We Keep Coding

AWS Cloudformation Environment Variables for Codepipline Build Step

I've been trying to add a simple environment variable to a YAML cloudformation template. I pass in to the template as a parameter when creating whether it is "production" or "staging", and want to pass that on in the "Build" section of my codepipline.
- Name: "Build"
Actions:
- Name: "Build"
ActionTypeId:
Category: "Build"
Owner: "AWS"
Provider: "CodeBuild"
Version: "1"
Configuration:
ProjectName: !Ref CodeBuildProject
# EnvironmentVariables:
# - Name: "CURRENT_ENVIRONMENT"
# Type: PLAINTEXT
# Value: !Ref CodeEnvironment
# EnvironmentVariables: !Sub |
# "{\"name\":\"CURRENT_ENVIRONMENT\", \"type\": \"PLAINTEXT\" \"value\": \"${CodeEnvironment}\"}"
EnvironmentVariables: "{\"name\":\"CURRENT_ENVIRONMENT\", \"type\": \"PLAINTEXT\" \"value\": \"${CodeEnvironment}\"}"
InputArtifacts:
- Name: "SourceArtifact"
OutputArtifacts:
- Name: "secondary_artifact_name_1"
- Name: "secondary_artifact_name_2"
Region: !Ref AWS::Region
Namespace: "BuildVariables"
RunOrder: 1
`
I've tried a few different ways of passing in "EnvironmentVariables", but keep getting this error:
The configuration for the action 'Build' configurationKey 'EnvironmentVariables' does not match the expected format. The expected format is JSON array adhering to the following format: [{"name": "string", "type": "string", "value": "string"}] (Service: AWSCodePipeline; Status Code: 400; Error Code: InvalidActionDeclarationException; Request ID: fe7b8f6b-5410-48d2-b18f-f9377d1898cb; Proxy: null)
I've seen ways to do this in a json template, but having trouble doing it in a yaml template

The EnvironmentVariables should be JSON array, not a plain map. So it should be:
EnvironmentVariables: "[{\"name\":\"CURRENT_ENVIRONMENT\", \"type\": \"PLAINTEXT\" \"value\": \"${CodeEnvironment}\"}]"

Reference Secrets Manager Parameters to Secret String

Is there any way to reference parameters in SecretString field in Secrets Manager via CloudFormation?
The way I made the script, the !Ref parameter is a text and not a reference to the parameter.
AWSTemplateFormatVersion: 2010-09-09
Parameters:
Name:
Type: String
myuserparameter:
Type: String
mypasswordparameter:
Type: String
Resources:
SecretsManager:
Type: AWS::SecretsManager::Secret
Properties:
Name: !Ref Name
SecretString: '{"username":"!Ref myuserparameter,"password":"Ref mypasswordparameter"}'

this will work:
AWSTemplateFormatVersion: 2010-09-09
Parameters:
Name:
Type: String
myuserparameter:
Type: String
mypasswordparameter:
Type: String
Resources:
SecretsManager:
Type: AWS::SecretsManager::Secret
Properties:
Name: !Ref Name
SecretString: !Sub '{"username": "${myuserparameter}","password": "${mypasswordparameter}"}'

