS for C#(Dotnet) Web API Lambda proxy integration. { 'AWSTemplateFormatVersion' : '2010-09-09', 'Transform' : 'AWS::Serverless-2016-10-31', 'Description' : 'An AWS Serverless Application that use...
Deepan Cool
1

votes
0

answer
575

Views

aws Lambda Deployment automation using git,codepipeline,codebuild and cloudformation

I am Creating CI/CD pipeline for lambda deployment,i am using Git->Codebuild-> aws cloudfromation->lambda using codepipline ,even after successful build my buildspec.yaml not able to generate proper samTemplate containing proper CodeUri and i am getting error Unable to upload artifact ./ referenced...
Mayur
1

votes
0

answer
84

Views

How to set log metric name in cloudformation

I am creating a log metric with cloudformation using the following entry which works. MetricFilter: Type: 'AWS::Logs::MetricFilter' Properties: LogGroupName: 'Services' FilterPattern: 'ERROR There was an error' MetricTransformations: - MetricValue: '1' MetricNamespace: 'AlarmTest' MetricName: 'Error...
JaChNo
1

votes
1

answer
334

Views

How to integrate CloudFront distribution to AWS WAF by using CloudFormation?

I am trying to add CloudFront distribution to AWS WAF by using CloudFormation and have tried this, 'Type': 'AWS::WAFRegional::WebACLAssociation', 'Properties': { 'ResourceArn': 'arn:aws:cloudfront::AccountID:distribution/CloudFrontID', 'WebACLId': { 'Ref': 'WebACLName' } But I ended up with this err...
ch vamsi krishna
1

votes
1

answer
671

Views

AWS CloudFormation Fn::Join - escape double quotes

I have the following code: (I have simplified the actual problem for brevity) Fn::Join: - '' - - '[ {\'Key1\': \'A\'' - '}]' The result is coming out with out the double quote being escaped. The result is: '[ {\'Key1\': \'A\'}]' If I remove the backslashes, I get an error that it is not a well for...
SanityCheck
1

votes
0

answer
507

Views

set existing KMS to s3 as default encryption using cloudformation

when I set SSE-KMS Encryption using cloudformation, they set the KMS key as Custom KMS ARN, but what I want is select existing KMS key with her ID. here is my template Type: 'AWS::S3::Bucket' Properties: BucketName: totoKMS BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionB...
M. Mourad
1

votes
1

answer
887

Views

Why does API Gateway not have permissions for my Authorizer lambda when using Swagger?

I have an API defined using Swagger, which defines the following API Key authorizer: securityDefinitions: api_key: type: apiKey name: x-api-key in: header x-amazon-apigateway-authtype: 'oauth2' x-amazon-apigateway-authorizer: type: token authorizerUri: arn:aws:apigateway:eu-west-1:lambda:path/2015-0...
devrobf
1

votes
0

answer
324

Views

Cloudformation S3 BucketEncryption property intermittent fail

I am deploying a CloudFormation stack with an AWS::S3::Bucket resource that has been failing intermittently ever since I added the BucketEncryption property. The errors I'm getting are as follows: 09:27:53 UTC-0500 CREATE_FAILED AWS::S3::Bucket S3Bucket A conflicting conditional operation...
D Swartz
1

votes
1

answer
482

Views

Encountered unsupported property EBS

I'm having some issues with a Cloudformation Template where when I attempt to roll it out it keeps failing on the instance creation prompting the error ' Encountered unsupported property EBS' which in turn causes a rollback. I find this quite interesting because I appear to have all of the necessary...
studentneedshelp
1

votes
0

answer
110

Views

Mysql install issue in cloudformation json template

I have setup the codedeploy agent on my system and am looking to install all the user data from my cloudformation template while creating the ec2 instance. I access the EC2 instance by ssh and navigate to the \home\ubuntu folder. Now while installing mysql on ubuntu, a prompt appears to enter the pa...
Aditya
1

votes
0

answer
139

Views

In YAML template validation fails to recognize “try”

Code: DEBUG_MODE = True # Manually change when debugging try: CFN_CLIENT = boto3.client('cloudformation') except Exception as error: print('Error creating boto3.client, error text follows:\n%s' % error) raise Exception(error) Question: Template validation error: Template format error: YAML not well...
AAserver
1

votes
2

answer
687

Views

Incorrect S3 bucket policy is detected for bucket in CloudFormation

I have issues implementing CloudTrail via Cloudformation, with a Incorrect S3 bucket policy is detected for bucket error being thrown when I try to launch the model. Here is the configuration from the BucketPolicy: 'LogBucketPolicy': { 'Type': 'AWS::S3::BucketPolicy', 'Properties': { 'Bucket': { 'Re...
Adrien Merlier
1

votes
1

answer
78

Views

How to suppress default outputs on serverless cloudformation yml?

