Allow the format function to work with named identifiers instead of just array indexes.

I often use cloud-init config style user data, and I occasionally find that I need to send the entire contents of a file to a stack as a template parameter. In many cases it is difficult to ensure soething does not get messed up (either whitespaes in the file content, or overall yaml formatting of outer userdata) when the parameter containing the file is expanded into its value. Luckily, cfn provides a base64 function just specifically for this kind of thing.

I have found myself writing the following code a bunch of times

  Instance(:node) {
   ...
   UserData FnBase64( FnFormat( <<EOF ,
#cloud-config
...
runcmd:
  - echo %{Base64ParameterName} | base64 -d > /path/to/file
EOF
                                                       :Base64Parameter => FnBase64( Ref( :ParameterName ) ),
   ))
 }

This works reasonably well, but it would be nice if FnFormat were smart enough to realize that when I refer to a value like :Base64ParameterName, what I really mean is the base64 encoding of the value of ParameterName unless I have explicity defined the value somewhere else.

Alternatively....

It might be nice to be able to declare named values globally across the template.

  Declare( :b64ParameterName, FnBase64( Ref( :ParameterName ) )

  Instance(:node) {
   ...
   UserData FnBase64( FnFormat( <<EOF ))
#cloud-config
...
runcmd:
  - echo %{b64ParameterName} | base64 -d > /path/to/file
EOF
   ))
 }

The implication here is that anyplace that directly or implicitly evaluates Ref(:b64PaameterName) will get the value passed in as the second argument to the Declare function.

Hello again.

For large templates, the normal size limit for a single Cloudformation template is 51200 bytes.

If someone wants to create a large, layered and highly available VPC, creating a Ruby loop in cfndsl makes quick work of generating the many subnets, routes, routetables, and on. Such a deployment if attempted with a monolithic Cloudformation template quickly expands to an illegally large size.

The next issue comes when you consider the limit of 10 outputs per template. The advertised answer to having too large a template is to layer templates by using parameters and outputs. The stack I'm seeking to build has approximately ten tiers (layers of VPC subnets) striped across three availability zones. Creating such a deployment with layers quickly runs against the output limit, especially when one tries to pass the metadata for so many subnets down to nested templates.

My imagined solution is to take a very granular approach while using parametrization, in a cfndsl-generated layering structure. This method would use the same foundational Ruby loops, arrays and hashes as before, in a monolithic cfndsl file to output multiple interlocking Cloudformation templates as a single JSON stream. In this way, one cfndsl Ruby file would output one long JSON file having individual self-contained Cloudformation templates throughout. A simple post-processing function would then be implemented to split the many Cloudformation templates into discrete files.

I was able to create two Cloudformation blocks inside of my cfndsl template successfully. However, piping it to json_pp failed. I think an extra JSON wrapper level is required for this to work without error.

The other obvious option is for me to generate discrete cfndsl files to bring about the layered structure. Without some shared arrays and such, the hand-coding of each template would all but negate one of the main reasons I chose cfndsl in the first place: very powerful for each loops.

I'll stop rambling now. Please let me know if any of this makes sense.

Thanks,
Joshua

Add a data driven mechanism that allows the language to treat some or all of the resource property complex data types as language objects, something like resources.

Similar to #114, as documented at:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html#cfn-iam-group-managepolicyarns

cfndsl contributors and users,

Is there anything the AWS CloudFormation service could provide that can help in using and enhancing cfndsl? (For example, any additional API, any update to the template format, etc.)

Sincerely,
The AWS CloudFormation Team

The simple EC2 Example fails. I get the error Undefined symbol: EC2MountPoint for the below code.

CloudFormation {
  Description 'Example Description'

  EC2_Instance('ExampleInstance') {
    ImageId 'ami-767a391e'
    Type 't2.small'
    AvailabilityZone 'string'
    Volumes [
      EC2MountPoint {
        VolumeId 'test string'
        Device '/dev/sde'
      }
    ]
  }
}

The syntax appears to be the same for BlockDeviceMappings as seen below and I get no errors. Is there a bug for EC2MountPoint or am I doing something wrong? Thanks.

