Skip to content

Instantly share code, notes, and snippets.

@rollwagen

rollwagen/aws_cloudformation_validation.md

Last active October 4, 2021 12:51
Show Gist options
  • Save rollwagen/b9d34563ac08d1081936128f0b2d1c0e to your computer and use it in GitHub Desktop.
Save rollwagen/b9d34563ac08d1081936128f0b2d1c0e to your computer and use it in GitHub Desktop.
Download ZIP
aws_cloudformation_validation
Raw
aws_cloudformation_validation.md

aws cloudformation "validation"

consider the following sample cloudformation yaml file y.yaml

Resources:
  S3SampleBucketinstacks3bucketF253E29D:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: "Test_S3SampleBucketinstacks3bucketF253E29D"
      BucketVersioningConfiguration: Enabled
      DeletionPolicy: Retain
      BucketVersioningConfiguration: Suspended

note: this is an invalid cloudformation yaml

  • DeletionPolicy is not a Bucket 'Property' but an attribute of the resource bucket itself, see DeletionPolicy attribute
  • BucketVersioningConfiguration
      1. wrong property name, only called VersioningConfiguration
      1. wrong structure, needs Status 'sub-'property, see correct yaml below
      1. defined twice (duplicate)
  • (on the side i.e. expected to be runtime/deployment time checks 'BucketName' value not allowed to contain uppercase characters nor '_')

aws cloudformation validate-template

  • validating with aws-cli...all good (false positive)

    $ aws cloudformation validate-template --template-body file://y.yaml
{
  "Parameters": []
}

  • deploying with aws cloudformation create-stack however yields:

    • Encountered unsupported property DeletionPolicy or
    • Encountered unsupported property BucketVersioningConfiguration
    • etc

  • cfn-lint

    E0000 Duplicate resource found "Bucket VersioningConfiguration" (line 6) y.yaml:6:7
E0000 Duplicate resource found "Bucket VersioningConfiguration" (line 9) y.yaml:9:7
    • warns about the duplicate resource (good)
    • doesn't complain or warn about the wrongly placed 'DeletionPolicy' etc (not so good)

behaviour of the duplicate 'VersioningConfiguration' - last one wins!

Resources:
  S3SampleBucketinstacks3bucketF253E29D:
    Type: AWS::S3::Bucket
    Properties:
      VersioningConfiguration:
        Status: Enabled
      BucketName: "test-s3samplebucketinstacks3bucketf253e29d"
      VersioningConfiguration:
        Status: Suspended
  • after fixing above errors and deploying the stack with the duplicate VersioningConfiguration
    • aws cloudformation create-stack --template-body file://y.yaml --stack-name e200test1g
    • no error or warning during stack creation rg duplicate properties that override each other
    $ aws s3api get-bucket-versioning --bucket test-s3samplebucketinstacks3bucketf253e29d
{
"Status": "Suspended"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment