wlg
Reputation: 179
Template error: every value of the context object of every Fn::Sub object must be a string or a function that returns a string
I want aws:SourceVpc to be added as list of string ["vpc-7830jkd", "vpc-a1236"] when i run this template in uat env and as string "vpc-1234" when i run in perf. It is working fine in perf env but when i run in uat i got below error.
Template error: every value of the context object of every Fn::Sub object must be a string or a function that returns a string. Any suggestions ?
Can this achieved by combining select, join and findinmap.
Mappings:
mVpcId:
menv:
perf: "vpc-1234"
uat: "vpc-7830jkd,vpc-a1236"
islowenv: !Equals [ !Ref Env, "perf" ]
Parameters:
Env:
Type: String
Resources:
apigateway:
Type: "AWS::ApiGateway::RestApi"
Properties:
Name: mygateway
EndpointConfiguration:
Types:
- "PRIVATE"
Policy: !Sub
- |-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": [
"execute-api:/*"
]
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": [
"execute-api:/*"
],
"Condition": {
"StringNotEquals": {
"aws:SourceVpc": "${myappid}" --> i need this as list when run in uat
}
}
}
]
}
- { myappid: !If [islowenv, !FindInMap [ "mVpcId", "menv", !Ref "Env" ], !Split [ ",", !FindInMap [ "mVpcId", "menv", !Ref "Env"] ]]}
Upvotes: 2
Views: 2499
Answers (1)
Marcin
Reputation: 238209
Since you have condition now and your vpc list is hardcoded, you can use the following combination of Select and Sub to produce valid policy:
Mappings:
mVpcId:
menv:
perf: "vpc-1234"
uat: "vpc-7830jkd,vpc-a1236"
Conditions:
islowenv: !Equals [ !Ref Env, "perf" ]
Parameters:
Env:
Type: String
AllowedValues: [perf,uat]
Resources:
apigateway:
Type: "AWS::ApiGateway::RestApi"
Properties:
Name: mygateway
EndpointConfiguration:
Types:
- "PRIVATE"
Policy: !Sub
- |-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": [
"execute-api:/*"
]
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": [
"execute-api:/*"
],
"Condition": {
"StringNotEquals": {
"aws:SourceVpc": ${myappid}
}
}
}
]
}
- myappid:
!If
- islowenv
- !Sub
- "\"${value}\""
- value: !FindInMap ["mVpcId", "menv", !Ref "Env" ]
- !Sub
- "[\"${value1}\", \"${value2}\"]"
- value1: !Select [0, !Split [ ",", !FindInMap [ "mVpcId", "menv", !Ref "Env"] ]]
value2: !Select [1, !Split [ ",", !FindInMap [ "mVpcId", "menv", !Ref "Env"] ]]
But if you need it to work with any vpc list of any length, then you need custom resources or macros.
Upvotes: 1
Related Questions
- Template format error: unsupported structure seen in AWS CloudFormation
- Cloudformation Template error: every Fn::GetAtt object requires two non-empty parameters
- CloudFormation Template format error: Every Parameters object must contain a Type member
- Template error: instance of Fn::GetAtt references undefined resource EventHandlerLambdaFunction
- CloudFormation: Template error: every Ref object must have a single String value
- AWS Cloudformation error: Template format error: Invalid outputs property : [Ref]
- Template error: every Fn::GetAtt object requires two non-empty parameters, the resource name and the resource attribute
- Fn::Sub expression does not resolve to a string
- Template error: instance of Fn::GetAtt references undefined resource
- Cloudformation Template error: every Ref object must have a single String value