How can I add information from a config file when processing a yaml-file with CloudFormationCreateReplaceChangeSetAction?

Issue

I have a pipeline with a source stage, build stage, and self-mutate stage. I’m trying to take an existing yaml file and prepare the project it’s associated with for deployment. The yaml file uses a config file for production and a different for testing, which is why the code below produces the following error: Parameters: [DatabaseNamespace, SecretsKmsKey] must have values (Service: AmazonCloudFormation; Status Code: 400; Error Code: ValidationError;

I’ve been looking at the documentation found here and I think I’m close to figuring this out if I can pass the parameters from the config file with one of the props available.

The fourth stage of the pipeline:

    pipeline.addStage({
      stageName: 'Test_Deploy',
      actions: [
        new CloudFormationCreateReplaceChangeSetAction({
          actionName: 'PrepareChanges',
          stackName: 'my-stack',
          changeSetName: 'StagedChangeSet',
          adminPermissions: true,
          templatePath: sourceOutput.atPath('cloudformation/cf-test.yaml'),
          runOrder: 1
        })
      ]
    })

Config file:

AppStackName=my-stack
AppDeployBucket=deploy-bucket
DatabaseNamespace=cf-test-database
SecretsKmsKey=secrets-kms-key

cf-test.yaml:

Parameters:
  DatabaseNamespace:
    Type: String
    Description: "DynamoDB tables namespace"

Globals:
  Function:
    Runtime: nodejs14.x
    MemorySize: 512
    Timeout: 60
    Environment:
      Variables:
        MY_DATABASE_NS: !Ref DatabaseNamespace

Resources:
  DynamoDbAccessPolicy:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      Description: Permissions to access application dynamodb tables
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: "Allow"
            Action:
              - "dynamodb:*Item"
              - "dynamodb:Query"
            Resource:
              - !Sub "arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${DatabaseNamespace}.*"

Solution

The solution to this problem was to use the parameter Overrides? prop (documentation found here).

Pipeline stage:

    pipeline.addStage({
      stageName: 'Test_Deploy',
      actions: [
        new CloudFormationCreateReplaceChangeSetAction({
          actionName: 'PrepareChanges',
          stackName: 'my-stack',
          changeSetName: 'StagedChangeSet',
          adminPermissions: true,
          templatePath: sourceOutput.atPath('cloudformation/cf-test.yaml'),
          parameterOverrides: {
            DatabaseNamespace: 'cf-test-database',
            SecretsKmsKey: 'secrets-kms-key'
          },
          runOrder: 1
        })
      ]
    })

Answered By – Sannitie

Answer Checked By – Clifford M. (AngularFixing Volunteer)

Leave a Reply

Your email address will not be published.