How to use AWS principal in reference parameter in cloudformation - json

I have to automate this line "AWS": "arn:aws:iam::684821578293:user/jenkins" on my cloudformation template but while using join it will not working can somebody help me in this.
Working template is below you can use following snap to parameters list
StackName : test
CreateCodeDeployRole : false
CreateECSRole: false
CreateJenkinsRole: true
CustomerPrefix : kfc ( anyname)
Environment : dt
GroupName : sogetiadmin
RoleName: Jenkins_Tool_Access
UserName: jenkins
https://s3.amazonaws.com/linuxblogger-k8s-state/iamcreation_working.json
Problem :
But once i update this entry on working template from "AWS": "arn:aws:iam::684821578293:user/admin" to "AWS": "arn:aws:iam::684821578293:user/jenkins" it will not working.
I try with join function with Jenkins user but it won't working you can view this json from below
https://s3.amazonaws.com/linuxblogger-k8s-state/iamcreation_not_working.json


{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "IAM groups and account-wide role configurations",
"Parameters" : {
"CustomerPrefix" : {
"Type" : "String",
"Default" : "testcust",
"Description" : "Enter Customer Prefix"
},
"Environment" : {
"Type" : "String",
"Default" : "dt",
"Description" : "Enter Environment (Input Format - d=development, t=test, a=acceptance, p=production, dt=devtest, ap=acceptanceproduction)",
"AllowedValues" : [
"d",
"t",
"a",
"p",
"dt",
"ap"
]
},
"CreateCodeDeployRole" : {
"Type" : "String",
"Default" : "true",
"Description" : "Whether a role should be created for use with AWS CodeDeploy",
"AllowedValues" : ["true", "false"],
"ConstraintDescription" : "Must be true or false."
},
"CreateECSRole" : {
"Type" : "String",
"Default" : "true",
"Description" : "Whether a role should be created for use with AWS EC2 Container Service",
"AllowedValues" : ["true", "false"],
"ConstraintDescription" : "Must be true or false."
},
"CreateJenkinsRole" : {
"Type" : "String",
"Default" : "true",
"Description" : "Whether a role should be created for use with Aws Jenkins Service",
"AllowedValues" : ["true", "false"],
"ConstraintDescription" : "Must be true or false."
},
"UserName" : {
"Type" : "String",
"Default" : "jenkins",
"Description" : "Please Provide Name of the IAM user"
},
"RoleName" : {
"Type" : "String",
"Default" : "Jenkins_Tool_Access",
"Description" : "Please Provide Name of the IAM Role"
},
"GroupName" : {
"Type" : "String",
"Default" : "sogetiadmin",
"Description" : "Please Provide Name of the IAM Role"
}
},
"Conditions" :{
"IsDev" : {
"Fn::Equals" : [ { "Ref" : "Environment" }, "dev" ]
},
"IsQet" : {
"Fn::Equals" : [ { "Ref" : "Environment" }, "qet" ]
},
"IsStg" : {
"Fn::Equals" : [ { "Ref" : "Environment" }, "stg" ]
},
"IsPrd" : {
"Fn::Equals" : [ { "Ref" : "Environment" }, "prd" ]
},
"CreateCodeDeployRole" : {
"Fn::Equals" : [ { "Ref" : "CreateCodeDeployRole" }, "true" ]
},
"CreateECSRole" : {
"Fn::Equals" : [ { "Ref" : "CreateECSRole" }, "true" ]
},
"CreateJenkinsRole" : {
"Fn::Equals" : [ { "Ref" : "CreateJenkinsRole" }, "true" ]
}
},
"Resources" : {
"AWSCodeDeployRole" : {
"Type" : "AWS::IAM::Role",
"Condition" : "CreateCodeDeployRole",
"Properties" : {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": {
"Fn::Join": [
".",
[
"codedeploy",
{ "Ref" : "AWS::Region" },
"amazonaws.com"
]
]
}
},
"Action": "sts:AssumeRole"
}
]
},
"Policies" : [
{
"PolicyName" : "AWSCodeDeployPolicy",
"PolicyDocument" : {
"Statement": [
{
"Action": [
"autoscaling:PutLifecycleHook",
"autoscaling:DeleteLifecycleHook",
"autoscaling:RecordLifecycleActionHeartbeat",
"autoscaling:CompleteLifecycleAction",
"autoscaling:DescribeAutoscalingGroups",
"autoscaling:PutInstanceInStandby",
"autoscaling:PutInstanceInService",
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:Get*",
"s3:List*"
],
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"-",
[
"arn:aws:s3:::deployments",
{ "Ref" : "CustomerPrefix" },
{ "Ref" : "Environment" },
"/artifacts/projects/*"
]
]
}
}
]
}
}
]
}
},
"JenkinsUser" : {
"Type" : "AWS::IAM::User",
"Condition" : "CreateJenkinsRole",
"Properties" : {
"UserName" : { "Ref" : "UserName" },
"ManagedPolicyArns":
[
"arn:aws:iam::aws:policy/AdministratorAccess"
]
}
},
"AWSJenkinsServiceRole" : {
"Type": "AWS::IAM::Role",
"Condition" : "CreateJenkinsRole",
"DependsOn" : "JenkinsUser",
"Properties" : {
"RoleName": { "Ref" : "RoleName" },
"AssumeRolePolicyDocument": {
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "cloudformation.amazonaws.com"
},
"Action": "sts:AssumeRole"
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": { "Fn::Join" : [ "/", [ "arn:aws:iam::684821578293:user", { "Ref" : "UserName" } ]]},
"Service": "cloudformation.amazonaws.com"
},
"Action": "sts:AssumeRole"
}]
},
"ManagedPolicyArns":
[
"arn:aws:iam::aws:policy/AdministratorAccess"
]
}
},
"JenkinsUserAccessKey" : {
"Type" : "AWS::IAM::AccessKey",
"Properties" : {
"UserName" : { "Ref" : "JenkinsUser" }
}
},
"ServiceAccountsGroup" : {
"Type": "AWS::IAM::Group",
"Properties" : {
"GroupName" : { "Ref" : "GroupName" }
}
},
"UserToGroupAddition" : {
"Type": "AWS::IAM::UserToGroupAddition",
"Properties" : {
"GroupName" : { "Ref" : "ServiceAccountsGroup" },
"Users" : [ { "Ref" : "UserName" } ]
}
}
},
"Outputs" : {
"JenkinsUserAccessKey" : {
"Description" : "The access key for the Jenkins user",
"Value" : { "Ref" : "JenkinsUserAccessKey" }
},
"JenkinsUserSecret" : {
"Description" : "The secret key for the Jenkins user",
"Value" : { "Fn::GetAtt" : [ "JenkinsUserAccessKey", "SecretAccessKey" ] }
}
}
}