  Instance('Instance Example') {
    ImageId 'ami-767a391e'
    Type 't2.micro'
    AvailabilityZone Ref('availabilityZone')
    UserData FnBase64(FnJoin('',
                             ['mke2fs -t ext4 /dev/xvde']))

    BlockDeviceMappings [
      BlockDeviceMapping {
        DeviceName '/dev/sde'
        Ebs 'test string'
      }
    ]
  }

Be great to get a gem published with some of the latest updates. Last gem was published over a year ago.

After speaking to a number of colleagues who use the AWS eclipse plugin it seemed clear that it was using some sort of schema to validate the CF in the plugin as people were able to get feedback about incorrect params straight away.

After digging around, I found the following:

TemplateSchemaRules.java

This links off to a json schema:

CloudFormationV1.schema

that has the complete list of resources and valid properties for them.

I think it would be extremely valuable to incorporate this in so we could use this to build up the resource types and validate the resulting templates against.

I need to check with the developers of the plugin first about how this schema is maintained and if it's something we can depend on.

cfndsl is expecting the property to be spelled "PreferrredAvailabilityZone" but cloudformation is expecting "PreferredAvailabilityZone", current workaround is to compile it and then fix the json file manually. Can you please change this?

A recent change added support for OpsWorks, which defines both a Stack and and Instance resource type. This makes it so that Instance and Stack are no longer valid top level resource names. You have to use CloudFormation_Stack or EC2_Instance or the OpsWorks _ flavors explicitly.

The trouble with this is that many existing scripts out there will now fail in cryptic ways.

The solution is to ensure that ambiguous resource definitions emit explicit error messages

cfndsl does not currently support the UpdatePolicy directive on AutoScalingGroups.

This is what the cfndsl code would look like:

AutoScalingGroup("MyASG") {
    UpdatePolicy("AutoScalingRollingUpdate", {
                 "MinInstancesInService" => "1",
                 "MaxBatchSize"          => "1",
                 "PauseTime"             => "PT15M"
                 })
    LaunchConfigurationName Ref("MyLC")
    MinSize "2"
    MaxSize "150"
    DesiredCapacity "3"
}

resulting in this JSON output

"MyASG": {
    "UpdatePolicy" : {
        "AutoScalingRollingUpdate" : {
            "MinInstancesInService" : "1",
            "MaxBatchSize" : "1",
            "PauseTime" : "PT15M"
        }
    },
    "Type": "AWS::AutoScaling::AutoScalingGroup",
    "Properties": {
        "DesiredCapacity": "3",
        "MaxSize": "150",
        "MinSize": "3",
        "LaunchConfigurationName": {
            "Ref": "MyLC"
        },
    }
},

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html

The documentation is pretty well out of date. Update it to include recent changes.

Hi,

I think it's quite common to have to write userdata scripts that contain CloudFormation references. They usually look something like this:

"UserData":{
  "Fn::Base64":{
    "Fn::Join":[
      "",
      [
        "#!/bin/bash -vx\n",
        "/opt/aws/bin/cfn-init -s ", { "Ref":"AWS::StackId" }, " -r LaunchConfig --region ", { "Ref":"AWS::Region" }, "\n",
        "sh /tmp/setup.sh\n",
        "sleep 5\n",
        "/opt/aws/bin/cfn-signal -e $? ", " --stack ", { "Ref":"AWS::StackName" }, " --resource ServiceFleet ", " --region ", { "Ref":"AWS::Region" },
      ]
    ]
  }
}

It would be great if the DSL allowed us to write userdata.sh (with bonus syntax highlighting):

#!/bin/bash -vx
/opt/aws/bin/cfn-init -s {{AWS::StackId}} -r LaunchConfig --region {{AWS::Region}}
sh /tmp/setup.sh
sleep 5
/opt/aws/bin/cfn-signal -e $? --stack {{AWS::StackName}} --resource ServiceFleet --region {{AWS::Region}}

and then:

UserData FnBase64(File("userdata.sh"))

Is that something you cfnsdl already supports that I missed, or a feature you think could be useful? Note the example above would only handle simple Refs, which would already be useful. I can't think of a nice syntax to support the full gamut of operations like FindInMap, etc...

