Import s3 bucket from one stack to other stack - amazon-web-services

I have created S3 Bucket with deletepolicy retain using cloud formation, I Have exported the created bucket using Export in outputs in cloudformation.
Now I want to use the same s3 bucket in another stack using import
Cloud formation for s3:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Creates an S3 bucket to be used for static content/website hosting.",
"Parameters": {
"AssetInsightId": {
"Description": "Asset Insight ID",
"Type": "String",
"Default": "206153"
},
"ResourceOwner": {
"Description": "tr:resource-owner",
"Type": "String",
"Default": "####"
},
"EnvironmentType": {
"Description": "tr:environment-type",
"Default": "preprod",
"Type": "String",
"AllowedValues": ["preprod", "prod"],
"ConstraintDescription": "must specify preprod, prod."
}
},
"Resources": {
"S3Bucket": {
"Type": "AWS::S3::Bucket",
"DeletionPolicy": "Retain",
"Properties": {
"BucketName": {
"Fn::Sub": "a${AssetInsightId}-s3bucket-${EnvironmentType}"
},
"Tags": [{
"Key": "tr:application-asset-insight-id",
"Value": {
"Fn::Sub": "${AssetInsightId}"
}
}, {
"Key": "tr:environment-type",
"Value": {
"Fn::Sub": "${EnvironmentType}"
}
}
]
}
}
},
"Outputs": {
"S3Bucket": {
"Description": "Information about the value",
"Description": "Name of the S3 Resource Bucket",
"Value": "!Ref S3Bucket",
"Export": {
"Name": "ExportS3Bucket"
}
}
}
}
cloud formation to use created s3 bucket from another template with import
Second template :
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Creates an S3 apigateway to be used for static content/website hosting.",
"Parameters": {
"AssetInsightId": {
"Description": "Asset Insight ID",
"Type": "String",
"Default": "206153"
},
"ResourceOwner": {
"Description": "tr:resource-owner",
"Type": "String",
"Default": "swathi.koochi#thomsonreuters.com"
},
"EnvironmentType": {
"Description": "tr:environment-type",
"Default": "preprod",
"Type": "String",
"AllowedValues": ["preprod", "prod"],
"ConstraintDescription": "must specify preprod, prod."
},
"endpointConfiguration": {
"Description": "tr:endpoint-configuration",
"Default": "REGIONAL",
"Type": "String",
"AllowedValues": ["REGIONAL", "EDGE"],
"ConstraintDescription": "must specify REGIONAL, EDGE."
}
},
"Resources": {
"S3BucketImport": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketName": {"Fn::ImportValue" : "ExportS3Bucket"}
}
},
"APIGateWayRestResourceRestApi": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Name": "MyAPI",
"Description": "API Gateway rest api with cloud formation",
"EndpointConfiguration": {
"Types": [{
"Ref": "endpointConfiguration"
}
]
}
}
},
"APIGateWayResource": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"RestApiId": {
"Ref": "APIGateWayRestResourceRestApi"
},
"ParentId": {
"Fn::GetAtt": ["APIGateWayRestResourceRestApi", "RootResourceId"]
},
"PathPart": "test"
}
},
"APIGatewayPostMethod": {
"Type": "AWS::ApiGateway::Method",
"Properties": {
"AuthorizationType": "NONE",
"HttpMethod": "POST",
"Integration": {
"Type": "AWS_PROXY",
"IntegrationHttpMethod": "POST",
"Uri": {
"Fn::Sub": "arn:aws:apigateway:us-east-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-2:861756181523:function:GreetingLambda/invocations"
}
},
"MethodResponses": [{
"ResponseModels": {
"application/json": {
"Ref": "PostMethodResponse"
}
},
"StatusCode": 200
}
],
"ResourceId": {
"Ref": "APIGateWayResource"
},
"RestApiId": {
"Ref": "APIGateWayRestResourceRestApi"
}
}
},
"PostMethodResponse": {
"Type": "AWS::ApiGateway::Model",
"Properties": {
"ContentType": "application/json",
"Name": "PostMethodResponse",
"RestApiId": {
"Ref": "APIGateWayRestResourceRestApi"
},
"Schema": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "PostMethodResponse",
"type": "object",
"properties": {
"Email": {
"type": "string"
}
}
}
}
},
"RestApiDeployment": {
"DependsOn": "APIGatewayPostMethod",
"Type": "AWS::ApiGateway::Deployment",
"Properties": {
"RestApiId": {
"Ref": "APIGateWayRestResourceRestApi"
}
}
},
"RestAPIStage": {
"Type": "AWS::ApiGateway::Stage",
"Properties": {
"DeploymentId": {
"Ref": "RestApiDeployment"
},
"MethodSettings": [{
"DataTraceEnabled": true,
"HttpMethod": "*",
"ResourcePath": "/*"
}
],
"RestApiId": {
"Ref": "APIGateWayRestResourceRestApi"
},
"StageName": "Latest"
}
},
"APIGateWayDomainName": {
"Type": "AWS::ApiGateway::DomainName",
"Properties": {
"CertificateArn": {
"Ref": "myCertificate"
},
"DomainName": {
"Fn::Join": [".", [{
"Ref": "AssetInsightId"
}, {
"Ref": "EnvironmentType"
}, "api"]]
},
"EndpointConfiguration": {
"Types": [{
"Ref": "endpointConfiguration"
}
]
}
}
},
"myCertificate": {
"Type": "AWS::CertificateManager::Certificate",
"Properties": {
"DomainName": {
"Fn::Join": [".", [{
"Ref": "AssetInsightId"
}, {
"Ref": "EnvironmentType"
}, "api"]]
}
}
}
}
}
when I/m trying to import using Import Value, I'm getting error saying
S3BucketImport
CREATE_FAILED Bad Request (Service: Amazon S3; Status Code: 400; Error Code: 400 Bad Request; Request ID: 9387EBE0E472E559; S3 Extended Request ID: o8EbE20IOoUgEMwXc7xVjuoyQT03L/nnQ7AsC94Ff1S/PkE100Imeyclf1BxYeM0avuYjDWILxA=)

As #Jarmod correctly pointed out,
In your first template, export the s3 bucket name using { "Ref" : ",S3Bucket" }
In your second template, you don't have to create the bucket again.you can use the exported value from the first template if you want to refer the bucket name from resources. But i don't see any of the resources in the second template refer the S3 bucket name.

Related

Why does my subnet and VPC show side by side on CloudFormation

I've been trying to figure out why my VPC and subnet show side by side instead of the subnet inside of the VPC? (I used Atom to generate this.)
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "vpc",
"Metadata": {
},
"Parameters": {"siggyVpcCidr": {
"Description": "vpc cidr",
"Type": "String",
"Default": "10.0.0.0/16"
},
"siggySubnetCidr": {
"Description": "cidr for the subnet",
"Type": "String",
"Default": "10.0.1.0/2"
},
"Subnet1Az": {
"Description": "AZ for siggySubnetCidr",
"Type": "AWS::EC2::AvailabilityZone::Name"
}
},
"Mappings": {
},
"Conditions": {
},
"Resources": {
"siggyVpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": { "Ref": "siggyVpcCidr" },
"Tags": [{ "Key": "Name", "Value": "siggyVpc" }]
}
},
"siggyIgw": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [{ "Key": "Name", "Value": "siggyIgw1" }]
}
},
"AttachGateway": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": { "Ref": "siggyVpc" },
"InternetGatewayId": { "Ref": "siggyIgw" }
}
},
"SubnetSiggy": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": { "Ref": "Subnet1Az" },
"VpcId": { "Ref": "siggyVpc" },
"CidrBlock": { "Ref": "siggySubnetCidr" },
"Tags": [{ "Key": "Name", "Value": "siggySubnetCidr" }]
}
}
},
"Outputs": {
}
}
They are separate resources. CloudFormation templates arrange resources in a flat array. This is pretty much true of most resources. Some resources can be implicitly defined when creating resources, but that probably won't be reflected with an export where you create a template from existing resources.
You would need to inspect the VpcId property to determine the VPC to which the subnet belongs.

