CodePipeline and CloudFormation paramters - amazon-web-services

I am using CodePipeline to deploy my SAM (lambda etc) application referencing https://docs.aws.amazon.com/lambda/latest/dg/build-pipeline.html.
The "issue" now is my CloudFormation has some parameters inside and CodePipeline requires that I set these. I could do so via parameter overrides
But is this the correct way? I actually only want it set once at the start. And I'd rather have users set it in CloudFormation and CodePipeline should follow those values.
This stack is already created, why isit that CodePipeline complains I need them set?

The input parameters are required by CloudFormation to update.
Template configuration is the recommended way to specify the input parameters. You could create a template file of input parameters for the customers to use.

Possible solution is to create custom Lambda functions which will be invoked from CodePipeline using Invoke action.
As a parameter to such Lambda you would specify CloudFormation stack name. Lambda then will load CloudFormation parameters from existing stack and create output from it (using appropriate AWS SDK). Such artifact will be used as an input to CloudFormation deployment.
Another solution is to create CodeBuild project which will do the same thing.
It's a bit complex but it seems that CodePipeline always needs full set of parameters unfortunately.

Related

Query external resources from CloudFormation (Like terraform's data)

I'm working with a CloudFormation template which is defining a lot of parameters for static values out of the scope of the template.
For example, the template is creating some EC2, and it has parameters for each VPC subnet. If this was Terraform, I would just remove all of these parameters and use data to fetch the information.
Is it possible to do that with CloudFormation?
Notice that I'm not talking about referencing another resource created within the same template, but about a resource that already exists in the account that could have been created by different means (manual, Terraform, CloudFormation, whatever...)
No, CloudFormation does not have any native ability to look up existing resources. You can, however, achieve this using a Cloudformation macro.
A CloudFormation macro leverages a lambda function, which you can implement with whatever logic you need (e.g. using boto3) so that it returns the value you're after. You can even pass parameters to it.
Once the macro has been created, you can then consume it in your existing template.
You can find a full example on how to implement a macro, and on how to consume it, here: https://stackoverflow.com/a/70475459/3390419

Lambda function calling Codepipeline and passing parameters. Possible?

Has anyone ever tried or have examples of a python based Lambda function where I call a specific codepipeline, but I want to pass it variables in such a way that these variables are used during the Codebuild process?
I typically put in env variables during the codebuild process so I want to affect these.
Using the start_pipeline_execution call from boto3 (or any other AWS SDK) it is not possible to pass parameters to CodePipeline, because it is not supported by the CodePipeline API. Maybe you will find a workaround here.

CDK synth not validating lambdas

I have a node CDK project with some python lambdas, I have put some code into the handler of the lambda that i have specified in my stack this being the execute function. I add some gibberish into the start of that function so it would fail or not be valid. I type cdk synth this still generates a template, shouldn't this do some validation on the lambdas, if not how do we validate these lambdas before deploying?
Thanks
From the AWS documentation:
The Toolkit provides the ability to convert one or more AWS CDK stacks
to AWS CloudFormation templates and related assets (a process called
synthesis) and to deploy your stacks to an AWS account.
The cdk synth does not do any additional validation on the underlying Cloudformation resources -- it simply converts the CDK code into Cloudformation templates.
You have to add in this functionality yourself before deployment. One way to achieve this could be running a local SAM test suite.

Add AWS CodePipeline action to existing pipeline via CloudFormation

I've made a CodePipeline pipline CloudFormation template and deployed it as a stack. I'd like to add an action to this existing pipeline via another CloudFormation stack.
From the documentation I can only see pipeline resources which would allow me to create a whole new stack, not edit an existing one by providing an ARN or something similar. There are also no granular resources that provide support for CodePipeline functionality such as actions. See URL below:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-codepipeline-pipeline.html
Does anyone know how I can achieve this? By the looks of it I'd say I have to update the template for the pipeline, adding the new action. Assuming this is the only way, how could achieve this from another CloudFormation stack?
So a template would be configured to add a new action in the pipeline template, and then trigger an update of the pipeline stack. I'm guessing I'd have to use a CloudFormation macro and keep the pipeline template stored in s3. I'd then take the template out of s3, add the action, save the change and then what? I've also considered how I might use nested stacks or the Import macro.
Thanks for any help!
#Marcin inspired me to this solutions. Thanks :)
Essentially I did this:
First I created a "Change" pipeline that took the stack template modified during the build stage, that I originally wanted to deploy across multiple stacks in a deploy action, and wrote it out to the path within an s3 bucket.
Second I created a "Deploy" pipeline that used the s3 path pointing to the output of the "Change" pipeline. This pipeline contains a deploy action that uses a SourceArtifact of the outputted template. This is essentially the deploy action I wanted in the "Change" pipeline.
I have now created a CFN template for the "Deploy" pipeline, allowing me to create any number of "Deploy" pipelines pointing to different stacks. When the "Change" pipeline is triggered it's output triggers all the "Deploy" pipelines. My approval and testing process goes into the "Change" pipeline to avoid spam and I can roll back no problem.

Create Resource in Bulk from Single CloudFormation Template with CodePipeline

I have to create multiple IAM users from a single cloudformation stack at once.
Since, Cloudformation doesn't support Loop. I have Created a Code Pipeline which deploys cloudformation template stored in AWS CodeCommit.
Can I use Parameter Override Feature of Code Pipeline to Create Multiple Users like giving parameter in list as:
{
"Username":["Bob","Alice","John"]
}
You're going to need an action between the CodeCommit and CloudFormation actions to generate a template that includes each IAM user resource (unless you plan to commit the expanded CloudFormation template). CodeBuild is probably your best bet to run some command that generates the CoudFormation template.
You might find CDK (https://github.com/awslabs/aws-cdk/) interesting for a use case like this. It will let you describe IAM users in a loop and then synthesize a CoudFormation temple. At the time of writing this answer it's in preview, so don't rely on it for production.
You should, but if you don't leave pre-existing ones in, I believe it will drop the previous ones. You could do a Custom resource tied to a Lambda Function, then your Lambda function could "not" drop the previous resources.