Open rhbecker opened 5 years ago
@rhbecker Thanks for the issue. Marking as a feature request.
We surface the generated template in sam validate --debug
. The generated template is logged when the debug flag is passed in. This can help you (and others) see the template but is defiantly not as convention as a command.
I tried out the sam validate --debug
suggested by @jfuss (thanks!), and it satisfies my immediate need, though obviously it's a bit less convenient to work with than the requested feature.
One issue I'll point out: The output it produced included anchors and aliases, which are apparently not supported by cloudformation. It was easy enough to manually edit in order to remove, but as part of this feature request, it would be ideal for the output of an added transform
command to not include anchors and aliases.
I'd like to weight in favor of this feature request as Transforms are not yet supported by StackSets as of Jan 2020:
Our group could also use this. Developers do a SAM build for local testing, but cloud engineers maintain a separate Cloud Formation template for deployment. Generating the CF template would reduce work and errors.
Another upvote. I would want to use the SAM CLI to generate the CF template to be then aggregated as a child template in a parent application stack.
Not a native CLI command but I found this script very helpful
To get the final CloudFormation template that will be deployed, you can also get the change set with:
sam deploy --no-execute-changeset
Then get the processed template with:
aws cloudformation get-template --query TemplateBody --change-set-name <change-set-arn>
Or save this (not prod-ready) as transform.py
:
import json
import sys
import uuid
import boto3
def transform(template: str) -> str:
cfn = boto3.client("cloudformation")
name = f"transform-{uuid.uuid4()}"
change_set = cfn.create_change_set(
TemplateBody=template,
StackName=name,
ChangeSetName=name,
ChangeSetType="CREATE",
Capabilities=[
"CAPABILITY_IAM",
"CAPABILITY_AUTO_EXPAND",
],
)
change_set_id = change_set["Id"]
waiter = cfn.get_waiter("change_set_create_complete")
waiter.wait(
ChangeSetName=change_set_id,
WaiterConfig={
"Delay": 5,
},
)
transformed = cfn.get_template(ChangeSetName=change_set_id)
cfn.delete_stack(StackName=name)
return json.dumps(transformed["TemplateBody"])
def main():
print(transform(sys.stdin.read()))
if __name__ == "__main__":
main()
Then transform using:
python transform.py < sam-template.yaml > cfn-template.json
Wrote a Nix flake for the translator app:
Run like this:
$ nix run github:alexoundos/aws-sam-translator-app -- --help
usage: sam-translate.py [-h] [--template-file TEMPLATE_FILE] [--output-template OUTPUT_TEMPLATE]
[--s3-bucket S3_BUCKET] [--capabilities CAPABILITIES] [--stack-name STACK_NAME]
[--verbose] [--stdout]
[command]
Convert SAM templates to CloudFormation templates. Known limitations: cannot transform CodeUri pointing at
local directory.
positional arguments:
command
options:
-h, --help show this help message and exit
--template-file TEMPLATE_FILE
Location of SAM template to transform [default: template.yaml].
--output-template OUTPUT_TEMPLATE
Location to store resulting CloudFormation template [default: transformed-
template.json].
--s3-bucket S3_BUCKET
S3 bucket to use for SAM artifacts when using the `package` command
--capabilities CAPABILITIES
Capabilities
--stack-name STACK_NAME
Unique name for your CloudFormation Stack
--verbose Enables verbose logging
--stdout Write transformed template to stdout instead of a file
I'm using this method:
https://github.com/aws/serverless-application-model/blob/develop/bin/sam-translate.py
Any news on this feature request? Could really help our team in IaC scans
Describe your idea/feature/enhancement
I believe it could be useful to add a command to allow a user to see the cloudformation template produced after serverless transforms are applied.
Proposal
sam transform --template-file PATH --output-template-file PATH
Additional Details
A couple reasons I see value here:
education - for a new user, there's mystery around the effects of using sam syntax ... e.g. what policies are going to be automatically generated based on various properties i specify
some mechanisms in the wild are not yet friendly towards serverless transforms and being able to provide them with vanilla cloudformation, while still taking advantage of sam syntax during compose phase is a nice compromise