Invalid template property or properties [Vpcname]

I am trying to create a stack with below templates. Same template worked without parameters.
When I Added parameters I got an error which says -Invalid template property or properties
[Vpcname].
I am not sure what more to add as I have checked every aspect from amazon documentation.
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Here are some details about the template.",
"Vpcname": {
"Description": "What do you want your VPC to be called as ?",
"Type": "String",
"Default": "fromCf"
},
"Resources": {
"testvpc": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16",
"EnableDnsHostnames": true,
"EnableDnsSupport": true,
"InstanceTenancy": "default",
"Tags": [
{
"Key": "Name",
"Value": {
"Ref": "Vpcname"
}
}
]
}
},
"WebSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": "ap-south-1a",
"VpcId": {
"Ref": "testvpc"
},
"CidrBlock": "192.168.0.0/24",
"Tags": [
{
"Key": "Name",
"Value": "fromCfWebSub"
}
]
}
},
"AppSubnet": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"AvailabilityZone": "ap-south-1b",
"VpcId": {
"Ref": "testvpc"
},
"CidrBlock": "192.168.1.0/24",
"Tags": [
{
"Key": "Name",
"Value": "fromCfAppSub"
}
]
}
}
}
}
I got it fixed Guys. I was not including "Parameters" : { } I should have put it this ways - "Parameters" : {"Vpcname": { "Description": "What do you want your VPC to be called as ?", "Type": "String", "Default": "fromCf" }}