Related

Swagger json, block "definitions" - different required fields in specific methods

I have a simple swagger.json file, Product rest api with 2 methods: post (add new product) and put (update) and I want to define "name", "price" fields of Product definition as required for POST method but not for a PUT method.
How can i do that without code duplication?
There is my swagger.json file
{
"paths" : {
"/products" : {
"post" : {
"summary" : "Add a new product",
"operationId" : "addProduct",
"consumes" : [ "application/json" ],
"produces" : [ "application/json" ],
"parameters" : [ {
"in" : "body",
"name" : "data",
"description" : "Product object that needs to be added to the store",
"required" : true,
"schema" : {
"$ref" : "#/definitions/Product",
"required": ["name", "price"] // <-------- not working
}
} ]
},
},
"/products/{id}" : {
"put" : {
"summary" : "Update a product",
"operationId" : "updateProduct",
"consumes" : [ "application/json", "multipart/form-data" ],
"produces" : [ "application/json" ],
"parameters" : [
{
"in" : "path",
"name" : "id",
"description" : "Product id",
"required" : true,
"type": "integer",
"format": "uint"
},
{
"in" : "body",
"name" : "data",
"description" : "Product data for update",
"required" : true,
"schema" : {
"$ref" : "#/definitions/Product"
}
}
]
}
}
},
"definitions" : {
"Product": {
"type": "object",
"required": ["name"],
"properties": {
"name" : {
"type" : "string"
},
"price": {
"type": "number",
"format": "float"
}
}
}
}
}

