I have a template file in a S3 bucket. I want to create a cloudformation stack with it.
I run:
aws cloudformation create --template https://mybucket-us-east-1.s3.us-east-1.amazonaws.com/template/1.0/the-template.template --stack-name test-stack
Then I get this error:
Invalid template path https://mybucket-us-east-1.s3.us-east-1.amazonaws.com/template/1.0/the-template.template
What is the correct syntax to create/deploy a cloudformation stack from a template file found in a S3 bucket?
jprdanm was right. This command worked, however, I also needed to add --capabilities CAPABILITY_NAMED_IAM at the end of it, so:
aws cloudformation create-stack --template-url https://mybucket-us-east-1.s3.us-east-1.amazonaws.com/template/1.0/the-template.template --stack-name test-stack --capabilities CAPABILITY_NAMED_IAM
Related
I'm trying to deploy nested stack using command
aws cloudformation deploy --stack-name "${STACK_NAME}" --template-file "${S3_ROOT_TEMPLATE}" --parameter-overrides ${PARAMS[#]} --region ${REGION}
But despite the S3_ROOT_TEMPLATE having proper url, I get the error
Invalid template path
https://<s3-bucket-name>.s3.us-east-2.amazonaws.com/sm-domain-templates/main_stack.yaml
Any idea what's wrong with the above?
Even though in the console you have to use S3 path, in the awscli command, it expects the local file path of the root stack file
The following command deploys a template named S3_ROOT_TEMPLATE to a stack named STACK_NAME:
STACK_NAME="cfn-demo"
S3_ROOT_TEMPLATE="cfn-demo.yaml"
REGION="us-east-1"
bucket_name="cfn-demo-bucket"
aws cloudformation deploy --stack-name $STACK_NAME --template-file $S3_ROOT_TEMPLATE --parameter-overrides $PARAMS[#] --region $REGION
If your templates are sized greater than 51,200 bytes, then the name of the S3 bucket where this command uploads your CloudFormation template.
aws cloudformation deploy --stack-name $STACK_NAME --template-file $S3_ROOT_TEMPLATE --parameter-overrides $PARAMS[#] --region $REGION --s3-bucket $bucket_name
For updating the stack, you could upload the template file to the S3 bucket by using copy and then, update the stack by using the S3 object URL as the template source.
aws s3 cp $S3_ROOT_TEMPLATE s3://$bucket_name
aws cloudformation update-stack --stack-name $STACK_NAME --template-url https://$bucket_name.s3.$REGION.amazonaws.com/$S3_ROOT_TEMPLATE
This page describes how to set a stack name in some AWS console GUI: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-using-console-create-stack-parameters.html
How do I set these values in the SAM Template .yml files?
I'm specifically doing this on a Stack that is only a Lambda Layer if that matters.
I can see that there is some way to do this via CLI as described here:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-cli-creating-stack.html
aws cloudformation create-stack --stack-name myteststack --template-url "ssm-doc://arn:aws:ssm:us-east-1:123456789012:document/documentName"
Is it even possible to set the name in the template?
Unfortunately, it seems like stack name is NOT part of the SAM templates. This is done via the command arguments to deploy the stack.
From the same link: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-cli-creating-stack.html
The following example creates the myteststack stack in an Amazon S3 bucket:
PROMPT> aws cloudformation create-stack \
--stack-name myteststack \
--template-body file:///home/testuser/mytemplate.json \
--parameters ParameterKey=Parm1,ParameterValue=test1 ParameterKey=Parm2,ParameterValue=test2
So when creating the stack, the --stack-name argument is how this is set.
The reason I was confused is because I didn't realize where that command was being issued.
I'm trying to deploy a cloudformation template using a command that looks as follows:
aws cloudformation deploy \
--stack-name stackname \
--template-file folder/file.yaml \
--s3-bucket bucketname \
--s3-prefix prefix
The error that I receive is:
An error occurred (ValidationError) when calling the CreateChangeSet operation:
S3 error: The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint.
For more information check
http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html
I have checked the link to try and understand what is being asked of me, but it seems to relate to directly using S3, and not using S3 via CloudFormation.
I can't determine a way to do what it is asking using the available parameters of aws cloudformation
The template file that defines a stack must be in an Amazon S3 bucket that is in the same region as the AWS CloudFormation stack being created.
aws cloudformation deploy --stack-name myteststack --template-file folder/file.yaml --s3-bucket bucketname --s3-prefix prefix --region us-east-1
You may replace the parameter and try this.
You need not to pass the region for s3 bucket nor endpoint is required. Yes, if the Bucket and Cloudformation are in a different region in such cases you may face an issue. But I'm sure it will be access denied issue, not something that you have mentioned here.
I get this error when I run create-stack for a cloudformation template that contains IAM policies.
aws cloudformation create-stack --stack-name iam-stack --template-body file://./iam.yml --capabilities CAPABILITY_IAM --profile dev
An error occurred (InsufficientCapabilitiesException) when calling the CreateStack operation: Requires capabilities : [CAPABILITY_NAMED_IAM]
Change --capabilities to CAPABILITY_NAMED_IAM
If you have IAM resources with custom names, you must specify
CAPABILITY_NAMED_IAM. If you don't specify this parameter, this action
returns an InsufficientCapabilities error.
https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html
As per AWS docs,
If you specify a Role name in cloud formation, you must specify the CAPABILITY_NAMED_IAM value to acknowledge your template's capabilities Link
So your command should be
aws cloudformation create-stack --stack-name iam-stack --template-body file://./iam.yml --capabilities CAPABILITY_NAMED_IAM --profile dev
In my case I needed both CAPABILITY_IAM and CAPABILITY_NAMED_IAM capabilities for a resource of type "AWS::IAM::Role".
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CloudFormation.html#createStack-property
If you are using AWS CodePipeline to deploy an EC2 using a CloudFormation stack, there is an option called "Capabilities" from which you can select CAPABILITY_NAMED_IAM.
You must pass capability as below if you're not letting CloudFormation name your IAM resources.
Change from --capabilities CAPABILITY_IAM to --capabilities CAPABILITY_NAMED_IAM.
I am trying to do all my dev work using cloud9 template for serverless apps
It complains that i don't have CAPABILITY_NAMED_IAM due to the fact that I am creating a role. How do I edit cloud9 deploy defaults to include CAPABILITY_NAMED_IAM?
If you started your Cloud9 with Code star, you can modify the pipeline to enable capabilities to CAPABILITY_NAMED_IAM in the AWS management console.
You need to edit the GenerateChangeSet section in the deploy step.
Otherwhise you should look into your create/update stack to add the --capabilities CAPABILITY_NAMED_IAM :
cloudformation create-stack --stack-name my-stack --template-url dummy-template.yaml --role-arn ... --tags ... --capabilities CAPABILITY_NAMED_IAM
https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities