I would like to dynamically set the path of the sql file in the code below using parameters.
files:
/tmp/setup.mysql:
content: !Sub |
CREATE DATABASE ${DBName};
CREATE USER '${DBUsername}'#'localhost' IDENTIFIED BY '${DBPassword}';
GRANT ALL ON ${DBName}.* TO '${DBUsername}'#'localhost';
FLUSH PRIVILEGES;
mode: "000644"
owner: "root"
group: "root"
I have tried simplistically adding a Reference to a custom Path parameters but, unfortunately, I am getting the following error from the Template Designer.
Template contains errors.: Template format error: [/Resources/MyLaunchConfig/Metadata/AWS::CloudFormation::Init/config/files] map keys must be strings; received a map instead
How can I move a path like this into the template parameters?
Edit:
The Note on the CloudFormation documentation on Intrinsic functions says the following:
You can use intrinsic functions only in specific parts of a template.
Currently, you can use intrinsic functions in resource properties,
outputs, metadata attributes, and update policy attributes. You can
also use intrinsic functions to conditionally create stack resources.
This seems to indicate that the functions should be available in resource properties and metadata attributes. It does not specifically restrict it to the values in these objects rather than the keys (although this could be assumed by the inherent nature of keys vs values).
Based on the comments.
The issue is that according to the CFN format specification, a map can only be string:
A map is a collection of key-value pairs, where the keys are always strings.
Therefore, a proposed solution was to use UserData to define the dynamically generate file, instead of using CFN metadata.
Related
I'd like to make CloudFormation look in Parameter Store for a particular parameter - and if not found, look for a different one.
The actual use case is that stacks are deployed for different branches and we'd like to have top-level parameters for all branches that can optionally be overridden by creating a branch-specific parameter. Something like this:
dev-param = 120 <-- top-level, applies if branch-specific parameter doesn't exist
dev-param.mybranch = 60 <-- branch-specific parameter
Have tried a couple of ways but got an error when deploying the stack for both - see below.
When attempting to use dynamic references:
Parameters: [ssm:dev-param.mybranch] cannot be found.
When attempting to use CloudFormation SSM Parameter Types.
Template format error: Every Default member must be a string.
For the latter, the Default: field specifies the Parameter Store key name. This needs to be generated dynamically from other CloudFormation parameters, e.g. there is a parameter for the environment type so development key names begin with dev- and production keys begin with prod-.
Is there another way to achieve this?
You can't do that without a custom resource or a macro.
I'm creating tag templates programmatically and it doesn't appear in the section "Tag Templates" (the creation of each tag template was successful because I can attach it in each table), but when I create those tag templates by hand, they appear as a list.
Btw I'm trying to list the tag templates that I created, with the following sentence:
tag_list = datacatalog.list_tags(parent=f"projects/{project_id}/locations/{location}")
but when I print it says
google.api_core.exceptions.InvalidArgument: 400 Malformed Data Catalog resource name projects/sybogames-analytics-dev/locations/us.
anyone knows why?
thanks in advance.
I'm unfamiliar with the Data Catalog service but, looking at the possible methods in APIs Explorer, I think (!?) you may need to terminate parent with /entrygroup/{entrygroup}.
There are 2 (!?) possible methods for list_tags:
entryGroups.entries.tag_list
entryGroup.tags.list
Both define parent similarly and require /entryGroups/{entrygroup}:
The resource can be an Entry or an EntryGroup (without /entries/{entries} at the end). It takes the form projects/{project}/locations/{location}/entryGroups/{entrygroup}/entries/{entries}.
You can use APIs Explorer to invoke either method to test it.
You can also use gcloud data-catalog tags list and, if you append --log-http to it, you'll be able to see exactly what underlying REST call is being made.
In CloudFormation we have the ability to output some values from a template so that they can be retrieved by other processes, stacks, etc. This is typically the name of something, maybe a URL or something generated during stack creation (deployment), etc.
We also have the ability to 'export' from a template. What is the difference between returning a value as an 'output' vs as an 'export'?