AWS Cloudformation Template Error with EC2 Instance Types

I am trying to enable Spot Instance option on my CloudFormation template that I then ingest into AWS Service Catalog.
I am getting an error regarding my MarketType parameter specifically for the InstanceMarketOptions Parameter and can't seem to figure out what the issue is, as the parameter is right out of the AWS Documentation.
Any direction would be great. Thank you
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "Creates an EC2 instance running the Custom DATA Ubuntu Image",
"Parameters" : {
"KeyName": {
"Description" : "Name of an existing EC2 key pair for SSH access to the EC2 instance.",
"Type": "AWS::EC2::KeyPair::KeyName"
},
"SubnetId": {
"Type" : "String",
"Default" : "subnet-0b53e6d08c86dc68d",
"AllowedValues": ["subnet-0b53e6d08c86dc68d"],
"Description" : "SubnetId of an existing subnet in your Virtual Private Cloud (VPC)"
},
"SecurityGroupId": {
"Type": "String",
"Default": "sg-040b93c603129931f",
"Description":"The SecurityGroupId of an existing EC2 SecurityGroup in your Virtual Private Cloud (VPC)"
},
"InstanceType" : {
"Description" : "EC2 instance type.",
"Type" : "String",
"Default" : "m5.large",
"AllowedValues" : [ "m5.large","m5.xlarge","m5.2xlarge"," m5.4xlarge","m5.8xlarge","m5.12xlarge","m5.16xlarge","p2.xlarge"]
},
"InstanceMarketOptions" : {
"Description" : "EC2 Spot Instance",
"MarketType" : "spot"
},
"SSHLocation" : {
"Description" : "The IP address range that can SSH to the EC2 instance.",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "10.0.0.0/8",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "Must be a valid IP CIDR range of the form x.x.x.x/x."
}
},
"Metadata" : {
"AWS::CloudFormation::Interface" : {
"ParameterGroups" : [{
"Label" : {"default": "Instance configuration"},
"Parameters" : ["InstanceType", "MarketType"]
},{
"Label" : {"default": "Security configuration"},
"Parameters" : ["KeyName", "SSHLocation"]
}],
"ParameterLabels" : {
"InstanceType": {"default": "Server size:"},
"KeyName": {"default": "Key pair:"},
"SSHLocation": {"default": "CIDR range:"},
"MarketType": {"default": "Spot:"}
}
}
},
"Mappings" : {
"AWSRegionArch2AMI" : {
"us-east-1" : { "HVM64" : "ami-xxxxxxxxxxxx" }
}
},
"Resources" : {
"EC2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"InstanceType" : { "Ref" : "InstanceType" },
"SecurityGroupIds" : [ { "Ref" : "SecurityGroupId" } ],
"KeyName" : { "Ref" : "KeyName" },
"MarketType" : {"Ref" : "InstanceMarketOptions" },
"SubnetId" : { "Ref" : "SubnetId" },
"ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" }, "HVM64" ] }
}
}
},
"Outputs" : {
"PrivateDNSName" : {
"Description" : "Private DNS name of the new EC2 instance",
"Value" : { "Fn::GetAtt" : [ "EC2Instance", "PrivateDnsName" ] }
},
"PrivateIPAddress" : {
"Description" : "Private IP address of the new EC2 instance",
"Value" : { "Fn::GetAtt" : [ "EC2Instance", "PrivateIp" ] }
}
}
}

MarketType is not a property you can set for AWS::EC2::Instance
The closest thing to what I think you are looking for is AWS::EC2::LaunchTemplate LaunchTemplateData with InstanceMarketOptions.