Thanks

Is there a cfndsl discussion forum? I'd prefer to raise questions and ideas outside of the issue tracker. Thus leaving the issue tracker for tracking issues

eg https://github.com/atom/atom uses http://www.discourse.org/
see: https://discuss.atom.io/

Write a method_missing in a class - perhaps JSONable that will give the user some decent feedback if he has typed in some incorrect method names.

Hi @howech @stevenjack

The following code will happily generate correct CloudFormation...

alarms = []

alarms.push Resource("CPUAlarmHigh") {
  Type "AWS::CloudWatch::Alarm"
  Property "AlarmDescription", "Scale-up if CPU > 80% for 1 minutes"
  ...other properties...
}

alarms.each do |alarm|
  alarm.declare {
    Property "MetricName", "CPUUtilization"
    ...other properties...
  }
end

But if you change {} on alarms.push Resource("CPUAlarmHigh") {} to be do/end like so:

alarms.push Resource("CPUAlarmHigh") do
  ...code...
end

Then I've found that the Type "AWS::CloudWatch::Alarm" doesn't get applied to the generated CloudFormation.

Any ideas why this is?

Hello-

I'm trying to setup a condition in my cfndsl but keep getting the following error (I suspect something is wrong with my syntax).

Undefined symbol: fnEquals(#<CfnDsl::RefDefinition:0x007f90799f4d98 @Ref="Environment">, "infrastructure01")

Here is my code:

#my parameter I'm basing my condition off of
  Parameter("Environment") {
    String
    Description "The environment/vpc name"
    AllowedValues [
      "infrastructure01",
      "lab01"
    ]
  }

#
# a bunch of different resources here like Roles, Policies, Instances, Security Groups, etc, etc
#

#my condition referencing the parameter stated above
Condition("PrivateIPCondition", fnEquals(Ref("Environment"),"infrastructure01"))

If I comment out the Condition, my template renders perfectly. Can't seem to get the condition piece working right. What am I doing wrong here?

Thanks for the great tool and the help!

Basically, there should be no difference between the plural and the singular methods. If a type has an array property named "Things", the type should have methods called "Thing", "Things", "thing" and "things" that all work like the following

#append t to the types list of Things
Thing t

# Append things t1, t2, t3, t4 to the list of things
Thing [t1, t2, t3, t4]

# Create a new thing, evaluate the block in its context 
# and append it to the list of things.
Thing {
  #thing block
}

# Create a new thing, evaluate the block in its context
# with the given parameter and append it to the list of
# things
Thing x { |y|
  #parameterized thing block
}

# Create a new thing for each element in the array, evaluate
# the block in context with the array item value as a parameter
# and append all of the results to the list of things.
Thing [x1, x2, x3, x4] { |y|
  #parameterized thing block
}

# Do nothing, but return the list of things
Thing()

# Actually, all of these should return the value of the types array variable

I'm trying to allow instances in a VPC-contained security group to talk to one another by self-referencing the SourceSecurityGroupID.

Here is an example of what I'm trying to do:

https://forums.aws.amazon.com/message.jspa?messageID=230251

I get various errors, depending on how I arrange things.

Here's an example of the output I'm seeing:

Invalid Reference: Resource SecGrpForPublicNAT refers to SecGrpForPublicNAT
Invalid Reference: Resource SecGrpForPrivateWeb refers to SecGrpForPrivateWeb

I tried breaking out into a SecurityGroupIngress resource item, which references the main SecurityGroup resource as a Ref: on properties: GroupId and SourceSecurityGroupId.

That exercise produced:

vagrant@wralebox:~/ezdi-devops/assets/cfndsl$ cfndsl ServiceVpc.rb
ServiceVpc.rb:398: Undefined symbol: SourceSecurityGroupId(#<CfnDsl::RefDefinition:0x00000000f7bac0 @ref="SecGrpForPublicNAT">)
ServiceVpc.rb:506: Undefined symbol: SourceSecurityGroupId(#<CfnDsl::RefDefinition:0x00000000f669b8 @ref="SecGrpForPrivateWeb">)
ServiceVpc.rb:570: Undefined symbol: SourceSecurityGroupId(#
ServiceVpc.rb:1626: Undefined symbol: VpcId(#<CfnDsl::RefDefinition:0x000000013a3a58 @ref="Vpc">)
ServiceVpc.rb:1626: Undefined symbol: VpcId(#<CfnDsl::RefDefinition:0x00000001390ed0 @ref="Vpc">)
ServiceVpc.rb:1626: Undefined symbol: VpcId(#<CfnDsl::RefDefinition:0x000000013916a0 @ref="Vpc">)
ServiceVpc.rb:1626: Undefined symbol: VpcId(#<CfnDsl::RefDefinition:0x0000000138bc00 @ref="Vpc">)
ServiceVpc.rb:1626: Undefined symbol: VpcId(#<CfnDsl::RefDefinition:0x0000000138b4a8 @ref="Vpc">)
ServiceVpc.rb:1626: Undefined symbol: VpcId(#<CfnDsl::RefDefinition:0x0000000138ad00 @ref="Vpc">)
ServiceVpc.rb:1626: Undefined symbol: VpcId(#<CfnDsl::RefDefinition:0x0000000138a5d0 @ref="Vpc">)
ServiceVpc.rb:1626: Undefined symbol: VpcId(#<CfnDsl::RefDefinition:0x00000001389e28 @ref="Vpc">)
ServiceVpc.rb:1626: Undefined symbol: VpcId(#<CfnDsl::RefDefinition:0x00000001389680 @ref="Vpc">)
ServiceVpc.rb:1626: Undefined symbol: VpcId(#<CfnDsl::RefDefinition:0x00000001388eb0 @ref="Vpc">)

I find myself writing things like FnNot(FnEquals(…)), which is wrong, since this compiles to { "Fn::Not": { "Fn::Equals": … } }. Fn::Not takes a single element array, so the correct formulation is FnNot([FnEquals…]) instead.

I don't believe it's ever correct to call FnNot() with any parameter other than a single-element array, so… can we make the natural syntax valid? That is, if FnNot() gets something that's not an array, can we automatically wrap it in one?

The core test cases handle internal functions and reference checking.

Need some tests that look explicitly into some json generation, and testing the edge cases on the generated property methods.

currently, the resource method "DependsOn" replaces the resources dependency list with its arguments. It would be more useful if DependsOn would append its arguments to the list of dependencies, so you could use it to accumulate dependencies.

nested stacks for example

master.rb

CloudFormation {
....
  Resource("VPCStack") {
    Type 'AWS::CloudFormation::Stack'
    Property('TemplateURL', "https://s3-ap-southeast-2.amazonaws.com/#{sourceBucket}/cloudformation/#{cf_version}/vpc.json" )
    Property('TimeoutInMinutes', 5)
    Property('Parameters',{
      EnvironmentType: Ref('EnvironmentType'),
      EnvironmentName: Ref('EnvironmentName')
    })

  Resource("DatabaseStack") {
    Type 'AWS::CloudFormation::Stack'
    DependsOn('VPCStack')
    Property('TemplateURL', "https://s3-ap-southeast-2.amazonaws.com/#{sourceBucket}/cloudformation/#{cf_version}/database.json" )
    Property('TimeoutInMinutes', 5)
    Property('Parameters',{
      EnvironmentType: Ref('EnvironmentType'),
      EnvironmentName: Ref('EnvironmentName'),
      RDSSnapshotID: Ref('RDSSnapshotID'),
      VPC: FnGetAtt('VPCStack', 'Outputs.VPCId'),
      RouteTablePrivateA: FnGetAtt('VPCStack', 'Outputs.RouteTablePrivateA'),
      RouteTablePrivateB: FnGetAtt('VPCStack', 'Outputs.RouteTablePrivateB')
    })
  }
.....
}

And we would have a corresponding cfndsl template per nested and more often that not called the sample name as the filename is the TemplateURL property. In the example above we would have a vpc.rb and database.rb

Right now we need to call cfndsl for each template not a huge deal but if we could combine this into a single cfndsl execution it would be possible to do output parameter validation. Also by combining them into a single execution we could do some calculation in one nested stack that could be used in another.