Json format error in cloud formation template

I'm getting the error below from my cloud formation template. It happens when using json and pure yaml.
error
Resource handler returned message: "Invalid request provided: JSON not well-formed. at Line: 13, Column: 10 (Service: Ssm, Status Code: 400,
template with json
AWSTemplateFormatVersion: "2010-09-09"
Description: "AWS CloudFormation Template for Response Plans"
Parameters:
Environment:
Type: String
Domain:
Type: String
Team:
Type: String
NotificationARN:
Type: AWS::SSM::Parameter::Value<String>
Default: /sandbox06/Topics/PolicyData/arn
Resources:
UpdateAliasResponsePlan:
Type: AWS::SSMIncidents::ResponsePlan
Properties:
Actions:
- SsmAutomation:
RoleArn: !Ref Role
DocumentName: UpdateAliasDocument
# ActionType: UpdateAlias
DisplayName: "UpdateLambdaAlias"
# Engagements:
# Engagements
IncidentTemplate:
Impact: 3
NotificationTargets:
- SnsTopicArn:
Ref: NotificationARN
Summary: "String"
Title: "String"
Name: "UpdateLambdaAlias"
Tags:
- Key: "Team"
Value: !Ref Team
- Key: "Domain"
Value: !Ref Domain
- Key: "Environment"
Value: !Ref Environment
UpdateAliasDocument:
Type: AWS::SSM::Document
Properties:
Content: |
{
"schemaVersion": "2.2",
"parameters": {
"Environment": { "type": "string"},
"Domain": { "type": "string"},
"Team": { "type": "string"},
"NotificationARN": { "type": "string", "default": "/sandbox06/Topics/PolicyData/arn"}
},
"mainSteps": [
{ "action": "aws:runShellScript",
"name": "runCommands",
"inputs": {
"runCommand": ["aws lambda update-functionconfiguration --function-name $FunctionArn --version $FunctionVersion"]
}
]
}
Role:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Path: /
Policies:
- PolicyName: UpdateAliasPolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- lambda:UpdateFunctionConfiguration
Resource:
- !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:${Environment}-*
template with yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: "AWS CloudFormation Template for Response Plans"
Parameters:
Environment:
Type: String
Domain:
Type: String
Team:
Type: String
NotificationARN:
Type: AWS::SSM::Parameter::Value<String>
Default: /sandbox06/Topics/PolicyData/arn
Resources:
UpdateAliasResponsePlan:
Type: AWS::SSMIncidents::ResponsePlan
Properties:
Actions:
- SsmAutomation:
RoleArn: !Ref Role
DocumentName: UpdateAliasDocument
# ActionType: UpdateAlias
DisplayName: "UpdateLambdaAlias"
# Engagements:
# Engagements
IncidentTemplate:
Impact: 3
NotificationTargets:
- SnsTopicArn:
Ref: NotificationARN
Summary: "String"
Title: "String"
Name: "UpdateLambdaAlias"
Tags:
- Key: "Team"
Value: !Ref Team
- Key: "Domain"
Value: !Ref Domain
- Key: "Environment"
Value: !Ref Environment
UpdateAliasDocument:
Type: AWS::SSM::Document
Properties:
Content:
schemaVersion: "2.2"
parameters:
- name: FunctionVersion
type: "String"
defaultValue: "1"
- name: FunctionArn
type: "String"
mainSteps:
- action: aws:runShellScript
name: "runCommand"
inputs:
runCommand: "aws lambda update-function-configuration --function-name $FunctionArn --version $FunctionVersion"
Role:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Path: /
Policies:
- PolicyName: UpdateAliasPolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- lambda:UpdateFunctionConfiguration
Resource:
- !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:${Environment}-*
Another YAML Version
AWSTemplateFormatVersion: "2010-09-09"
Description: "AWS CloudFormation Template for Response Plans"
Parameters:
Environment:
Type: String
Domain:
Type: String
Team:
Type: String
NotificationARN:
Type: AWS::SSM::Parameter::Value<String>
Default: /sandbox06/Topics/PolicyData/arn
Resources:
UpdateAliasResponsePlan:
Type: AWS::SSMIncidents::ResponsePlan
Properties:
Actions:
- SsmAutomation:
RoleArn: !Ref Role
DocumentName: UpdateAliasDocument
# ActionType: UpdateAlias
DisplayName: "UpdateLambdaAlias"
# Engagements:
# Engagements
IncidentTemplate:
Impact: 3
NotificationTargets:
- SnsTopicArn:
Ref: NotificationARN
Summary: "String"
Title: "String"
Name: "UpdateLambdaAlias"
Tags:
- Key: "Team"
Value: !Ref Team
- Key: "Domain"
Value: !Ref Domain
- Key: "Environment"
Value: !Ref Environment
UpdateAliasDocument:
Type: AWS::SSM::Document
Properties:
Content:
schemaVersion: "2.2"
parameters:
- name: FunctionVersion
type: "String"
defaultValue: "1"
- name: FunctionName
type: "String"
mainSteps:
- name: UpdateLambdaAlias
action: aws:executeAWSApi
inputs:
Service: "lambda"
Api: UpdateFunctionConfiguration
FunctionName: $FunctionName
FunctionVersion: $FunctionVersion
Role:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Path: /
Policies:
- PolicyName: UpdateAliasPolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- lambda:UpdateFunctionConfiguration
Resource:
- !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:${Environment}-*

You're getting the error when it tries to resolve the SSM parameters. It is a 400 error, so it may be that you don't have permission to retrieve the parameter from SSM. In this case it is looking for /sandbox06/Topics/PolicyData/arn so verify that the account you are using to create the stack has permission to retrieve that parameter. This article shows the permissions needed.
If so, also verify that the value of that parameter in SSM would result in a valid template if you pasted it into your template. Verify that the SSM parameter is of type String, as AWS::SSM::Parameter::Value<String> is
A Systems Manager parameter whose value is a string. This corresponds
to the String parameter type in Parameter Store.
That link also mentions the following and gives an alternative if you are want to fetch a secure string:
AWS CloudFormation does not support defining template parameters as
SecureString Systems Manager parameter types.
Also, it may be that you need to format the default to not start with a slash. This page shows an example that does not start with a slash, or for hierarchical parameters that do begin with a slash, it may need to be in single quotes (Example 2 shows it that way)

