Open felipe1982 opened 2 years ago
I initially assumed that export_outputs
would write to Parameter Store of the executing account and then this problem wouldn't exist; the docs should be clear that it uses the Parameter Store of the Control Tower admin account.
Any update on this issue as the op says it is almost useless if you cannot put a unique identifier in the name
Same issue, hope that manifest.yaml
can support variables
I had this same issue. I wanted to produce different SSM parameters depending on what region the stackset was deployed to. I managed to resolve the issue by patching the code to allowing the key of stack output parameters to be read as SSM parameters the in the same way that values can be:
ssm_put_parameters
function in source/src/cfct/state_machine_handler.py if key.startswith("$[") and key.endswith("]"):
key = key[2:-1]
# Iterate through all the keys in the event
# (includes the nested keys)
for k, v in self.nested_dictionary_iteration(self.event):
if key.lower() == k.lower():
ssm_key = v
break
else:
ssm_key = key
self.logger.info("Adding value for SSM Parameter Store" " Key: {}".format(ssm_key))
self.ssm.put_parameter(ssm_key, ssm_value)
Once this is done, you can construct CFN outputs for both the key and value in your CloudFormation YAML, for example:
Outputs:
oMyNewResourceArn:
Value: !GetAtt myResource.Arn
oMyNewResourceArnParamName:
Value: !Sub /my/resource/${AWS::Region}/my-resource-arn
Back in the manifest.yaml, store the parameters into the management account SSM:
- name: my-new-resource
description: Example showing how to use dynamic export outputs for key and value pairs
resource_file: templates/my-resource.yaml
export_outputs:
- name: $[output_oMyNewResourceArnParamName]
value: $[output_oMyNewResourceArn]
Finally, for other stacks that need to use the SSM parameters, you can read the SSM parameters stored in the management account using the alfred helper and and then pass them down to the accounts that others stacks are being provisioned in.
Describe the bug
When deploying a stackset to 2+ accounts, the
export_outputs
section does not create unique values for every account/region target. Instead, it overwrites the previous value with the next value.example
To Reproduce
Deploy a VPC to 2+ accounts, and use export_outputs. You will find only a single value, instead of a list of values (or list of parameters), one for each target account/region
Expected behavior
I would expect a variable to be used inside of
manifest.yaml
which can be used to distinguish different parameter store keys. exampleOther variables would be useful, too, such as OU name (i.e. Workloads), or Account Name/Alias (i.e. Banking-Prod), Region code (ap-southeast-2)
To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "(SO0158) - The AWS CloudFormation template for deployment of the Amazon CloudWatch Monitoring Framework. Version v1.0.0". You can also find the version from releases
Screenshots If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).
Additional context Add any other context about the problem here.