Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CloudFormation - reference resource as default value for Parameter

Tags:

amazon-web-services

amazon-cloudformation

I have a parameter "SecretKey" and I want to provide a default value to it (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html) and the default value would be a generated random string. I already have a lambda function to do the generation of the key and a custom resource (call it RandomSecretKey) to get the value. Ultimately, I want to be able to do this in the parameters section:

"SecretKey": {
... "Default": { "Fn::GetAtt": ["RandomSecretKey", "Value"] } }

And this parameter would be referenced somewhere.

But this doesn't work because CloudFormation expects a static String based on the error message. Is there a way to do this?

like image 336
BPm Avatar asked Feb 04 '16 22:02

BPm

People also ask

How do you reference parameters in CloudFormation?

You use the Ref intrinsic function to reference a parameter, and AWS CloudFormation uses the parameter's value to provision the stack. You can reference parameters from the Resources and Outputs sections of the same template.

What is FN :: GetAtt in CloudFormation?

The Fn::GetAtt intrinsic function returns the value of an attribute from a resource in the template. For more information about GetAtt return values for a particular resource, refer to the documentation for that resource in the Resource and property reference.

How do you reference existing resources in CloudFormation?

To import existing resources into a CloudFormation stack, you need to provide: A template that describes the entire stack, including both the resources to import and (for existing stacks) the resources that are already part of the stack. Each resource to import must have a DeletionPolicy attribute in the template.

What is pseudo parameter in AWS CloudFormation?

Pseudo parameters are parameters that are predefined by AWS CloudFormation. You don't declare them in your template. Use them the same way as you would a parameter, as the argument for the Ref function.

1 Answers

No. It's not possible to have a dynamic default value for CloudFormation. The reason being that the template has not executed at all at the time that parameters are being collected.

If you want this to be a parameter, your generated value will have to be generated outside of the template and passed into the template as a parameter. You could do this from a bootstrapping creation script.

Alternatively, you should be able to use a Custom Resource in your template to generate your random secret key. It should be able to persist through stack updates.

References:

  • Custom Resources Docs - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html
  • Custom Resources Example - https://blogs.aws.amazon.com/application-management/post/Tx2FNAPE4YGYSRV/Customers-CloudFormation-and-Custom-Resources
like image 176
Matt Houser Avatar answered Oct 07 '22 13:10

Matt Houser
Sign in to Comment

Related questions

Boto connect_xxx method and connection pools
AWS : What's the difference between Simple Workflow Service and Data Pipeline?
"Reset" Amazon EC2 server
Does boto3 have a credential cache comparable to awscli?
AWS Cloudformation Template - Set Region in S3 Bucket
Exporting a AWS Postgres RDS Table to AWS S3
Partition Kinesis firehose S3 records by event time
How do I use `aws ecr get-login` with MFA enforcement enabled?
How to set object key-values in AWS API Gateway Mapping Template
How can I convert Amazon Transcribe json response to a caption format (srt, webvvt, etc)?
Code build is failed with Error while executing command: npm install. Reason: exit status 127
Terraform - how to use for_each loop on a list of objects to create resources
SQS maxNumberOfMessages
Amazon Resource Name (ARN) for AWS SimpleDB
Amazon EC2 payment transparency, breaking the free usage tier?
Can IAM role temporary credentials be used in cloudformation templates?
Group HITs into batches in amazon mechanical turk with boto?
cURL error 35 - Unknown SSL protocol error in connection to api.rkd.reuters.com:443
'unicode' object has no attribute 'keys'
AWS Elastic Beanstalk NodeJS and logs

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!