Menu
Hi I am trying to use the "IF" Function just like mentioned in cloud formation documentation for RDS DeletionPolicy, but for some reason it says that my function does not return a string.
AWS Documentation on conditional statements
here is the condition:
"DeletionPolicy" : { "Fn::If" : [ "CreateProdResources", "Snapshot", "Delete" ]} And the error is the one in the title:
Template validation error: Template format error: Every DeletionPolicy member must be a string. Other attempts that didn't work:
With a map:
"RdsDeletionPolicyMap" :{ "production" : { "policy" : "Snapshot" }, "staging" : { "policy" : "Delete" } } And then:
"DeletionPolicy" : { "Fn::FindInMap" : [ "RdsDeletionPolicyMap", {"Ref": "RailsEnvironment"}, "policy" ] } As well as a Simple "Ref": ... didn't work as well. I highly suspect this is a bug with cloudformation
720
To check your template file for syntax errors, you can use the aws cloudformation validate-template command. The aws cloudformation validate-template command is designed to check only the syntax of your template.
Validate template syntax Validate your JSON syntax with a text editor, or a command line tool such as the AWS CLI template validator. Validate your YAML syntax with the aws cloudformation validate-template command. Validate your JSON or YAML templates with the AWS CloudFormation linter on the GitHub website.
AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS and third-party resources, and provision and manage them in an orderly and predictable fashion.
The issue is that DeletionPolicy must be set to one of three strings. And, though your If check will return one of them, from a systematic perspective, it only knows that it's returning a String - but is not guaranteed to be a valid string (same with your map and parameter checks), and thus it only accepts a string literal and not something that resolves to string.
I believe that this limitation has been raised to the AWS Engineering team previously, as it is a nuisance.
193
According to intrensic-function-referece https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference.html
You can use intrinsic functions only in specific parts of a template. Currently, you can use intrinsic functions in resource properties, outputs, metadata attributes, and update policy attributes. You can also use intrinsic functions to conditionally create stack resources.
So you cannot use them for the DeletionPolicy
However, one workaround for this is Cloudformation conditionals: https://www.unixdaemon.net/cloud/intro-to-cloudformations-conditionals/
You can add two resources with the condition and each having snapshot and delete in each resource.
23
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