Regular output values can't be references from other stacks. They can be useful when you chain or nest your stacks and their scope/visibility is local. Exported outputs are visible globally within account and region, and can be used by any future stack you are going to deploy.
Chaining
When you chain your stacks, you deploy one stack, take it outputs, and use as input parameters to the second stack you are going to deploy.
For example, let's say you have two templates called instance.yaml and eip.yaml. The instance.yaml outputs its instance-id (no export), while eip.yaml takes instance id as an input parameter.
To deploy them both, you have to chain them:
Deploy instance.yaml and wait for its completion.
Note it outputs values (i.e. instance-id) - usually done programmatically, not manually.
Deploy eip.yaml and pass instance-id as its input parameter.
Nesting
When you nest stacks you will have a parent template and a child template. Child stack will be created from inside of the parent stack. In this case the child stack will produce some outputs (not exports) for the parent stack to use.
For example, lets use again instance.yaml and eip.yaml. But this time eip.yaml will be parent and instance.yaml will be child. Also eip.yaml does not take any input parameters, but instance.yaml outputs its instance-id (not export)
In this case, to deploy them you do the following:
Upload parrent template (eip.yaml) to s3
In eip.yaml create the child instance stack using AWS::CloudFormation::Stack and the s3 url from step 1.
This way eip.yaml will be able to access the instance-id from the outputs of the nested stack using GetAtt.
Cross-referencing
When you cross-reference stacks, you have one stack that exports it outputs so that they can be used by any other stack in the same region and account.
For example, lets use again instance.yaml and eip.yaml. instance.yaml is going to export its output (instance-id). To use the instance-id eip.yaml will have to use ImportValue in its template without the need for any input parameters or nested stacks.
In this case, to deploy them you do the following:
Deploy instance.yaml and wait till it completes.
Deploy eip.yaml which will import the instance-id.
Altough cross-referencing seems very useful, it has one major issue, which is that its very difficult to update or delete cross-referenced stacks:
After another stack imports an output value, you can't delete the stack that is exporting the output value or modify the exported output value. All of the imports must be removed before you can delete the exporting stack or modify the output value.
This is very problematic if you are starting your design and your templates can change often.
When to use which?
Use cross-references (exported values) when you have some global resources that are going to be shared among many stacks in a given region and account. Also they should not change often as they are difficult to modify. Common examples are: a global bucket for centralized logging location, a VPC.
Use nested stack (not exported outputs) when you have some common components that you often deploy, but each time they can be a bit different. Examples are: ALB, a bastion host instance, vpc interface endpoint.
Finally, chained stacks (not exported outputs) are useful for designing loosely-coupled templates, where you can mix and match templates based on new requirements.
Short answer from here, use export between stacks, and use output with nested stacks.
Export
To share information between stacks, export a stack's output values.
Other stacks that are in the same AWS account and region can import
the exported values.
Output
With nested stacks, you deploy and manage all resources from a single
stack. You can use outputs from one stack in the nested stack group as
inputs to another stack in the group. This differs from exporting
values.
I'm writing code for my GraphQL resolvers in AWS AppSync with resolver mapping template.
I know that there is a put mehtod that I can use for add a field to input object or any other object. Like this (for example):
$util.qr($name.put("firstName", "$ctx.args.input.firstName"))
But now I want to remove a field from an object, for example, the input object.
Is there any mehtod similar to the put method but for removing a field. something like:
$util.qr($ctx.args.input.remove("firstName"))
I am new to AWS and DynamoDB and AppSync.( you can consider me as an absolute beginner. )
Use foreach and make a new array.
#set($newInput={})
#foreach ($key in $ctx.args.input.keySet())
#if($key!="firstName")
$util.qr($newInput.put($key, $ctx.args.input.get($key)))
#end
#end
Yes, generally you can use $myObject.remove("myKey") on objects that you create in a mapping template, however, I will add the disclaimer that this will not always work on objects in the $ctx as some parts are immutable. AppSync bundles utility methods that make dealing with objects in mapping templates easier (e.g. making copies of objects). This functionality is actually tied to that of Apache Velocity so you can read more about how it works in those docs.
