Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
AWS CloudFormation YAML template - appending to list parameter types.

AWS CloudFormation YAML template - appending to list parameter types

Documenting this here, as I often forget (what I have found) is the best way to do this at the moment.

For example, you have a list of two existing security groups given to a stack and wish to create (and use) a third - attaching all to an ALB:

AWSTemplateFormatVersion: "2010-09-09"
Description: "Example template"

Parameters:
  VPC:
    Type: "AWS::EC2::VPC::Id"

  ALBSubnetList:
    Type: "List<AWS::EC2::Subnet::Id>"

  securityGroupIdList:
    Type: "List<AWS::EC2::SecurityGroup::Id>"

Resources:
  ALBInstance:
    Type: "AWS::ElasticLoadBalancingV2::LoadBalancer"
    Properties:
      Name: "My ALB"
      Scheme: "internal"
      SecurityGroups: !Split
        - ","
        - !Sub
          - "${idList},${ALBSecurityGroup}"
          - idList: !Join [",",!Ref "securityGroupIdList"]
      Subnets: !Ref "ALBSubnetList"
      
  ALBSecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      GroupDescription: "My new ALB security group"
      SecurityGroupIngress:
        - CidrIp: "0.0.0.0/0"
          FromPort: 443
          IpProtocol: "tcp"
          ToPort: 443
      VpcId: !Ref "VPC"

What's happening here:

  • Taking given securityGroupIdList list of strings and using !Join to create a single string delimited with commas.
  • Next, using !Sub we join this string (with a comma) to our new group resource ID of ALBSecurityGroup.
  • Finally, re-split via !Split the complete string on commas, returning result as a list of strings passed to SecurityGroups.
@iDVB

This comment has been minimized.

Copy link

@iDVB iDVB commented Aug 17, 2018

Thanks I think this is what I'm looking for.
However, I'm a bit stuck on the internals of how your Sub works here and how idList is supposed to work.
I can't get it working with my case.

@magnetikonline

This comment has been minimized.

Copy link
Owner Author

@magnetikonline magnetikonline commented Aug 19, 2018

@iDVB - look here: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-sub.html

!Sub offers a second form where you can define one or more name/value pairs - which can then be used in the substitution string - rather than trying to inline everything into a ${STATEMENT} block - which is often messy to debug/work with.

So here I'm creating a single named value of idList - which is then used by the sub in it's opening argument.

@jedwards1211

This comment has been minimized.

Copy link

@jedwards1211 jedwards1211 commented Jan 25, 2019

Sad thing is I don't think there's any way to make this support securityGroupIdList being empty...

@magnetikonline

This comment has been minimized.

Copy link
Owner Author

@magnetikonline magnetikonline commented Jan 27, 2019

@jedwards1211 Can a List<AWS::EC2::SecurityGroup::Id> be empty? I thought it could? If so, can combine this with an !if to make that a reality.

@BenMcClainTR

This comment has been minimized.

Copy link

@BenMcClainTR BenMcClainTR commented Jul 9, 2019

Thank you!!!

@elexisvenator

This comment has been minimized.

Copy link

@elexisvenator elexisvenator commented Sep 23, 2019

Alternative that doesn't use !Sub:

      SecurityGroups: !Split
        - ","
        - !Join
            - ","
            - - !GetAtt ALBSecurityGroup.GroupId
              - !Join 
                  - ","
                  - !Ref "securityGroupIdList"

This also works if securityGroupIdList has no entries

@magnetikonline

This comment has been minimized.

Copy link
Owner Author

@magnetikonline magnetikonline commented Sep 23, 2019

@elexisvenator very nice!

@beauchar

This comment has been minimized.

Copy link

@beauchar beauchar commented Oct 1, 2019

Would be really nice if you could get a parameter of type ListAWS::EC2::SecurityGroup::Id to pass validation with no value :(

Unless I've missed something...been banging my head against this for ages....so would love to find out a way around it!

@heenar2017

This comment has been minimized.

Copy link

@heenar2017 heenar2017 commented Jan 16, 2020

Thank you i could fix my issue on which i was working for whole day.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.