For example we calculate subnet offsets in the vpc template and then use those calculated values in the database template with out having to use cloudformation output parameters to pass essentially something that is static.

ideally I'd just like to call cfndl passing my master template and have it render all of the nested stacks and validate all of the input/output parameters from each parent and child

@stevenjack Thoughts????

I have defined a SecurityGroup with an 'embedded' Ingress rule

EC2_SecurityGroup(:mySG) {
  VpcId Ref(:VPC)
  GroupDescription "my SG"
  SecurityGroupIngress [
    {
      "CidrIp"     => "10.0.0.0/8",
      "IpProtocol" => "tcp",
      "FromPort"   => "22",
      "ToPort"     => "22"
    }
  ]
}  

The generated JSON for the Ingress contains an additional [ .... ] which is rejected by CloudFormation. This also happens for Egress as well. Note that the similar format NetworkInterfaces (in EC2_Instance) seems to work OK.

Generated:

            "SecurityGroupIngress" : [
               [
                  {
                     "FromPort" : "22",
                     "IpProtocol" : "tcp",
                     "CidrIp" : "10.0.0.0/8",
                     "ToPort" : "22"
                  }
               ]
            ]

should be:

            "SecurityGroupIngress" : [
                  {
                     "FromPort" : "22",
                     "IpProtocol" : "tcp",
                     "CidrIp" : "10.0.0.0/8",
                     "ToPort" : "22"
                  }
               ]

Removing the [ ...] from around

     SecurityGroupIngress: [ EC2SecurityGroupRule ]
     SecurityGroupEgress: [ EC2SecurityGroupRule ]

in aws_types.yaml seems to fix the problem for me but I don't think that's the correct approach

I'm not a Ruby developer so I'm not sure what's a good way to extend cfndsl to support project specific requirements. For example I'd like to define a single method that can define an egress->ingress rule pair for a security. eg Web Security Group => DB Security Group on tcp port 1443.

I've got this to work but wonder if there is a better or more elegant way.

CloudFormation do
  Description("SecurityGroups")
  AWSTemplateFormatVersion("2010-09-09")

  VPC = "myVPC"
  SG_OWNER_ID = "1234567890"  

  def EC2_SecurityGroupPermission(name, source, destination, protocol, port)

    EC2_SecurityGroupEgress("#{name}Egress") {
      GroupId source
      IpProtocol protocol
      FromPort port
      ToPort port
      DestinationSecurityGroupId destination
    } 

    EC2_SecurityGroupIngress("#{name}Ingress") {
      GroupId destination
      IpProtocol protocol
      FromPort port
      ToPort port
      SourceSecurityGroupId source
      SourceSecurityGroupOwnerId SG_OWNER_ID
    }  

  end

  EC2_SecurityGroup(:sgWeb) {
    VpcId VPC
    GroupDescription "SG-Web"
    SecurityGroupIngress []
    SecurityGroupEgress []
  } 

  EC2_SecurityGroup(:sgDB) {
    VpcId VPC
    GroupDescription "SG-DB"
    SecurityGroupIngress []
    SecurityGroupEgress []
  }   

  EC2_SecurityGroupPermission("WebToDB1443", Ref(:sgWeb), Ref(:sgDB), "tcp", "1443")

end

This generates:

