aws-cloudformation | Ansible Role for deploying AWS CloudFormation Infrastructure | AWS library
kandi X-RAY | aws-cloudformation Summary
kandi X-RAY | aws-cloudformation Summary
This is an Ansible role for generating CloudFormation templates and deploying CloudFormation stacks to Amazon Web Services.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Create a dictionary from a dictionary .
- Stack the inputs from the configuration .
- Return filters .
- Compact a JSON object .
- Given a dictionary of overrides return a dictionary of values that match the given selector .
aws-cloudformation Key Features
aws-cloudformation Examples and Code Snippets
Community Discussions
Trending Discussions on aws-cloudformation
QUESTION
I have a cloudformation template with an efs filesystem and an instance launch configuration. I need to reference the efs filesystem id in the UserData script, as I want to mount the efs on launch. I've tried it with echo ${!Ref EFSFileSystem}
like this:
ANSWER
Answered 2021-May-14 at 22:12You have a !Sub
on the string already, so instead of ${!Ref EFSFileSystem}
you just need to do ${EFSFileSystem}
. That will be replaced with the default output of the resource, in this case, the Id
.
QUESTION
I have a docker-compose project with two containers running NGINX and gunicorn with my django files. I also have a database outside of docker in AWS RDS. My question is similiar to this one. But, that question is related to a database that is within docker-compose. Mine is outside.
So, if I were to open a bash terminal for my container and run py manage.py makemigrations
the problem would be that the migration files in the django project, for example: /my-django-project/my-app/migrations/001-xxx.py
would get out of sync with the database that stores which migrations has been applied. This will happen since my containers can shutdown and open a new container at any time. And the migration files would not be saved.
My ideas are to either:
Use a
volume
inside docker compose, but since the migrations folder are spread out over all django apps that could be hard to achieve.Handle migrations outside of docker, that would require some kind of "master" project where migration files would be stored. This does not seem like a good idea since then the whole project would be dependent on some locals file existing.
I'm looking for suggestions on a good practice how I can handle migrations.
EDIT:
Here is docker-compose.yml, I'm runing this locally with docker-compose up
and in production to AWS ECS with docker compose up
. I left out some aws-cloudformation config which should not matter I think.
docker-compose.yml
...ANSWER
Answered 2021-Apr-27 at 11:57The problem boiled down to where I would store my migration files that Django generates upon py manage.py makemigrations
and when/where I would run py manage.py migrate
. As 404pio suggested you can simple store these in your code repo like GitHub.
So my workflow goes like this:
- In my local development environment, run
py manage.py makemigrations
andpy manage.py migrations
, (target a development database like sqlite). - If everything OK, commit and push to git.
- (I'm using CircleCI to test and deploy my Django project, but this could be done manually aswell.) CircleCI runs pipeline after git push. In pipeline I have as the very last step to run
py manage.py migrate
. This must be after deployment of app since that might fail and then you don't want to migrate.
QUESTION
I want to create an AWS IAMS account that has various permissions with CloudFormation.
I understand there are policies that would let a user change his password and let him get his account to use MFA here
How could I enforce the user to use MFA at first log in time when he needs to change the default password?
This is what I have:
The flow I have so far is:
- User account is created
- When user tries to log in for the first time is asked to change the default password.
- User is logged in the AWS console.
Expected behavior:
- User account is created
- When user tries to log in for the first time is asked to change the default password and set MFA using Authenticator app.
- User is logged in the AWS console and has permissions.
A potential flow is shown here. Is there another way?
Update:
This blog explains the flow Again, is there a better way? Like an automatic pop up that would enforce the user straight away?
Update2:
I might have not been explicit enough. What we have so far it is an ok customer experience. This flow would be fluid
User tries to log in
Console asks for password change
Colsole asks for scanning the code and introducing the codes
User logs in with new password and the code from authenticator 5.User is not able to deactivate MFA
ANSWER
Answered 2021-Mar-14 at 22:17Allow users to self manage MFA is the way to go, if you are using regular IAM. You can try AWS SSO, it's easier to manage and free.