aws cloudformation - Encountered unsupported property RequestValidatorId

I was trying to create a requestValidator and use it in my request by
"RequestValidatorId": {
"Ref": "PostRequestValidator"
}
.
It should return the id of the requestValidator according to the doc.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-requestvalidator.html
But below error occurs.
Logical ID: postBannerMethod
Encountered unsupported property RequestValidatorId
resources.json
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"RolesStack": {
"Type": "String",
"Default": "admin-iam-roles"
},
"HandlerCodeS3Bucket": {
"Type": "String",
"Default": "admin-lambda-sourcecode"
},
"HandlerCodeS3BucketLayer": {
"Type": "String",
"Default": "admin-lambda-sourcecode/layers"
},
"HandlerCodeS3Key": {
"Type": "String",
"Default": "helloWorld.zip"
}
},
"Resources": {
"MyLayer": {
"Type": "AWS::Lambda::LayerVersion",
"Properties": {
"CompatibleRuntimes": [
"nodejs12.x"
],
"Content": {
"S3Bucket": {
"Ref": "HandlerCodeS3Bucket"
},
"S3Key": "imageUploadLayer.zip"
},
"Description": "My layer",
"LayerName": "imageLayer",
"LicenseInfo": "MIT"
}
},
"createBannerHandler": {
"Type": "AWS::Lambda::Function",
"Properties": {
"FunctionName": "createBanner",
"Handler": "createBanner.handler",
"Role": {
"Fn::ImportValue": {
"Fn::Sub": "${RolesStack}-LambdaRoleArn"
}
},
"Code": {
"S3Bucket": {
"Ref": "HandlerCodeS3Bucket"
},
"S3Key":"createBanner.zip"
},
"Layers": [
{
"Ref": "MyLayer"
}
],
"Runtime": "nodejs12.x"
}
},
"HelloWorldApi": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Name": "hello-api",
"Description": "API used for practice",
"FailOnWarnings": true
}
},
"PostRequestValidator": {
"Type" : "AWS::ApiGateway::RequestValidator",
"Properties" : {
"Name" : "PostRequestValidator",
"RestApiId" : {
"Ref": "HelloWorldApi"
},
"ValidateRequestBody" : true,
"ValidateRequestParameters" : false
}
},
"BannerResource": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"RestApiId": {
"Ref": "HelloWorldApi"
},
"ParentId": {
"Fn::GetAtt": [
"HelloWorldApi",
"RootResourceId"
]
},
"PathPart": "banner"
}
},
"postBannerMethod": {
"Type": "AWS::ApiGateway::Method",
"DependsOn": ["HelloWorldApi"],
"Properties": {
"RestApiId": {
"Ref": "HelloWorldApi"
},
"ResourceId": {
"Ref": "BannerResource"
},
"HttpMethod": "POST",
"AuthorizationType": "NONE",
"Integration": {
"Credentials": {
"Fn::ImportValue": {
"Fn::Sub": "${RolesStack}-ApiGatewayRoleArn"
}
},
"IntegrationHttpMethod": "POST",
"Type": "AWS_PROXY",
"RequestValidatorId": {
"Ref": "PostRequestValidator"
},
"Uri": {
"Fn::Join": ["",
[
"arn:aws:apigateway:",
{
"Ref": "AWS::Region"
},
":lambda:path/2015-03-31/functions/",
{
"Fn::GetAtt": ["createBannerHandler", "Arn"]
},
"/invocations"
]
]
}
}
}
}
}
}
Your RequestValidatorId is one level to deep. It should be in AWS::ApiGateway::Method, not in Integration:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"RolesStack": {
"Type": "String",
"Default": "admin-iam-roles"
},
"HandlerCodeS3Bucket": {
"Type": "String",
"Default": "admin-lambda-sourcecode"
},
"HandlerCodeS3BucketLayer": {
"Type": "String",
"Default": "admin-lambda-sourcecode/layers"
},
"HandlerCodeS3Key": {
"Type": "String",
"Default": "helloWorld.zip"
}
},
"Resources": {
"MyLayer": {
"Type": "AWS::Lambda::LayerVersion",
"Properties": {
"CompatibleRuntimes": [
"nodejs12.x"
],
"Content": {
"S3Bucket": {
"Ref": "HandlerCodeS3Bucket"
},
"S3Key": "imageUploadLayer.zip"
},
"Description": "My layer",
"LayerName": "imageLayer",
"LicenseInfo": "MIT"
}
},
"createBannerHandler": {
"Type": "AWS::Lambda::Function",
"Properties": {
"FunctionName": "createBanner",
"Handler": "createBanner.handler",
"Role": {
"Fn::ImportValue": {
"Fn::Sub": "${RolesStack}-LambdaRoleArn"
}
},
"Code": {
"S3Bucket": {
"Ref": "HandlerCodeS3Bucket"
},
"S3Key": "createBanner.zip"
},
"Layers": [
{
"Ref": "MyLayer"
}
],
"Runtime": "nodejs12.x"
}
},
"HelloWorldApi": {
"Type": "AWS::ApiGateway::RestApi",
"Properties": {
"Name": "hello-api",
"Description": "API used for practice",
"FailOnWarnings": true
}
},
"PostRequestValidator": {
"Type": "AWS::ApiGateway::RequestValidator",
"Properties": {
"Name": "PostRequestValidator",
"RestApiId": {
"Ref": "HelloWorldApi"
},
"ValidateRequestBody": true,
"ValidateRequestParameters": false
}
},
"BannerResource": {
"Type": "AWS::ApiGateway::Resource",
"Properties": {
"RestApiId": {
"Ref": "HelloWorldApi"
},
"ParentId": {
"Fn::GetAtt": [
"HelloWorldApi",
"RootResourceId"
]
},
"PathPart": "banner"
}
},
"postBannerMethod": {
"Type": "AWS::ApiGateway::Method",
"DependsOn": [
"HelloWorldApi"
],
"Properties": {
"RestApiId": {
"Ref": "HelloWorldApi"
},
"ResourceId": {
"Ref": "BannerResource"
},
"HttpMethod": "POST",
"AuthorizationType": "NONE",
"RequestValidatorId": {
"Ref": "PostRequestValidator"
},
"Integration": {
"Credentials": {
"Fn::ImportValue": {
"Fn::Sub": "${RolesStack}-ApiGatewayRoleArn"
}
},
"IntegrationHttpMethod": "POST",
"Type": "AWS_PROXY",
"Uri": {
"Fn::Join": [
"",
[
"arn:aws:apigateway:",
{
"Ref": "AWS::Region"
},
":lambda:path/2015-03-31/functions/",
{
"Fn::GetAtt": [
"createBannerHandler",
"Arn"
]
},
"/invocations"
]
]
}
}
}
}
}
}
Recommend trying the CloudFormation Linter in VSCode to see some of these errors inline while authoring templates along with autocompletion and documentation links:
[cfn-lint] E3002: Invalid Property Resources/postBannerMethod/Properties/Integration/RequestValidatorId