I'm using serverless-stack-output to save my serverless output to a file with some custom values that I setup. Works well, but serverless has some other default outputs such as these: FunctionQualifiedArn (one for each function) ServiceEndpoint ServerlessDeploymentBucketName I don't want these to s...
raphadko
1

votes
1

answer
107

Views

CloudFormation Cyclic dependency

I am creating a KMS key using a CloudFormation template which is then used to create an IAM role in another template since it references the KMS key. The stack that creates the KMS key needs to be updated to add the IAM role to the KMS key policy. The KMS policy cannot be set on creation since the I...
Namita Modak
1

votes
1

answer
242

Views

WebServerHost No default VPC for this user

Im currently trying to launch Cloudwatch and all Alarms from Cloudformation, im using the default template from amazon https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-cloudwatchlogs.html Im struggeling at this point WebServerHost: Type: AWS::EC2::Instance Metadata: Comme...
RedXIII
1

votes
0

answer
23

Views

Enable AWS Management Console in AWS Directory Service SimpleAD Programmatically

I am trying to automate the deployment of an AWS Directory Service SimpleAD using CloudFormation. I would like to enable access to the AWS Management Console programmatically via CloudFormation or API calls. I've spent quite some time going through the relative AWS documentation, but all I could fin...
Riccardo
1

votes
1

answer
427

Views

Sort output of aws-cli ec2 describe-instances by Hostrecord (Route53::RecordSet)

Currently i use the following command to get all instance id's from my stack in json format: aws ec2 describe-instances --query Reservations[*].Instances[*].InstanceId[] --filters Name=tag-key,Values=aws:cloudformation:stack-name Name=tag-value,Values=Stack-Name-XYZ --output=json This command works...
ErikWe
1

votes
1

answer
119

Views

AWS CloudFormation template: using conditions to scope

I am attempting to use conditions to scope a resource in a CloudFormation template but am having no luck. I attempted to use 'Deny: NotPrincipal' as shown below but that action is not allowed due to an error 'Policy document should not specify a principal'. Any suggestions on how to scope ec2:CopyI...
Cr00t
1

votes
1

answer
221

Views

UserData giving timeout error while accessing s3 bucket

I am trying to access an object from S3 public bucket but I am getting below error while executing my Cfn-init helper script: ConnectionError Traceback (most recent call last): File 'cfnbootstrap\util.pyc', line 162, in _retry File 'cfnbootstrap\util.pyc', line 234, in _timeout ConnectionError: ('Co...
14578446
1

votes
0

answer
133

Views

Cloud Formation : Docker Swarm Mode on AWS

Question : How do you bind and access a volume in your docker-compose once you are inside Manager Instance created by Cloud Formation? My Problem: My docker-compose.yml file is such that I need to bind an external Django Project Code with the services/containers which will be created by the stack bu...
Naitik Shah
1

votes
0

answer
26

Views

AWS Cloudformation EC2: reexecute Init

We use AWS::CloudFormation::Init: to write configs and do some commands at startup time. This works okay for us. But if we update that part (add a command, or edit a file) this isn't executed again when we update the stack. Only when we delete and recreate the stack. What is the recommended way to...
DenCowboy
1

votes
1

answer
242

Views

connect existing EC2 from lambda python boto api using IAM role

I want to connect SSH existing EC2 and execute command from lambda python(boto) code without using pem key and anything. Need to connect using IAM role. is there any way?
Nizamudeen
1

votes
1

answer
196

Views

Deploying an AWS CodeStar project on a different account

AWS CodeStar lets you spin up CodePipelines and CodeCommit repos to support your project. If I want to build a project in CodeStar and then take the resultant package, how can I deploy that package into another account? For example, the basic 'Python Web Service Lambda' CodeStar template generated t...
1

votes
0

answer
24

Views

Subnets creation Based on Availability Zones

AWS Using Cloud Formation Template(CFT)Depending on Azs Subnets should be created and should get CIDR range also automatically. Single CFT should work this. For Ex: if a region has 3 Azs it should create 3 subnets or if it has 2 Azs it should create 2 subnets
mohd
1

votes
0

answer
148

Views

CloudFormation stack gives “API: s3:GetObject Access Denied”

I'm having issues deploying CF-stack when used in combination with a S3 bucket. The S3 bucket contains a swagger definition that API Gateway needs to access. My S3 bucket has a bucket policy that contains an IP-filter, along these lines: { 'Version': '2008-10-17', 'Statement': [ { 'Sid': 'IpFilter',...
Daniel

View additional questions