search

aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap
https://aws.amazon.com/cloudformation/
Creative Commons Attribution Share Alike 4.0 International
1.11k stars 54 forks source link

Transform: AWS::Serverless-2016-10-31 CreateStackSet Not supported in SERVICE_MANAGED permission model #839

Open jewelsjacobs opened 3 years ago

jewelsjacobs commented 3 years ago

Summary

As mentioned in https://aws.amazon.com/about-aws/whats-new/2021/04/deploy-cloudformation-stacks-concurrently-across-multiple-aws-regions-using-aws-cloudformation-stacksets/ I figured I would convert an existing Cloudformation template Im using in a stackset to use SAM transform Resources.

Current Behavior

sam build --config-env ${DEPLOYMENT_ENV} - successful sam package --config-env ${DEPLOYMENT_ENV} - successful sam deploy --config-env ${DEPLOYMENT_ENV} - successful as stack

 aws cloudformation create-stack-set \
  --stack-set-name "${APP}" \
  --template-body file://packaged.yaml \
  --permission-model SERVICE_MANAGED \
  --region us-east-1 \
  --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND \
  --parameters "ParameterKey=Environment,ParameterValue=${DEPLOYMENT_ENV}" \
  --auto-deployment Enabled=true,RetainStacksOnAccountRemoval=true

Error: An error occurred (ValidationError) when calling the CreateStackSet operation: Transform is not supported in SERVICE_MANAGED permission model

Expected Behavior

CreateStackSet operation performs successfully using AWS::Serverless-2016-10-31 Transform

PatMyron commented 3 years ago

left https://github.com/aws-cloudformation/aws-cloudformation-coverage-roadmap/issues/207 open due to this. StackSets team said this seems like an unnecessary undersight

jewelsjacobs commented 3 years ago

Any news on this? Still a real POP (Point Of Pain) 🤕 🤣

PeterBengtson commented 2 years ago

I second this.

gomibushi commented 1 year ago

Yet another limitation to CloudFormation... I'm hoping for a fix here. Templates will be non-standard and ugly if we need to inline our lambdas in StackSets. :(

dalbirmonga commented 1 year ago

Any new on this :(

galquezar commented 11 months ago

The workaround is to deploy the stack on a test account, then download the processed template without any Transform statement. You can download the processed template like this:

aws cloudformation get-template -stack-name your-stack-name --template-stage Processed --query TemplateBody

n-tucker commented 10 months ago

I wanted to also add my support for adding transform support to stacksets. We're trying to use the AWS::LanguageExtensions transform to use the enhanced !FindInMap function, as described here. For this transform, the work-around is not as trivial as deploying the stack and downloading the processed template. We'll need to use a host of nested !If functions as an alternative, which makes our template far less readable and cluttered 😭

nascit commented 5 months ago

I'm uisng this method: https://github.com/aws/serverless-application-model/blob/develop/bin/sam-translate.py

TobySaundersGDS commented 2 months ago

This is still a source of frustration - I don't really want to work around the problem as we need to be able to test what is being deployed as part of an automated pipeline.

gomibushi commented 2 months ago

My workaround which is not really a workaround for all issues is to create a deployment bucket that is shared with read access to the org id. This way my functions in all my accounts get created because the source zip is available across the org. It is of course not SAM, but it lets you get your function code out of the CFN YAML.