Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
AWS CloudFormation YAML template - appending to list parameter types.

AWS CloudFormation YAML template - appending to list parameter types

Documenting this here, as I often forget (what I have found) is the best way to do this at the moment.

For example, you have a list of two existing security groups given to a stack and wish to create (and use) a third - attaching all to an ALB:

AWSTemplateFormatVersion: "2010-09-09"
Description: "Example template"

Parameters:
  VPC:
    Type: "AWS::EC2::VPC::Id"

  ALBSubnetList:
    Type: "List<AWS::EC2::Subnet::Id>"

  securityGroupIdList:
    Type: "List<AWS::EC2::SecurityGroup::Id>"

Resources:
  ALBInstance:
    Type: "AWS::ElasticLoadBalancingV2::LoadBalancer"
    Properties:
      Name: "My ALB"
      Scheme: "internal"
      SecurityGroups: !Split
        - ","
        - !Sub
          - "${idList},${ALBSecurityGroup}"
          - idList: !Join [",",!Ref "securityGroupIdList"]
      Subnets: !Ref "ALBSubnetList"
      
  ALBSecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      GroupDescription: "My new ALB security group"
      SecurityGroupIngress:
        - CidrIp: "0.0.0.0/0"
          FromPort: 443
          IpProtocol: "tcp"
          ToPort: 443
      VpcId: !Ref "VPC"

What's happening here:

  • Taking given securityGroupIdList list of strings and using !Join to create a single string delimited with commas.
  • Next, using !Sub we join this string (with a comma) to our new group resource ID of ALBSecurityGroup.
  • Finally, re-split via !Split the complete string on commas, returning result as a list of strings passed to SecurityGroups.
@iDVB

This comment has been minimized.

Copy link

@iDVB iDVB commented Aug 17, 2018

Thanks I think this is what I'm looking for.
However, I'm a bit stuck on the internals of how your Sub works here and how idList is supposed to work.
I can't get it working with my case.

@magnetikonline

This comment has been minimized.

Copy link
Owner Author

@magnetikonline magnetikonline commented Aug 19, 2018

@iDVB - look here: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-sub.html

!Sub offers a second form where you can define one or more name/value pairs - which can then be used in the substitution string - rather than trying to inline everything into a ${STATEMENT} block - which is often messy to debug/work with.

So here I'm creating a single named value of idList - which is then used by the sub in it's opening argument.

@jedwards1211

This comment has been minimized.

Copy link

@jedwards1211 jedwards1211 commented Jan 25, 2019

Sad thing is I don't think there's any way to make this support securityGroupIdList being empty...

@magnetikonline

This comment has been minimized.

Copy link
Owner Author

@magnetikonline magnetikonline commented Jan 27, 2019

@jedwards1211 Can a List<AWS::EC2::SecurityGroup::Id> be empty? I thought it could? If so, can combine this with an !if to make that a reality.

@BenMcClainTR

This comment has been minimized.

Copy link

@BenMcClainTR BenMcClainTR commented Jul 9, 2019

Thank you!!!

@elexisvenator

This comment has been minimized.

Copy link

@elexisvenator elexisvenator commented Sep 23, 2019

Alternative that doesn't use !Sub:

      SecurityGroups: !Split
        - ","
        - !Join
            - ","
            - - !GetAtt ALBSecurityGroup.GroupId
              - !Join 
                  - ","
                  - !Ref "securityGroupIdList"

This also works if securityGroupIdList has no entries

@magnetikonline

This comment has been minimized.

Copy link
Owner Author

@magnetikonline magnetikonline commented Sep 23, 2019

@elexisvenator very nice!

@beauchar

This comment has been minimized.

Copy link

@beauchar beauchar commented Oct 1, 2019

Would be really nice if you could get a parameter of type ListAWS::EC2::SecurityGroup::Id to pass validation with no value :(

Unless I've missed something...been banging my head against this for ages....so would love to find out a way around it!

@heenar2017

This comment has been minimized.

Copy link

@heenar2017 heenar2017 commented Jan 16, 2020

Thank you i could fix my issue on which i was working for whole day.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment