I am trying to create an AWS cloudformation stack using a yaml template. The goal is to create a sns topic for some notifications. I want to output the topic arn, to be able to subscribe multiple functions to that topic by just specifying the topic arn.
However I am getting an error when I try to create the stack from the aws console:
"Template validation error: Template error: resource NotificationsTopic does not support attribute type Arn in Fn::GetAtt"
I have done exactly the same for s3 buckets, dynamodb tables, and all working good, but for some reason, with SNS topic I cannot get the ARN.
I want to avoid hardcoding the topic arn in all functions that are subscribed. Because if one day the the ARN topic changes, I'll need to change all functions, instead I want to import the topic arn in all functions and use it. This way I will have to modify nothing if for any reason I have a new arn topic in the future.
This is the template:
Parameters: stage: Type: String Default: dev AllowedValues: - dev - int - uat - prod Resources: NotificationsTopic: Type: AWS::SNS::Topic Properties: DisplayName: !Sub 'notifications-${stage}' Subscription: - SNS Subscription TopicName: !Sub 'notifications-${stage}' Outputs: NotificationsTopicArn: Description: The notifications topic Arn. Value: !GetAtt NotificationsTopic.Arn Export: Name: !Sub '${AWS::StackName}-NotificationsTopicArn' NotificationsTopicName: Description: Notifications topic name. Value: !Sub 'notifications-${stage}' Export: Name: !Sub '${AWS::StackName}-NotificationsTopicName'
If it isn't, CloudFormation checks if the template is valid YAML. If both checks fail, CloudFormation returns a template validation error. You can validate templates locally by using the --template-body parameter, or remotely with the --template-url parameter.
The Fn::GetAtt intrinsic function returns the value of an attribute from a resource in the template. For more information about GetAtt return values for a particular resource, refer to the documentation for that resource in the Resource and property reference.
GetAtt is essentially the same as the 2nd function of Ref above, it also returns an attribute of the resource that you created within your resource, but while ref returns only a default attribute, GetAtt allows you to choose from different attributes to return.
You can use the AWS Command Line Interface (AWS CLI) instead of the AWS CloudFormation console to resolve this error for templates using: To resolve this error for conditional resources, make sure that the condition specified under the condition key evaluates to true for the resource being imported.
The aws cloudformation validate-template command is designed to check only the syntax of your template. It does not ensure that the property values that you have specified for a resource are valid for that resource. Nor does it determine the number of resources that will exist when the stack is created.
To check your template file for syntax errors, you can use the aws cloudformation validate-template command. The aws cloudformation validate-template command is designed to check only the syntax of your template. It does not ensure that the property values that you have specified for a resource are valid for that resource.
Fn::Transform. The AWS CloudFormation console doesn't support the use of the intrinsic function Fn::Transform when importing resources. You can use the AWS Command Line Interface (AWS CLI) instead of the AWS CloudFormation console to resolve this error for templates using:
Not all resources are the same. Always check the documentation for the particular resource. It has the "Return Values" section and you can easily verify that SNS topic has ARN as a Ref
value, so you don't have to use GetAtt
function
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sns-topic.html
Edit: Thanks for the comment which points out that not every resource provides its ARN. A notable example is the Autoscaling group. Sure, the key thing in my answer was "check the documentation for each resource", this is an example that not every resource has every attribute. Having said that, ARN missing for the ASG output is a really strange thing. It cannot be also constructed easily, because the ARN also contains GroupId which is a random hash. There is probably some effort to solve this at least for the use-case of ECS Capacity Providers https://github.com/aws-cloudformation/aws-cloudformation-coverage-roadmap/issues/548 and https://github.com/aws/containers-roadmap/issues/631#issuecomment-648377011 but I think that is is an significant enough issue that it should be mentioned here.
For resources that don't directly return ARN, I found a workaround which consists of building the ARN myself.
For instance, to get the ARN of my codepipeline:
!Join [ ':', [ "arn:aws:codepipeline", !Ref AWS::Region, !Ref AWS::AccountId, !Ref StackDeletePipeline ] ]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With