Cloudformation Property validation failure: Encountered unsupported properties

I'm trying to create a nested stack with the root stack looks like this:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"DynamoDBTable": {
"Type": "AWS::CloudFormation::Stack",
"Properties": {
"Parameters": {
"TableName": {
"Fn::Sub": "${AWS::StackName}"
}
},
"TemplateURL": "https://s3.amazonaws.com/my-templates-bucket/dynamodb.json"
}
},
"S3WebsiteReact": {
"Type": "AWS::CloudFormation::Stack",
"Properties": {
"Parameters": {
"BucketName": {
"Fn::Sub": "${AWS::StackName}-website"
}
},
"TemplateURL": "https://s3.amazonaws.com/my-templates-bucket/s3-static-website-react.json"
}
},
"S3UploadBucket": {
"Type": "AWS::CloudFormation::Stack",
"Properties": {
"Parameters": {
"BucketName": {
"Fn::Sub": "${AWS::StackName}-upload"
}
},
"TemplateURL": "https://s3.amazonaws.com/my-templates-bucket/s3-with-cors.json"
}
},
"Cognito": {
"Type": "AWS::CloudFormation::Stack",
"DependsOn": "DynamoDBTable",
"Properties": {
"Parameters": {
"CognitoUserPoolName": {
"Fn::Join" : ["",
{
"Fn::Split": ["-", {
"Ref": "AWS::StackName"
}]
}
]
}
},
"TemplateURL": "https://s3.amazonaws.com/my-templates-bucket/cognito.json"
}
},
"ApiGateway": {
"Type": "AWS::CloudFormation::Stack",
"DependsOn": ["DynamoDBTable", "Cognito"],
"Properties": {
"Parameters": {
"ApiGatewayName": {
"Fn::Sub": "${AWS::StackName}-api"
},
"CognitoUserPoolArn": {
"Fn::GetAtt": [ "Cognito", "Outputs.UserPoolArn" ]
},
"DynamoDBStack": {
"Fn::GetAtt": [ "DynamoDBTable", "Outputs.DDBStackName" ]
}
},
"TemplateURL": "https://s3.amazonaws.com/my-templates-bucket/api-gateway.json"
}
},
"IdentityPool": {
"Description": "Cognito Identity Pool. Must be created after User Pool and API Gateway.",
"Type": "AWS::Cognito::IdentityPool",
"DependsOn": ["Cognito", "ApiGateway", "S3UploadBucket"],
"Properties": {
"Parameters": {
"AppClientId": {
"Fn::GetAtt": [ "Cognito", "Outputs.AppClientId" ]
},
"UserPoolProviderName": {
"Fn::GetAtt": [ "Cognito", "Outputs.ProviderName" ]
},
"UserPoolName": {
"Fn::GetAtt": [ "Cognito", "Outputs.UserPoolName" ]
},
"UploadBucketName": {
"Fn::GetAtt": [ "S3UploadBucket", "Outputs.UploadBucketName" ]
},
"ApiGatewayId": {
"Fn::GetAtt": [ "ApiGateway", "Outputs.ApiGatewayId" ]
}
},
"TemplateURL": "https://s3.amazonaws.com/my-templates-bucket/identity-pool.json"
}
}
},
"Outputs": {
}
}
And I get this error:
2019-06-19 14:45:14 UTC-0400 IdentityPool CREATE_FAILED Property validation failure: [Encountered unsupported properties in {/}: [TemplateURL, Parameters]]
It looks like my identity pool stack has some issues with the parameters. But the identity pool stack parameters look like this:
"Parameters" : {
"AppClientId": {
"Description": "ID of the App Client of the Cognito User Pool passed into this stack.",
"Type": "String"
},
"UserPoolProviderName": {
"Description": "Cognito User Pool Provider name passed into this stack.",
"Type": "String"
},
"UserPoolName": {
"Description": "Cognito User Pool Name passed into this stack.",
"Type": "String"
},
"UploadBucketName": {
"Description": "Name of the bucket that is used to upload files to.",
"Type": "String"
},
"ApiGatewayId": {
"Description": "ID of the API Gateway created for the stack.",
"Type": "String"
}
},
The funny thing is: I tried creating each stack on its own, then passed the outputs from them as parameters to the stacks that need those parameters and every single stack was created successfully without any problems.
I've tried to look for what is unsupported but was unable to find any answers.
The error:
[Encountered unsupported properties in {/}: [TemplateURL, Parameters]]
Says that those two properties are unsupported. Unlike all the rest of the resources declared in your template which also use those two properties, this resource is a AWS::Cognito::IdentityPool, while the rest are all of type AWS::CloudFormation::Stack.
Those two properties are only valid on the AWS::CloudFormation::Stack type, hence the validation error.

