I've made a CodePipeline pipline CloudFormation template and deployed it as a stack. I'd like to add an action to this existing pipeline via another CloudFormation stack.
From the documentation I can only see pipeline resources which would allow me to create a whole new stack, not edit an existing one by providing an ARN or something similar. There are also no granular resources that provide support for CodePipeline functionality such as actions. See URL below:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codepipeline-pipeline.html
Does anyone know how I can achieve this? By the looks of it I'd say I have to update the template for the pipeline, adding the new action. Assuming this is the only way, how could achieve this from another CloudFormation stack?
So a template would be configured to add a new action in the pipeline template, and then trigger an update of the pipeline stack. I'm guessing I'd have to use a CloudFormation macro and keep the pipeline template stored in s3. I'd then take the template out of s3, add the action, save the change and then what? I've also considered how I might use nested stacks or the Import macro.
Thanks for any help!
#Marcin inspired me to this solutions. Thanks :)
Essentially I did this:
First I created a "Change" pipeline that took the stack template modified during the build stage, that I originally wanted to deploy across multiple stacks in a deploy action, and wrote it out to the path within an s3 bucket.
Second I created a "Deploy" pipeline that used the s3 path pointing to the output of the "Change" pipeline. This pipeline contains a deploy action that uses a SourceArtifact of the outputted template. This is essentially the deploy action I wanted in the "Change" pipeline.
I have now created a CFN template for the "Deploy" pipeline, allowing me to create any number of "Deploy" pipelines pointing to different stacks. When the "Change" pipeline is triggered it's output triggers all the "Deploy" pipelines. My approval and testing process goes into the "Change" pipeline to avoid spam and I can roll back no problem.
Related
I have a serverless app on AWS that I am deploying using Cloudformation. I deploy the pipeline first using a pipeline.yml file, which creates the 'pipeline' stack (which populates the repo with code from an s3 bucket) and then runs it. This then creates the 'dev' stack using a seperate YAML file called template.yml in the newly created repo which contains the infrastructure for the lambdas, dbs, and other resources contained to make this app work. After a review, a developer can then release this to the 'prod' environment. The reason it is split it out like this is so that the pipeline gets created once, and the dev/prod environment stacks can be initiated multiple times.
In it's current state, there are parameters hardcoded within the template.yml that are used in dev/prod stack creation. Problem is, the user has to manually change these hardcoded values in the file before stack creation. Is there any way the user can edit these parameters as usual in the UI where I create the pipeline stack, and these parameters would bubble into the app/environment stack creation?
If my question does not make sense, I can definitely help further clarify. Thanks!
I have to create multiple IAM users from a single cloudformation stack at once.
Since, Cloudformation doesn't support Loop. I have Created a Code Pipeline which deploys cloudformation template stored in AWS CodeCommit.
Can I use Parameter Override Feature of Code Pipeline to Create Multiple Users like giving parameter in list as:
{
"Username":["Bob","Alice","John"]
}
You're going to need an action between the CodeCommit and CloudFormation actions to generate a template that includes each IAM user resource (unless you plan to commit the expanded CloudFormation template). CodeBuild is probably your best bet to run some command that generates the CoudFormation template.
You might find CDK (https://github.com/awslabs/aws-cdk/) interesting for a use case like this. It will let you describe IAM users in a loop and then synthesize a CoudFormation temple. At the time of writing this answer it's in preview, so don't rely on it for production.
You should, but if you don't leave pre-existing ones in, I believe it will drop the previous ones. You could do a Custom resource tied to a Lambda Function, then your Lambda function could "not" drop the previous resources.
As a DevOps guy I wanted to use the same template to provision both Dev and Prod stacks... Where dev stacks should not have any DeletionPolicy but Prod stacks should utilize a DeletionPolicy
So, at first sight CFT gives an ok tooling for this but.... there is no possibility to parametrize S3 DeletionPolicy (that I've been able to locate at least)...
Here's some threads I dug up
https://forums.aws.amazon.com/message.jspa?messageID=560586
https://www.unixdaemon.net/cloud/cloudformation-annoyance-deletion-policy-parameters/
The suggested workaround from AWS was to make the whole resource conditional, which leads us duplicating the resource and create a „Deletable and „Undeletable versions of it and all the depending resources should handle that condition...
This seems wonky and bloated, is there a way to parameterize this or a better methodology to accomplish my end goal?
Doesn't seem like there's an option in CFT other than resource duplication.
What you can do is create a Lambda with a Python script that would setup the S3 deletion policy. That Lambda function can be triggered through SNS during CloudFormation stack creation. Here is described how this can be configured:
Is it possible to trigger a lambda on creation from CloudFormation template
But in your particular case I'd go with resource duplication in same CFT.
I am using CodePipeline to deploy my SAM (lambda etc) application referencing https://docs.aws.amazon.com/lambda/latest/dg/build-pipeline.html.
The "issue" now is my CloudFormation has some parameters inside and CodePipeline requires that I set these. I could do so via parameter overrides
But is this the correct way? I actually only want it set once at the start. And I'd rather have users set it in CloudFormation and CodePipeline should follow those values.
This stack is already created, why isit that CodePipeline complains I need them set?
The input parameters are required by CloudFormation to update.
Template configuration is the recommended way to specify the input parameters. You could create a template file of input parameters for the customers to use.
Possible solution is to create custom Lambda functions which will be invoked from CodePipeline using Invoke action.
As a parameter to such Lambda you would specify CloudFormation stack name. Lambda then will load CloudFormation parameters from existing stack and create output from it (using appropriate AWS SDK). Such artifact will be used as an input to CloudFormation deployment.
Another solution is to create CodeBuild project which will do the same thing.
It's a bit complex but it seems that CodePipeline always needs full set of parameters unfortunately.
We're building an API using AWS SAM. Build on the Lambda Node Template in CodeStar. Things were going well until our template.yml file became too big. Whenever the code is pushed and CloudFormation starts to execute the change set and create a stack for the SAM endpoints, it fails and rolls back to the last successful build.
It seems that we have too many resources that exceeds the CloudFormation limit per stack.
I tried splitting the template file and edited the buildspec to handle two template files and do two AWS CloudFormation package commands and added another artifact. But it didn't work either. As only the first template is recognized and only one stack is created.
I can't find a way to make an automated deployment that creates multiple stacks.
I'd appreciate some input into this and suggestions to handle such a scenario.
Thanks in advance.
You should try using the nested stacks pattern. Instead of splitting your current stack into multiple parallel stacks, you will create a parent stack that will in turn create multiple child stacks.
More information here.
AWS SAM (as of SAM v1.9.0) supports nested applications which map to nested CloudFormation stacks which gets around the 200 resource limit. (AWS::Serverless::Application transforms into a AWS::CloudFormation::Stack)
https://github.com/awslabs/serverless-application-model/releases/tag/v1.9.0
The main subject to see is what is the components you have in your sam template ? is there any dependencies ? is all Functions shares the same API Gateway or not ? is all functions access DynamoDB table ?
In my case, I split the SAM by API [ API Gateway + functions ( CRUD)] in a mono repo way, each folder contains its sam template.
If you have a shared service like Redis, or SNS, SQS, you can have a separate stack with the export import Feature to import the ARN of the service.