search

aws-quickstart / quickstart-aws-vpc

Amazon Virtual Private Cloud—AWS Solution
Apache License 2.0
327 stars 283 forks source link

Template validation fails for aws-vpc #43

Closed davdunc closed 2 years ago

davdunc commented 2 years ago

Issue

Attempts to validate the aws-vpc.template.yaml fails to validate. Template is too long to be used from local resources.

Response

fatal: [localhost]: FAILED
[. . . ] 
Name: !Sub '${AWS::StackName}-VPCID'", "' at 'templateBody' failed to satisfy constraint: Member must have length less than or equal to 51200"]

Expected

Validation status okay.

Steps to Reproduce

Ansible reproducer: 

---
- name: Test building the VPC configuration
  hosts: localhost
  connection: local

  vars:
    aws_region: us-east-1
    aws_profile: default

  tasks:
    - name: download the current template for APN Quick Start for VPC
      get_url:
        url: https://raw.githubusercontent.com/aws-quickstart/quickstart-aws-vpc/main/templates/aws-vpc.template.yaml
        dest: files/aws-vpc.template.yaml
        mode: '0750'
    - name: Validate the current template for APN Quick Start for VPC
      command:
        argv:
          - aws
          - cloudformation
          - validate-template
          - --template-body
          - file://files/aws-vpc.template.yaml
      register: cf_vpc_validation
tlindsay42 commented 2 years ago

Interesting, but we have no intention of minifying our templates to support this. The existing lint & end-to-end testing is sufficient for I&A. Alternatively, you could use aws cloudformation validate-template --template-url as the template-url parameter supports 9x the template length (460,800 bytes), but it requires a S3 bucket path (or SSM doc), so you could point to the production bucket: https://aws-quickstart.s3.amazonaws.com/quickstart-aws-vpc/templates/aws-vpc.template.yaml, which worked fine for me.

$ aws cloudformation validate-template --template-url https://aws-quickstart.s3.amazonaws.com/quickstart-aws-vpc/templates/aws-vpc.template.yaml | tail
            "NoEcho": false,
            "Description": "Set to false to create only public subnets. If false, the CIDR parameters for ALL private subnets will be ignored."
        }
    ],
    "Description": "This template creates a Multi-AZ, multi-subnet VPC infrastructure with managed NAT gateways in the public subnet for each Availability Zone. You can also create additional private subnets with dedicated custom network access control lists (ACLs). If you deploy the Quick Start in a region that doesn't support NAT gateways, NAT instances are deployed instead. **WARNING** This template creates AWS resources. You will be billed for the AWS resources used if you create a stack from this template. (qs-1qnnspaap)",
    "Capabilities": [
        "CAPABILITY_IAM"
    ],
    "CapabilitiesReason": "The following resource(s) require capabilities: [AWS::IAM::Role]"
}