AWS::AutoScaling::LaunchConfiguration You are not authorized to perform this operation

While cloudformation is building the stack, I get the following error:
AWS::AutoScaling::LaunchConfiguration N1ClusterServerLaunchConfig You are not authorized to perform this operation
I have admin full access user privileges. But, still this fails. Is the authorization due to the IAMs defined inside the template?
"N1ClusterServerAutoScale": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AvailabilityZones": {
"Fn::GetAZs": ""
},
"LaunchConfigurationName": {
"Ref": "N1ClusterServerLaunchConfig"
},
"MinSize": "2",
"MaxSize": "64",
"DesiredCapacity": {
"Ref": "ClusterSize"
},
"Tags": [
{
"Key": "Name",
"Value": {
"Ref": "AWS::StackName"
},
"PropagateAtLaunch": true
}
]
},
"Metadata": {
"AWS::CloudFormation::Designer": {
"id": "a715af00-ebba-4fab-a817-d5ee1986dfe7"
}
}
},
"N1ClusterServerLaunchConfig": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"ImageId": {
"Fn::FindInMap": [
"RegionMap",
{
"Ref": "AWS::Region"
},
"hvm"
]
},
"InstanceType": {
"Ref": "InstanceType"
},
"KeyName": {
"Ref": "KeyPair"
},
"SecurityGroups": [
{
"Ref": "N1ClusterSecurityGroup"
},
{
"Ref": "N1NodeSecurityGroup"
}
],
"IamInstanceProfile": {
"Ref": "IamInstanceProfile"
},
IAM
"AllowComputeFrom": {
"Description": "The net block (CIDR) that N1-COMPUTE is available to.",
"Default": "0.0.0.0/0",
"Type": "String"
},
"IamInstanceProfile": {
"Description": "The name of an IAM Profile which can access required S3 buckets and instances.",
"Default": "arn:aws:iam::247256189695:instance-profile/n1-compute-instance",
"Type": "String"
},
"IamInstanceProfileShort": {
"Description": "The last part of the name of an IAM Profile which can create instances.",
"Default": "n1-compute-instance",
"Type": "String"
},
ec2:RunInstances is required to use a Launch template