CODEWITHSUNDEEP
amazon-web-servicesaws-cloudformationamazon-cloudwatch
Babar Baig
Babar Baig

Reputation: 383

Dynamically attach event names in cloudwatch event rule cloudformation

Here is my cloud formation template which passes event patter to the sub stack which in fact creates the rule depending on the event data.

cloudwatchRule:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: !Sub "${s3Path}/cw-rule.yml"
      Parameters:
        eventPattern: !Join
        - ' '
        - -  '{"source":["aws.iam"],"detail-type":["AWS API Call via CloudTrail"],"detail":{"eventSource":["iam.amazonaws.com"],"eventName":['
          -  Fn::Split:
             - ','
             - !Sub ${ssmParamWhichContainsEventNames}
          -  ']}}'
        ruleState: "ENABLED"

#The value of ssmParamWhichContainsEventNames is of format #"CreateServiceSpecificCredential,DeactivateMFADevice"

When I run this I get the following error

Template error: every Fn::Join object requires two parameters, (1) a string delimiter and (2) a list of strings to be joined or a function that returns a list of strings (such as Fn::GetAZs) to be joined.. Rollback requested by user.

I have tried various techniques to format the order of !Join !Split !Sub I have also tried using Fn::Join (full function format) but it keeps failing.

eventName in the eventPattern parameter expects the input in following format.

"eventName":["event1","event2","event3","event4"]

My SSM variable has event names in the format "event1,event2,event3..." To make it compatible with eventName and make the cloudwatch rule run, I'll have to transform "event1,event2,event3..." to '"event1","event2","event3"...'

One option is that I convert the SSM to my acceptable format but this is the thing I want to avoid for some reason.

Can anyone help me figure out the way to transform the "CreateServiceSpecificCredential,DeactivateMFADevice" to ' "CreateServiceSpecificCredential","DeactivateMFADevice" ' (each value enclosed within double quotes and whole string enclosed within single quotes

I keep feeling that I'm not correctly writing the intrinsic functions in the above code in the correct order.

Upvotes: 0

Views: 372

Answers (1)

Vishal
Vishal

Reputation: 2173

In case somebody is still looking for how to make it happen. Here is the cloudformation template piece that split comma separated string and make it into an array of individual elements to be injected into the "eventName" attribute:

cloudwatchRule:
  Type: AWS::CloudFormation::Stack
  Properties:
    TemplateURL: !Sub "${s3Path}/cw-rule.yml"
    Parameters:
      eventPattern: !Sub
        - |
           {"source":["aws.iam"],"detail-type":["AWS API Call via CloudTrail"],"detail":{"eventSource":["iam.amazonaws.com"],"eventName":[
           "${eventNames}"
           ]}}
        - eventNames: !Join
          - '","'
          - !Split
            - ','
            - !Ref ssmParamWhichContainsEventNames
      ruleState: "ENABLED"

Upvotes: 1

Related Questions