Eclipse: Autoformat JSON file like AWS Cloudformation Template with Json editor plugin

I am trying to figure out how to autoformat JSON files in the same manner as standard AWS template. If you run a template through the AWS toolkit or online designer, the format is very readable. Everything I've tried in the JSON Editor ends up looking like crap, but I see tons of templates in json format online that look exactly like the amazon format. I've tried using the AWS toolkit, but that only recognizes files named ".template. Is there a different plugin, or custom settings I should be inputing?
Thanks everyone!
Example (JSON):
{
"AWSTemplateFormatVersion" : "2010-09-09", "Parameters" : {
"LogRetentionTime" : {
"Type" : "Number", "Default" : 90, "Description" : "Flow log retention time in days", "AllowedValues" : [ 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653 ]
}
}, "Resources" : {
"VpcFlowLog" : {
"Type" : "Custom::CreateVpcFlowLogs", "Properties" : {
"ServiceToken" : {
"Ref" : "CreateVpcFlowLogLambdaFunction"
}, "Region" : {
"Ref" : "AWS::Region"
}, "VpcId" : {
"Ref" : "Vpc"
}, "LogGroupName" : {
"Ref" : "VpcLogGroup"
}, "DeliverLogsPermissionArn" : {
"Fn::GetAtt" : [ "FlowLogsRole", "Arn" ]
}
}, "DependsOn" : [ ]
}, "FlowLogsRole" : {
"Type" : "AWS::IAM::Role", "Properties" : {
"AssumeRolePolicyDocument" : {
"Version" : "2012-10-17", "Statement" : [ {
"Effect" : "Allow", "Principal" : {
"Service" : "vpc-flow-logs.amazonaws.com"
}, "Action" : "sts:AssumeRole"
} ]
}, "Policies" : [ {
"PolicyName" : "root", "PolicyDocument" : {
"Version" : "2012-10-17", "Statement" : [ {
"Effect" : "Allow", "Action" : [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogGroups", "logs:DescribeLogStreams" ], "Resource" : "arn:aws:logs:*:*:*"
} ]
}
} ]
}
}, "VpcLogGroup" : {
"Type" : "AWS::Logs::LogGroup", "Properties" : {
"RetentionInDays" : {
"Ref" : "LogRetentionTime"
}
}, "DependsOn" : [ ]
}
}, "Outputs" : {
"VpcFlowLog" : {
"Description" : "Flog log id", "Value" : {
"Fn::GetAtt" : [ "VpcFlowLog", "Id" ]
}
}
}
}
Example (AWS):
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"LogRetentionTime": {
"Type": "Number",
"Default": 90,
"Description": "Flow log retention time in days",
"AllowedValues": [1,3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653]
}
},
"Resources": {
"VpcFlowLog": {
"Type": "Custom::CreateVpcFlowLogs",
"Properties": {
"ServiceToken": { "Ref" : "CreateVpcFlowLogLambdaFunction" },
"Region": { "Ref": "AWS::Region" },
"VpcId": {
"Ref": "Vpc"
},
"LogGroupName": {
"Ref": "VpcLogGroup"
},
"DeliverLogsPermissionArn": {"Fn::GetAtt" : ["FlowLogsRole", "Arn"] }
},
"DependsOn": []
},
"FlowLogsRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "vpc-flow-logs.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
},
"Policies": [
{
"PolicyName": "root",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}
}
]
}
},
"VpcLogGroup": {
"Type": "AWS::Logs::LogGroup",
"Properties": {
"RetentionInDays": { "Ref" : "LogRetentionTime" }
},
"DependsOn": []
}
},
"Outputs": {
"VpcFlowLog": {
"Description": "Flog log id",
"Value": {
"Fn::GetAtt": [
"VpcFlowLog",
"Id"
]
}
}
}
}

Visual Studio formats them perfectly if you drop manually drop a CRLF into the end of the file it bada booms them into the perfect format.

opsworks parameters and resources in the cloudformation template

I'm working on a cloudformation template that has many parameters, like the ID of the elastic file system and the DNS of the MountTarget. I want to retreive these parameters from the existing resources, but if they are not already created I want to create them in the template :
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "AWS CloudFormation Template : Stack OpsWorks Slave pour deployer les instances script",
"Mappings": {
"Region2Principal": {
"us-east-1": {
"EC2Principal": "ec2.amazonaws.com",
"OpsWorksPrincipal": "opsworks.amazonaws.com"
},
"us-west-2": {
"EC2Principal": "ec2.amazonaws.com",
"OpsWorksPrincipal": "opsworks.amazonaws.com"
},
"us-west-1": {
"EC2Principal": "ec2.amazonaws.com",
"OpsWorksPrincipal": "opsworks.amazonaws.com"
},
"eu-west-1": {
"EC2Principal": "ec2.amazonaws.com",
"OpsWorksPrincipal": "opsworks.amazonaws.com"
}
},
"AWSInstanceType2Arch" : {
"t1.micro" : { "Arch" : "PV64" },
"t2.micro" : { "Arch" : "HVM64" },
"m1.small" : { "Arch" : "PV64" },
"m1.large" : { "Arch" : "PV64" },
"m4.large" : { "Arch" : "HVM64" },
"m4.xlarge" : { "Arch" : "HVM64" },
"m4.2xlarge" : { "Arch" : "HVM64" },
"m4.4xlarge" : { "Arch" : "HVM64" },
"m4.10xlarge" : { "Arch" : "HVM64" },
"m4.16xlarge" : { "Arch" : "HVM64" },
"c3.large" : { "Arch" : "HVM64" },
"c3.xlarge" : { "Arch" : "HVM64" },
"c3.2xlarge" : { "Arch" : "HVM64" },
"c3.4xlarge" : { "Arch" : "HVM64" },
"c3.8xlarge" : { "Arch" : "HVM64" },
"c4.large" : { "Arch" : "HVM64" },
"c4.xlarge" : { "Arch" : "HVM64" },
"c4.2xlarge" : { "Arch" : "HVM64" },
"c4.4xlarge" : { "Arch" : "HVM64" },
"c4.8xlarge" : { "Arch" : "HVM64" }
},
"AWSRegionArch2AMI" : {
"us-east-1" : { "PV64" : "ami-5fb8c835", "HVM64" : "ami-60b6c60a" },
"us-west-1" : { "PV64" : "ami-56ea8636", "HVM64" : "ami-d5ea86b5" },
"eu-west-1" : { "PV64" : "ami-95e33ce6", "HVM64" : "ami-bff32ccc" },
"us-west-2" : { "PV64" : "ami-d93622b8", "HVM64" : "ami-f0091d91" }
}
},
"Parameters": {
"OpsWorksStackColor": {
"Description": "RGB Color to use for OpsWorks Stack",
"Type": "String",
"Default": "rgb(38, 146, 168)"
},
"Region" : {
"Type":"String",
"Description": "Region location of the template resources",
"Default": "eu-west-1",
"AllowedValues" : [ "us-east-1", "us-west-1", "us-west-2", "eu-west-1" ]
},
"SecurityGroupIds": {
"Description": "Security groups that can be used to access the EC2 instances, do not select more than 5 SG",
"Type": "List<AWS::EC2::SecurityGroup::Id>",
"ConstraintDescription": "must be list of EC2 security group ids"
},
"VpcId": {
"Type": "AWS::EC2::VPC::Id",
"Description": "VPC associated with the provided subnets",
"Default": "vpc-69e3320c",
"ConstraintDescription": "must be an existing VPC ID"
},
"SubnetId": {
"Type": "String",
"Default": "subnet-6820eb31",
"ConstraintDescription": "must be an existing subnet ID"
},
"InstanceType": {
"Type": "String",
"Default": "c3.large",