Allowing users to login, change password, setup MFA and Denying everything other than these if MFA is not setup as listed here
We could create an IAM Group with an inline policy and assign users to that group. This is CF for policy listed in the docs.
QUESTION
I want to Qyery AWS Stack Resource Aws Cl so I can get the PhysicalResourceId.
To describe the stacks and query it is resented in this post.
If I want to describe my stack resource I use this command
...ANSWER
Answered 2021-Feb-21 at 19:20We can use AWS --query --query StackResourceDetail.PhysicalResourceId
QUESTION
ANSWER
Answered 2021-Jan-31 at 07:50Does cloudformation support using Container image for deploying AWS Lambda?
Yes it does. AWS::Lambda::Function has new properties specific to container images, such as:
ImageConfig
PackageType
ImageUri
QUESTION
I'm trying to create an AWS S3 Bucket with cloud formation.
S3 bucket name needs to be lowercase but I want to use a paramenter to compound that name. This parameter comes uppercase.
I founded a way.
I read this.
This is my code:
...ANSWER
Answered 2021-Jan-18 at 23:00Important point to note to get the syntax right is to use Json with Yaml when using multiple Intrinsic functions.
Updated syntax below. For Environment value DEV
, this creates a bucket of name content-input-dev
QUESTION
I have deployed https://github.com/aws-samples/amazon-elasticsearch-service-with-cognito to my stack, and am trying to add a master
group as per https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/fgac.html#fgac-walkthrough-iam
So I have added to the following https://github.com/aws-samples/amazon-elasticsearch-service-with-cognito/blob/master/lib/search-stack.ts#L50
...ANSWER
Answered 2020-Jun-01 at 23:29OK, I needed to use:
QUESTION
I have been refactoring what has become a rather large stack because it is brushing up against size limits for CloudFormation scripts on AWS. In doing so I have had to resolve some dependencies (typically using Outputs) but I've run into a situation that I have never run into before...
How do I use a resource created in one nested stack (A) in another nested stack (B) when using DependsOn
?
This question is a duplicate question but the answer does not fit because it doesn't actually resolve the issue I have, it takes a different approach based on that particular user's needs.
Here is the resource in nested stack A:
...ANSWER
Answered 2020-Nov-10 at 21:09As suggested in comments I moved the DependsOn
statement up to the primary CFN script in the resource requiring the dependency and made sure the dependency was on the other resource, not the nested resource, like this:
QUESTION
AWS documentation claims that if I have a registered domain in another DNS registar that then I have to updated the name servers on the registered domain so presumably I thought that if I created a hosted zone by specifying a domain registered on R53 that the name servers will be updated automatically. This is the part of my CloudFormation:
...ANSWER
Answered 2020-Nov-06 at 10:09“Wrong CNAME records” could be the keyword here, have you tried to remove the certificate resource from the CF template, update the stavk with it, clean up the CNAME entries, make sure the certificate is deleted from ACM and then add the Certificate resource again to the CF template?
My guess goes in a direction how CloudFormation works on updating resources. For Certificates most changes require recreation, meaning First create a new one and then, whenever the new certificate is created successfully, delete the old one. This behaviour males sense but sometimes causes issues.
Also make sure the DomainName
is the same as in the Validation
properties field. The following template fails to validate due to that wrong configuration:
QUESTION
I need to add a DeletionPolicy
to my functions created with the serverless framework. Override AWS CloudFormation Resource suggests that I should be able to do something like the following, but it doesn't work:
ANSWER
Answered 2020-Oct-08 at 21:04Turns out we were on a rather old version of serverless. This was added in version 1.65.0.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install aws-cloudformation
To set this role up as an Ansible Galaxy requirement, first create a requirements.yml file in a roles subfolder of your playbook and add an entry for this role. See the Ansible Galaxy documentation for more details. Once you have created requirements.yml, you can install the role using the ansible-galaxy command line tool. To update the role version, simply update the requirements.yml file and re-install the role as demonstrated above.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page