The problem was with the way I was defining the parameters. I needed to remove the name key.
replace
UpdateAliasDocument:
Type: AWS::SSM::Document
Properties:
Content:
schemaVersion: "2.2"
parameters:
- name: FunctionVersion
type: "String"
defaultValue: "1"
- name: FunctionName
type: "String"
mainSteps:
- name: UpdateLambdaAlias
action: aws:executeAWSApi
inputs:
Service: "lambda"
Api: UpdateFunctionConfiguration
FunctionName: $FunctionName
FunctionVersion: $FunctionVersion
with
UpdateAliasDocument:
Type: AWS::SSM::Document
Properties:
Content:
schemaVersion: "2.2"
parameters:
FunctionVersion
type: "String"
defaultValue: "1"
FunctionName
type: "String"
mainSteps:
- name: UpdateLambdaAlias
action: aws:executeAWSApi
inputs:
Service: "lambda"
Api: UpdateFunctionConfiguration
FunctionName: $FunctionName
FunctionVersion: $FunctionVersion

AWS cloud formation glue table reusable template

I have a lot of resources type AWS::Glue::Table in my aws templates. And I do not wont to copy-paste snippet of code from template to template. So idea is to create a reusable nested stack that accepts the params. I did it but one problem is still remaining. I do not know how I can pass columns via params to this stack [{Type: string, Name: type}, {Type: string, Name: timeLogged}] - it is an array of objects. But params accepts an only string type.
I tried to do something like this:
!Split [ "," , "{Type: string, Name: type}, {Type: string, Name: timeLogged}"] - but its did not helped
AWSTemplateFormatVersion: 2010-09-09
Description: The AWS CloudFormation template for creating a Glue table
Parameters:
DestinationBucketName:
Type: String
Description: Destination Regional Bucket Name
DestinationBucketPrefix:
Type: String
Description: Destination Regional Bucket Prefix
DatabaseName:
Type: String
Description: Database for Kinesis Analytics
TableName:
Type: String
Description: Table for Kinesis Analytics
InputFormat:
Type: String
Description: Input format for data
OutputFormat:
Type: String
Description: Output format for data
SerializationLibrary:
Type: String
Description: Serialization library for converting data
Resources:
LogsCollectionTable:
Type: AWS::Glue::Table
Properties:
DatabaseName: !Ref DatabaseName
CatalogId: !Ref AWS::AccountId
TableInput:
Name: !Ref TableName
Description: Table for storing data
TableType: EXTERNAL_TABLE
StorageDescriptor:
Columns: [{Type: string, Name: type}, {Type: string, Name: timeLogged}]
Location: !Sub s3://${DestinationBucketName}/${DestinationBucketPrefix}
InputFormat: !Ref InputFormat
OutputFormat: !Ref OutputFormat
SerdeInfo:
SerializationLibrary: !Ref SerializationLibrary

Short answer: You currently can not. You would need to pass every parameter manually.
Source

How to put Tags on API Gateway V2 Resources using a YAML CloudFormation Template

How to put Tags on the following Resources using a CloudFormation Template:
AWS::ApiGatewayV2::Api
AWS::ApiGatewayV2::DomainName
AWS::ApiGatewayV2::Stage
For a generic AWS::ApiGatewayV2::Api Resource I have tried the following in the Resources section of the CloudFormation Template:
MyApi:
Type: 'AWS::ApiGatewayV2::Api'
Properties:
Name: MyApi
ProtocolType: WEBSOCKET
RouteSelectionExpression: $request.body.action
ApiKeySelectionExpression: $request.header.x-api-key
Tags:
- Key: TagKey1
Value: MyFirstTag
- Key: TagKey2
Value: !Ref MySecondTagAsParameter
In the CloudFormation Events view of Amazon Management Console, The Resource failed with the following reason:
Property validation failure: [Value of property {/Tags} does not match type {Map}]
I looked up the Type, which appeared to be Json in the documentation:
Tags
The collection of tags. Each tag element is associated with a given resource.
Required: No
Type: Json
Update requires: No interruption
Required: No
Which made me try the following:
Tags: !Sub "{ \"TagKey1\" : \"MyFirstTag\", \"TagKey2\" : \"${MySecondTagAsParameter}\"}"
That also did not work, prompting me to try YAML literals:
Tags: !Sub |
{
"TagKey1": "MyFirstTag",
"TagKey2": "${MySecondTagAsParameter}"
}
That did not work either.

The following did the trick:
Tags:
TagKey1: MyFirstTag
TagKey2: !Ref MySecondTagAsParameter

You were very close to the json-like solution:
Tags: { "TagKey1": "MyFirstTag",
"TagKey2": !Ref MySecondTagAsParameter}

Please try like this:
ApiGateway:
Type: AWS::ApiGateway::RestApi
Properties:
Name:GatewayName
EndpointConfiguration:
Types:
- REGIONAL
Tags:
- Key: Project
Value: ProjectName

For me the following syntax worked:
Tags:
-
Key: "keyname1"
Value: "value1"
-
Key: "keyname2"
Value: "value2"
Source: AWS Documentation