In AppSync, the arguments in a query or mutation are exposed in the request mapping template as $context.args. If you have passed in an argument named input you can remove it as follows:
$util.quiet($context.args.remove("input"))
or its using the alias for quiet (identical to the above):
$util.qr($context.args.remove("input"))
This can be used in both the request and response mapping template. It can also be used to remove nested properties:
$util.qr($context.args.input.remove("nestedProp"))
I have been trying this example provided in the Google's Deployment Manager GitHub project.
It works, yet I am not sure what is the purpose of creating three instances named instance_create, instance_update and instance_delete.
For example, taken from the link:
instance_create = {
'name':
'instance_create',
'action':
'gcp-types/bigtableadmin-v2:bigtableadmin.projects.instances.create',
'properties': {
'parent': project_path,
'instanceId': instance_name,
'clusters': copy.deepcopy(initial_cluster),
'instance': context.properties['instance']
},
'metadata': {
'runtimePolicy': ['CREATE']
}
}
What is the purpose of `action` and `metadata`.`runtimePolicy`? I have tried to find it in the documentation but failed miserably.
Why there are three `BigTable` instances there?
You are right, the documentation is missing the information, which would answer your questions regarding these parameters.
However, it helps knowing what's going on in the Depoyment Manager example you linked.
First of all, the following line in the config.yaml is where the things get tricky:
resources:
- name: my-bigtable
type: bigtable.py
This line will do a call to the bigtable.py python file, which sets the resource type of the deployment to that which are in it, under the GenerateConfig function. See how this is done here.
The resources are returned as {'resources': resources} at the end of it, being the resources variable a list of templates created there.
These templates have different name identifiers, which are set by the "name" tag.
So you are not creating three different instances with the name of instance_create, instance_update and instance_delete in this file, but you are creating three templates with those names, that will later be appended to the resources list, and later returned to the config.yaml resources.type tag.
These templates then will be sequentially build and executed by the deployment manager, once the create command is used. Note that they might appear out of order, this is due not using a schema.
It's easier to see this structure in a .yaml file format, for example, built with jinja, the template you posted would be:
resources:
- action: gcp-types/bigtableadmin-v2:bigtableadmin.projects.instances.create
name: instance_create
metadata:
runtimePolicy:
- CREATE
properties:
clusters:
initial:
defaultStorageType: HDD
location: projects/<PROJECT_ID>/locations/<PROJECT_LOCATION>
serveNodes: 4
instance:
displayName: My BigTable Instance.
type: PRODUCTION
instanceId: my-instance
parent: projects/<PROJECT_ID>
Notice that the parameters under properties are the fields in the request body to bigtableadmin.projects.instances.create (which is nesting a clusters object parameters and a instance object parameters). Note that the InstanceId under properties is always the same, hence the BigTable instance, on which the templates do the calls, is always the same one.
The thing is that, not only the example you linked creates various templates to be run in the same script, but that the resource type for each template is a call to the BigTable API.
Normally the template resources are specified with the type tag, but since you are calling a resource that is directly running an API call (i.e. instead of just specifying gcp-types/bigtableadmin-v2, you are specifying bigtableadmin-v2:bigtableadmin.projects.instances.create), the action tag is used. I haven't found this difference on usage documented anywhere, but it needs to be specified like that.
You will know if you are calling an API 'endpoint' directly if the resource ends with either create/update/delete.
Finally, the I have investigated in my side, and the metadata.runtimePolicy is tied to the fact that the resource type is an API call (like in the previous point). Once again, I haven't found this documented anywhere.
However, since this is a requirement, you will always have to set the correct value in this field. It basically boils down to have metadata.runtimePolicy set to this values, depending on which type of API call you do:
create -> ['CREATE']
update -> ['UPDATE_ON_CHANGE']
delete -> ['DELETE']
Summarizing:
You are not creating three different instances, but three different templates, which do the work on the same BigTable instance.
You need to change the resource type flag to action if you are calling an API endpoint (create/update/delete), instead of just naming the base API.
The metadata.runtimePolicy value is a requirement when doing a call to one of the aforenamed endpoints.