"AllowedValues" : ["t2.micro", "m1.small", "m1.large","m4.large","m4.xlarge","m4.2xlarge","m4.4xlarge","m4.10xlarge","m4.16xlarge","c4.large" , "c4.xlarge" ,"c4.2xlarge" , "c4.4xlarge","c4.8xlarge" , "c3.large" , "c3.xlarge", "c3.2xlarge", "c3.4xlarge" ,"c3.8xlarge"],
"ConstraintDescription": "must be a valid EC2 instance type"
},
"KeyPairName": {
"Type": "AWS::EC2::KeyPair::KeyName",
"Default": "test-generic-ec2",
"ConstraintDescription": "must be the name of an existing EC2 KeyPair"
},
"CookbookS3" : {
"Type": "String",
"Default": "https://s3-eu-west-1.amazonaws.com/mybucket.test.cookbooks/cookbook-v1.tar.gz",
"ConstraintDescription": "the Url to the cookbook"
},
"CookbookS3AccessID": {
"Type": "String",
"ConstraintDescription": "username to the appropriate IAM access key ID"
},
"CookbookS3AccessKey": {
"Type": "String",
"NoEcho" : "true",
"ConstraintDescription": "password to the appropriate IAM secret access key"
},
"MountPoint" : {
"Description" : "The Linux mount point for the EFS volume",
"Type": "String",
"MinLength": "1",
"Default": "efs-file-appli-tmp"
},
"MountPointDNS" : {
"Description" : "Mount target DNS name",
"Type" : "String",
"Default" : "eu-west-1a.fs-c2388dc0b.efs.eu-west-1.amazonaws.com"
},
"FileSystem" : {
"Description" :"The Id of the FileSystem",
"Type": "String",
"Default": "fs-c2388dc0b"
},
"NewRelicLicence" : {
"Description": "The licence key of newrelic",
"Type": "String"
},
"Environnement" : {
"Description": "The Environnement variable ",
"Type": "String",
"Default": "test",
"AllowedValues" : ["dev", "test", "int", "prod"]
}
},
"Conditions" : {
"CreateProdResources" : { "Fn::Not" : [{ "Fn::Equals" : [ {"Ref" : "Environnement"},"test" ] }] }
},
"Resources": {
"MyStack": {
"Type": "AWS::OpsWorks::Stack",
"Properties": {
"AgentVersion" : "LATEST",
"Name": { "Ref": "AWS::StackName" },
"Attributes": { "Color": { "Ref": "OpsWorksStackColor" } },
"ChefConfiguration": {},
"ConfigurationManager": { "Name": "Chef", "Version": "12" },
"CustomCookbooksSource": {
"Type": "s3",
"Password" : { "Ref": "CookbookS3AccessKey" },
"Username" : { "Ref": "CookbookS3AccessID" },
"Url": { "Ref": "CookbookS3" }
},
"CustomJson": {
"mount" : { "mountdir" : {
"default" : { "dirname" : { "Ref" : "MountPoint" } } }
},
"mountadd" : { "mountdns" : {
"default" : { "mdns" : { "Ref" : "MountPointDNS" }}}
}
},
"DefaultInstanceProfileArn": { "Fn::GetAtt": [ "OpsWorksInstanceProfile","Arn" ] },
"DefaultOs": "Ubuntu 14.04 LTS",
"DefaultRootDeviceType": "ebs",
"DefaultSshKeyName": { "Ref": "KeyPairName" },
"DefaultSubnetId" : {"Ref" : "SubnetId" },
"ServiceRoleArn": { "Fn::GetAtt": ["OpsWorksServiceRole", "Arn"] },
"UseCustomCookbooks": true,
"UseOpsworksSecurityGroups" : true,
"VpcId" : { "Ref" : "VpcId" }
}
},
"MyLayer": {
"Type": "AWS::OpsWorks::Layer",
"DependsOn" : "OpsWorksServiceRole",
"Properties": {
"AutoAssignElasticIps" : false,
"AutoAssignPublicIps" : true,
"CustomRecipes" : {
"Setup" : ["cassandra-php-driver::setup","awscli::setup","crontab::setup","prometheus-server::setup","awslogs::setup","newrelic::php_agent","settings::setup"],
"Configure" : ["cassandra-php-driver::configure","security::configure","settings::default"],
"Deploy": ["imports::deploy"]
},
"CustomSecurityGroupIds" : { "Ref" : "SecurityGroupIds" },
"EnableAutoHealing" : true,
"InstallUpdatesOnBoot": false,
"LifecycleEventConfiguration": {
"ShutdownEventConfiguration": {
"DelayUntilElbConnectionsDrained": false,
"ExecutionTimeout": 120 }
},
"Name": "script-node",
"Shortname" : "node",
"StackId": { "Ref": "MyStack" },
"Type": "custom",
"UseEbsOptimizedInstances": true,
"VolumeConfigurations": [ {
"Iops": 10000,
"MountPoint": "/dev/sda1",
"NumberOfDisks": 1,
"Size": 20,
"VolumeType": "gp2"
}]
}
},
"OpsWorksServiceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version" : "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": { "Service": [ { "Fn::FindInMap": [ "Region2Principal",{ "Ref": "AWS::Region" },"OpsWorksPrincipal" ] } ] },
"Action" : [ "sts:AssumeRole" ]
} ]
},
"Path": "/",
"Policies": [ {
"PolicyName": "opsworks-service",
"PolicyDocument": {
"Version" : "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Action": "*",
"Resource": "*"
} ]
}
} ]
}
},
"OpsWorksInstanceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version" : "2012-10-17",
"Statement": [ {
"Effect": "Allow",
"Principal": { "Service" : [ { "Fn::FindInMap": [ "Region2Principal", { "Ref": "AWS::Region" },"EC2Principal" ] } ] },
"Action" : [ "sts:AssumeRole" ]
}]
},
"Path": "/",
"Policies": [{
"PolicyName": "aws-opsworks-instance",
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}]
}
}]
}
},
"OpsWorksInstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [ { "Ref": "OpsWorksInstanceRole" } ]
}
},
"MyInstance": {
"Type": "AWS::OpsWorks::Instance",
"Properties": {
"Hostname": "Script",
"RootDeviceType": "ebs",
"StackId": {"Ref": "MyStack"},
"LayerIds": [{"Ref": "MyLayer"}],
"InstanceType": {"Ref" : "InstanceType"}
}
},
"MyApp": {
"Type": "AWS::OpsWorks::App",
"Properties": {
"AppSource" : {
"Type" : "git",
"Url" : "git://github.com:globlW/My-imports.git",
"Revision" : "develop"
},
"Description": "Dataimport and connectors",
"Name" : "app-Imports",
"Shortname" : "app_imports",
"StackId" : {"Ref": "MyStack"},
"Type" : "other"
}
},
"MyFileSystem" : {
"Type" : "AWS::EFS::FileSystem",
"Condition" : "CreateProdResources",
"Properties" : {
"FileSystemTags" : [{
"Key" : "Name",
"Value" : {"Ref" : "MountPoint"}
}]
}
},
"MountTarget": {
"Type": "AWS::EFS::MountTarget",
"Condition" : "CreateProdResources",
"Properties": {
"FileSystemId": { "Ref": "MyFileSystem" },
"SubnetId": { "Ref": "SubnetId" },
"SecurityGroups": [ { "Ref": "SecurityGroupIds" } ]
}
}
}
}
As you see, I use often the { "Ref" : "FileSystem" } , { "Ref" : "MountPointDNS" } and { "Ref" : "MountPoint" }, I specially need them in the CustomJson. The problem is how to link the parameters with the recent created resources and how to name them ? can I give the same name so that I can always get a value to customjson ?
I hope my issue is clear.
Thank you

