Advertisements When I create a role using AWS CLI, I get a properly formatted ARN: arn:aws:iam::836101485904:role/sigmund-freud However, when I use cloudformation, I get PhysicalResourceId in the stack resource which does not look like an ARN at all: stack-example9-SigmundFreud-1SXXK5AE0GRA3 How do I get an ARN from this PhysicalResourceId? The confusing part is that when I create… Read More PhysicalResourceId vs ARN

Advertisements When I try to launch windows server using this template, I get an error: Property validation failure: [Value of property {/LaunchTemplateData} does not match type {Object}] I used this template: Parameters: 1InstanceType: Type: String Default: t2.small AllowedValues: – t2.small – m3.medium – m3.xlarge – i3.xlarge 2SecurityGroup: Type: ‘AWS::EC2::SecurityGroup::Id’ 3KeyName: Type: ‘AWS::EC2::KeyPair::KeyName’ 4LatestAmiId: Type: ‘AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>’… Read More Windows spot instance with persistence request using cloudformation

Advertisements I am trying to build a CodeBuild template in Cloudformation. I need to add a role to allow it to perform the need action. I create the following role (rules found thanks to the AWS documentation): "CodeBuildServiceRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Action": [ "codebuild:*", "codecommit:GetBranch", "codecommit:GetCommit",… Read More AWS Role creation via Cloudformation error with LimitExceeded

Advertisements Since a few days, AWS Lambdas can be exposed as web services directly without an API Gateway. This works fine when setting up through the UI console, but I can’t seem to get it done with Cloudformation, because the resource policy is not attached with AuthType: NONE. And without the policy, I get "message":… Read More Deploy AWS Lambda with function URL via Cloudformation

Advertisements Trying to put a bash script to install MongoDB on an EC2 via userdata. Im starting simple with this easy script before I do that one I am actually trying to do. I cannot even get the simple one to work. When I try and create the stack with the template below it gives… Read More AWS CloudFormation template not accepting bash script

Advertisements I wish to deploy an AWS resource using cloudformation, but only in specific environments. At the top of my yaml file I have two conditions defined below, where Environment is a parameter that can take different values: Conditions: notInDevelopment: !Not [ !Equals [!Ref Environment, development]] notInStaging: !Not [ !Equals [!Ref Environment, staging]] When writing… Read More how to "and" two conditions together in AWS cloudformation

Advertisements I am creating Cloud formation template for security group with ingress rule of over 50 CIDR IPs. In Parameters, I used Commadelimited list for Multiple CIDR IPs. Instead of creating seperate values in SecurityGroupIngress for each CIDR IP, Is it possible to include multiple CidrIps in single code. { "IpProtocol" : "tcp", "CidrIp" :… Read More Cloudformation template(JSON) for security group with 50 CIDR IPs (Ingress)

Advertisements I want to prevent unencrypted uploads to an S3 bucket for all resources. I am attempting to do this using a S3 policy, as below: PolicyS3BucketPolicy: Type: AWS::S3::BucketPolicy DependsOn: PolicyS3Bucket Properties: Bucket: !Ref PolicyS3Bucket PolicyDocument: Version: "2012-10-17" Statement: – Effect: Deny Sid: DenyUnEncryptedObjectUploads Action: "s3:PutObject" Resource: "*" Principal: AWS: "*" Condition: StringNotEquals: "s3:x-amz-server-side-encryption": "aws:kms"… Read More How to deny unencrypted uploads to an S3 bucket by any resource?