I am getting Requires capabilities : [CAPABILITY_IAM] error when creating a stack on cloudformation.
Now I know we need to execute the command to create the stack with following parameter --capabilities CAPABILITY_IAM when using AWS CLI.
Question is how do I change the setting or solve this issue when using cloudformation from aws console so that I am able to create the stack by uploading the script using web console.
In the review pages you have option to allow that:
Related
If I have an existing CloudFormation stack with some resources that are always active, and some that are not always active (i.e., resources that have a Condition that is evaluating to false), and I attempt to update the template of ONLY those inactive resources without activating them (i.e., their Condition is still evaluating to false) via the CLI or API, I get a No updates are to be performed. error:
aws cloudformation update-stack --stack-name <name> --template-body "..."
An error occurred (ValidationError) when calling the UpdateStack operation: No updates are to be performed.
If I then check the Stack Template, it has the previous template, not the new one.
However, if I do what is essentially the same thing but from the AWS Console (i.e., Update Stack -> Replace current template -> Upload a template file -> No other changes), the template will be updated.
Is there some way to accomplish such a template update via CLI or API?
Edit: This doesn't work. When using the console CloudTrail logs the API call as UpdateStack, but using the same parameters in the CLI command doesn't seem to work.
Instead of aws cloudformation update-stack you can use aws cloudformation deploy --no-fail-on-empty-changeset.
References:
Documentation for deploy
Difference between deploy and create (or update)
I am trying to build a pipeline in gitlab which is using their provided gl-cloudformation Template to deploy Infrastructure to aws:
https://gitlab.com/gitlab-org/cloud-deploy/-/blob/master/aws/src/bin/gl-cloudformation
I am running into a problem with creating IAM roles since cloudformation is needing extra confirmation to deploy stacks which create IAM resources. Normally i would just run aws create-stack --capabilities CAPABILITY_NAMED_IAM but since i am useing their template i can't.
Anyone got any experience with running gitlab and cloudformation?
This is not possible with that image. You must either use different CI Image or do not add custom name for the IAM resoucre (let the AWS generate name).
Hello i am planning to run the cloudFormation stack that is preconfigured by aws here.
It prompts me to fill out
NeptuneBulkloadIAMRoleArn
NeptuneClusterEndpoint
NeptuneLambdaIAMRoleArn
But i don't know what to fill in there, can you help me out?
The parameters you described above are used for the following:
NeptuneBulkloadIAMRoleArn - This is an IAM role setup to run the loader command. Instructions for setting this up found here.
NeptuneClusterEndpoint - This is the endpoint of your Neptune database, it will be accessible either from the console or the CLI.
NeptuneLambdaIAMRoleArn - This allows you to pass in your own role the Lambda should use, if not specified the CloudFormation stack should make one for you.
I'm creating a new user pool in AWS Cognito. As you might know, CF support is missing for a lot of the features in Cognito, so I´ve resorted to using the CLI for Cognito. But I still want to use CloudFormation for other resources like API Gateway that will need to reference the new user pool.
Is there any way I can create parameters with the CLI that I can use in CloudFormation?
Yes, if you have Parameters in your template, then you can use the CloudFormation Deploy command to do exactly this.
For example, you can call aws cloudformation deploy --template-file <file_path> --stack-name <stack_name> --parameter-overrides ParameterKey1=ParameterValue1 ParameterKey2=ParameterValue2 ... where <file_path> is the path to your CloudFormation Template, and <stack_name> is the name of your CloudFormation Stack. If this stack doesn't exist yet, Deploy will create it, but if it does exist, Deploy will update it.
Is there any way to use a simple JSON file (of my instance details) to configure a Cloud Formation template?
That's basically what a CloudFormation template provides you. Since it is a template, you can also pass in parameters as variables.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html
Details on passing parameters from a config file:
https://aws.amazon.com/blogs/devops/passing-parameters-to-cloudformation-stacks-with-the-aws-cli-and-powershell/
You can have CFT parameters populated however you like. If you want to run / load the CFT from AWS console - add the parameters as either default or options within the CFT and choose them while creating the stack.
If you want to load them from a properties file - you can use any programming language of your choice to do so. A bash script that loads the properties or whatever, it's upto you and your use case. If you are using AWS cli to run the CFT use bash shell or power shell, if you are using AWS SDK to run your CFT - use the same language as your SDK etc.
If you are using just aws cli, you can do something like this with a json parameters file:
aws cloudformation create-stack --stackname startmyinstance
--template-body file:///some/local/path/templates/startmyinstance.json
--parameters file:///some/local/path/params/startmyinstance-parameters.json