It is possible to conditionally use an existing resource using Condition Functions. See the Conditionally use an existing resource example in the documentation, which demonstrates the following pattern:
Parameters:
ExistingResource:
Description: An existing resource (optional).
Default: NONE
Type: String
Conditions:
CreateNewResource: !Equals [!Ref ExistingResource, NONE]
Resources:
NewResource:
Condition: CreateNewResource
Type: # Resource type
Properties: # Resource properties
Outputs:
ResourceId:
Description: Reference to either a newly-created or existing resource.
Value: !If [CreateNewResource, !Ref NewResource, !Ref ExistingResource]

Cloudformation in create stack error: "ELB cannot be attached to multiple subnets in the same AZ"

I trying to build infrastracture with Cloudformation json template. When I added two Subnets and SubnetRouteTableAssociation in both availability zones that i need. But creating process failing to create Loadbalancers with error:
CREATE_FAILED AWS::ElasticLoadBalancing::LoadBalancer Rest ELB cannot
be attached to multiple subnets in the same AZ.
Here is the Parameters of AZs:
"AZs" : {
"Description" : "The list of AvailabilityZones.",
"Type" : "CommaDelimitedList",
"Default" : "us-east-1a,us-east-1c"
}
Here is Resources of Subnets, SubnetRouteTableAssociation in both availability zones and ElasticLoadBalancing of Rest:
"PublicSubnet1a" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "VPC" },
"CidrBlock" : "10.0.0.0/24",
"AvailabilityZone": {
"Fn::Select": ["1", { "Ref": "AZs" }]
},
"Tags" : [
{"Key": "Name", "Value": {"Fn::Join": ["", ["Offering-", {"Ref": "Env"}, {"Ref": "EnvNum"}, "-VPC"]]}},
{"Key" : "Network", "Value" : "Public" }
]
}
},
"PublicSubnet1c" : {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": { "Ref" : "VPC" },
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": {
"Fn::Select": ["1", { "Ref": "AZs" }]
},
"Tags" : [
{"Key": "Name", "Value": {"Fn::Join": ["", ["Offering-", {"Ref": "Env"}, {"Ref": "EnvNum"}, "-VPC"]]}},
{"Key" : "Network", "Value" : "Public" }
]
}
},
"PublicSubnet1aRouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "PublicSubnet1a" },
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"PublicSubnet1cRouteTableAssociation" : {
"Type" : "AWS::EC2::SubnetRouteTableAssociation",
"Properties" : {
"SubnetId" : { "Ref" : "PublicSubnet1c" },
"RouteTableId" : { "Ref" : "PublicRouteTable" }
}
},
"RestELB" : {
"Type" : "AWS::ElasticLoadBalancing::LoadBalancer",
"DependsOn": "AttachGateway",
"Properties": {
"LoadBalancerName": {"Fn::Join": ["",["Rest-ELB-", {"Ref": "VPC"}]]},
"CrossZone" : "true",
"Subnets": [{ "Ref": "PublicSubnet1a" },{ "Ref": "PublicSubnet1c" }],
"Listeners" : [
{"LoadBalancerPort" : "80", "InstancePort" : "80","Protocol" : "HTTP"},
{"LoadBalancerPort" : "6060", "InstancePort" : "6060","Protocol" : "HTTP"}
],
"HealthCheck" : {
"Target" : "HTTP:80/",
"HealthyThreshold" : "3",
"UnhealthyThreshold" : "5",
"Interval" : "90",
"Timeout" : "60"
}
}
}
What I'm doing wrong?
Thanks!

"PublicSubnet1a" : {
...
"AvailabilityZone": {
"Fn::Select": ["1", { "Ref": "AZs" }] // <---- selects index 1 from AZs list
},
...
"PublicSubnet1c" : {
...
"AvailabilityZone": {
"Fn::Select": ["1", { "Ref": "AZs" }] // <---- selects the same index 1 from AZs list
},
both of your subnets are selecting the same index from AZs list (see "FN::select" statement). Change the select statement for PublicSubnet1a to be
"Fn::Select": ["0", { "Ref": "AZs" }]