amazon-cloudformation

问题 I have a CloudFormation template that creates an auto scaling group (among other things). How can I give the auto scaling group a name in the template? The AWS docs do not mention anything (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html), and its possible to do if I create it trough the AWS website. (I need to give a group a name because I need to find this group from another script) EDIT: I've tried to add a tag called "Name", but it still does not

问题 I have create a cloudformation template that creates one SNS::Topic and bunch of other resources. Problem now is that when i try to update the stack, it fails with the following error "Update to resource type AWS::SNS::Topic is not supported" Stack Policy is: { "Statement" : [ { "Effect" : "Deny", "Action" : "Update:*", "Principal": "*", "Resource" : "*", "Condition" : { "StringEquals" : { "ResourceType" : ["AWS::SNS::Topic", "AWS::EC2::Subnet"] } } }, { "Effect" : "Allow", "Action" : "Update

问题 I want to use Cloudformation to create an S3 bucket that will trigger Lambda function whenever an S3 event occurs such as file creation, file deletion, etc. From my research, I have my AWS::Lambda::Function and AWS::S3::Bucket setup, AWSTemplateFormatVersion: '2010-09-09' Resources: HandleFileCreation: Type: "AWS::Lambda::Function" Properties: ... LambdaExecutionRole: Type: AWS::IAM::Role Properties: ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonS3FullAccess - arn:aws:iam::aws:policy

问题 I have this S3 Bucket and Policy that I am deploying to CloudFormation. Resources: ReportsBucket: Type: AWS::S3::Bucket BucketPolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: !Ref ReportsBucket PolicyDocument: Id: ReportPolicy Version: "2012-10-17" Statement: - Sid: ReportBucketPolicyDoc Effect: Allow Action: "s3:*" Principal: AWS: !Join ['', ["arn:aws:iam::", !Ref "AWS::AccountId", ":root"]] Resource: !Join ['', ['arn:aws:s3:::', !Ref S3Bucket, '/*']] It fails with, UPDATE_ROLLBACK_IN

问题 I have the following security group defined in my CloudFormation template: "APIInstanceSG": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Security Group for Application EC2 Instances, "VpcId": "vpc-10a75377", "Tags": [{ "Key": "Name", "Value": "APIInstanceSG" } }] } } I also have an Elastic Beanstalk environment defined containing the following inside OptionSettings: { "Namespace": "aws:autoscaling:launchconfiguration", "OptionName": "SecurityGroups", "Value": {

问题 I'm using CloudFormation to spin up some servers in an auto scaling group, and I want them all to use basic monitoring. I tried setting Monitoring to false in the AWS::AutoScaling::AutoScalingGroup properties as well as the AWS::AutoScaling::LaunchConfiguration , but the stack cannot start up; I see CREATE_FAILED with the error message: Encountered unsupported property Monitoring . 回答1: Just another day in the lovingly roguish world of almost-but-not-quite-consistant CFN template syntax. The

问题 When creating ECS infrastructure we describe our Task Definitions with CloudFormation. We want to be able to dynamically pass environment variables as a parameter to the template. According to the docs, Environment has a KeyValuePair type, but CloudFormation parameters do not have this type. We can not hardcode Environment variables to the template, because this template is used as a nested stack so environment variables will be dynamically passed inside it. The only possible way I see so far

问题 Is there a reliable way in boto3 to determine what CloudFormation stack an AWS resource belongs to? Or if it belongs to a stack at all? Say I have a DynamoDB table or an EC2 instance, how do I find out what stack it is a member of? The boto3 API for CloudFormation gets pretty vague at the resource level, or so it appears. Any help is much appreciated. 回答1: You can pass PhysicalResourceId of a resource to desribe_stack_resources and get the stack information if it belongs to a CF stack To find

问题 I'm trying to create the Cloud Formation Stack. The Stack was deployed correctly. Lambda function was created, but the code is not getting added as inline to the function. It says Your Lambda function "lambda_function" cannot be edited inline since the file name specified in the handler does not match a file name in your deployment package. Cloud Formation Code: LambdaFunction: Type: "AWS::Lambda::Function" Properties: Code: ZipFile: !Sub | import json def lambda_handler(event,context):

问题 AWS generates the ipv6 CIDR block for VPCs so its not possible to determine ahead of time. The generated CIDR block looks something like: 2a05:d018:84c:c500::/56 and is always size 56. When creating a subnet you have to specify a size 64 block using the full prefixed value. E.g. 2a05:d018:84c:c501::/64 . It's possible to look up the ipv6 CIDR blocks for a VPC in cloudformation, but this returns the full value, not just the prefix. To create a subnet we need to be able to append something 01::