search

aws / aws-sam-cli

CLI tool to build, test, debug, and deploy Serverless applications using AWS SAM
https://aws.amazon.com/serverless/sam/
Apache License 2.0
6.5k stars 1.17k forks source link

cli command to transform sam template to regular cloudformation template? #1141

Open rhbecker opened 5 years ago

rhbecker commented 5 years ago

Describe your idea/feature/enhancement

I believe it could be useful to add a command to allow a user to see the cloudformation template produced after serverless transforms are applied.

Proposal

sam transform --template-file PATH --output-template-file PATH

Additional Details

A couple reasons I see value here:

  1. education - for a new user, there's mystery around the effects of using sam syntax ... e.g. what policies are going to be automatically generated based on various properties i specify

  2. some mechanisms in the wild are not yet friendly towards serverless transforms and being able to provide them with vanilla cloudformation, while still taking advantage of sam syntax during compose phase is a nice compromise

jfuss commented 5 years ago

@rhbecker Thanks for the issue. Marking as a feature request.

We surface the generated template in sam validate --debug. The generated template is logged when the debug flag is passed in. This can help you (and others) see the template but is defiantly not as convention as a command.

rhbecker commented 5 years ago

I tried out the sam validate --debug suggested by @jfuss (thanks!), and it satisfies my immediate need, though obviously it's a bit less convenient to work with than the requested feature.

One issue I'll point out: The output it produced included anchors and aliases, which are apparently not supported by cloudformation. It was easy enough to manually edit in order to remove, but as part of this feature request, it would be ideal for the output of an added transform command to not include anchors and aliases.

renanmontebelo commented 4 years ago

I'd like to weight in favor of this feature request as Transforms are not yet supported by StackSets as of Jan 2020:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cloudformation-limits.html#stacksets-macros

marty-brandon-nih commented 4 years ago

Our group could also use this. Developers do a SAM build for local testing, but cloud engineers maintain a separate Cloud Formation template for deployment. Generating the CF template would reduce work and errors.

babeal commented 4 years ago

Another upvote. I would want to use the SAM CLI to generate the CF template to be then aggregated as a child template in a parent application stack.

ataylorme commented 2 years ago

Not a native CLI command but I found this script very helpful

hoffa commented 2 years ago

To get the final CloudFormation template that will be deployed, you can also get the change set with:

sam deploy --no-execute-changeset

Then get the processed template with:

aws cloudformation get-template --query TemplateBody --change-set-name <change-set-arn>

Or save this (not prod-ready) as transform.py:

import json
import sys
import uuid

import boto3

def transform(template: str) -> str:
    cfn = boto3.client("cloudformation")
    name = f"transform-{uuid.uuid4()}"
    change_set = cfn.create_change_set(
        TemplateBody=template,
        StackName=name,
        ChangeSetName=name,
        ChangeSetType="CREATE",
        Capabilities=[
            "CAPABILITY_IAM",
            "CAPABILITY_AUTO_EXPAND",
        ],
    )
    change_set_id = change_set["Id"]
    waiter = cfn.get_waiter("change_set_create_complete")
    waiter.wait(
        ChangeSetName=change_set_id,
        WaiterConfig={
            "Delay": 5,
        },
    )
    transformed = cfn.get_template(ChangeSetName=change_set_id)
    cfn.delete_stack(StackName=name)
    return json.dumps(transformed["TemplateBody"])

def main():
    print(transform(sys.stdin.read()))

if __name__ == "__main__":
    main()

Then transform using:

python transform.py < sam-template.yaml > cfn-template.json
AleXoundOS commented 6 months ago

Wrote a Nix flake for the translator app:

Run like this:

$ nix run github:alexoundos/aws-sam-translator-app -- --help
usage: sam-translate.py [-h] [--template-file TEMPLATE_FILE] [--output-template OUTPUT_TEMPLATE]
                        [--s3-bucket S3_BUCKET] [--capabilities CAPABILITIES] [--stack-name STACK_NAME]
                        [--verbose] [--stdout]
                        [command]

Convert SAM templates to CloudFormation templates. Known limitations: cannot transform CodeUri pointing at
local directory.

positional arguments:
  command

options:
  -h, --help            show this help message and exit
  --template-file TEMPLATE_FILE
                        Location of SAM template to transform [default: template.yaml].
  --output-template OUTPUT_TEMPLATE
                        Location to store resulting CloudFormation template [default: transformed-
                        template.json].
  --s3-bucket S3_BUCKET
                        S3 bucket to use for SAM artifacts when using the `package` command
  --capabilities CAPABILITIES
                        Capabilities
  --stack-name STACK_NAME
                        Unique name for your CloudFormation Stack
  --verbose             Enables verbose logging
  --stdout              Write transformed template to stdout instead of a file
nascit commented 4 months ago

I'm using this method:

https://github.com/aws/serverless-application-model/blob/develop/bin/sam-translate.py

omriyoffe-panw commented 1 month ago

Any news on this feature request? Could really help our team in IaC scans