{
   "Description" : "DEVTEST-DSL: NAT, Bastion, Nginx, Rabbit, Redis",
   "AWSTemplateFormatVersion" : "2010-09-09",
   "Resources" : {
      "sgWeb" : {
         "Type" : "AWS::EC2::SecurityGroup",
         "Properties" : {
            "GroupDescription" : "SG-Web",
            "SecurityGroupIngress" : [],
            "SecurityGroupEgress" : [],
            "VpcId" : "myVPC"
         }
      },
     "sgDB" : {
       "Type" : "AWS::EC2::SecurityGroup",
       "Properties" : {
         "SecurityGroupEgress" : [],
         "SecurityGroupIngress" : [],
         "GroupDescription" : "SG-DB",
         "VpcId" : "myVPC"
       }
     },
     "WebToDB1443Ingress" : {
         "Type" : "AWS::EC2::SecurityGroupIngress",
         "Properties" : {
            "SourceSecurityGroupId" : {
               "Ref" : "sgWeb"
            },
            "FromPort" : "1443",
            "SourceSecurityGroupOwnerId" : "1234567890",
            "ToPort" : "1443",
            "IpProtocol" : "tcp",
            "GroupId" : {
               "Ref" : "sgDB"
            }
         }
      },
      "WebToDB1443Egress" : {
         "Properties" : {
            "IpProtocol" : "tcp",
            "DestinationSecurityGroupId" : {
               "Ref" : "sgDB"
            },
            "GroupId" : {
               "Ref" : "sgWeb"
            },
            "ToPort" : "1443",
            "FromPort" : "1443"
         },
         "Type" : "AWS::EC2::SecurityGroupEgress"
      }
   }
}

Hi. I'm eager to use cfndsl for a three-AZ eight-tier H/A VPC, similar to the following AWS article. Each of the eight tiers would get a dedicated subnet, per AZ. I'm worried about expressing this complex VPC architecture in CloudFormation, which is why I'm looking at cfndsl.

https://aws.amazon.com/articles/6079781443936876

I'm newish to Ruby, but I'm trying to port their example to cfndsl and eventually extend it for the third AZ.

Please consider rendering an example of a similar configuration using cfndsl.

Thanks,
Joshua

Complain if a template tries to create properties on a resource that are not supported.

Hi there, I haven't found support for having a script in UserData. I think it'd be useful to have for instance:

in userdata.sh

    #!/bin/bash
    echo "hello world"

in Ruby:

    Resource(…) {
            Property("UserData", FnBase64(IO.read(‘userdata.sh’)))
    }

of course the problem arises when instead of a simple script like the one above, you start inserting things like Ref("AWS::StackId”), and alike…

any ideas?

cheers

Fede

Thus far I've used cfndsl to output the CF JSON via the command line, and it's been awesome.

I'd like to step it up though and integrate it into a Rails app, that stores the cfndsl code in a database and then generate the output JSON from that and then (with aws-sdk) actually launch the CF template.

I'm not quite sure how to do that. So far the only thing that I've gotten to work is to open a shell and run the file from there. There's got to be a better way.

Anyone have any suggestions?

When trying to add ingress rules directly as a property on a SecurityGroup the array gets nested with an outer array.

EC2_SecurityGroup("SampleGroup"){
    VpcId Ref("VpcId")
    GroupDescription "Sample group"
    SecurityGroupIngress [{:IpProtocol=>"tcp"}]
  }

Will render the following.

"SecurityGroupIngress": [
          [
            {
              "IpProtocol": "tcp"
            }
          ]
        ]

I can see where it is all happening...well I think so. https://github.com/stevenjack/cfndsl/blob/master/lib/cfndsl/Plurals.rb#L7 I have not figured out how to fix it, if someone would like to give me some pointers I am happy to have a crack.

Come up with a shorter way to tag instances.

Currently you have to:

Instance("MyInstance") {
  Tag {
    Key "foo"
    Value "bar"
  }
}

But it would be nice if you could

Instance("MyInstance") {
  Tag("foo","bar")
}

I have created a set of examples at:
https://github.com/neillturner/cfndsl_examples
using cfn2dsl
from Amazon AWS Template Snippets
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/CHAP_TemplateQuickRef.html

Hi there,

Thanks for all your great work on this gem. I have been using it very heavily.

It looks like AWS::SNS::Topic is not fully defined in the YAML file. I am happy to create a PR that fixes this one up.

If you could provide some guidance on your preferred path to contribution that would also be really helpful. Would you prefer I create issue and put then create the PR off the back of that for changes such as this? Or is a simple PR on its own sufficient?

Fraser

Minor hang I suppose, but I think it is more efficient if the CloudFormation template renders in the order of the source cfndsl template. I suppose making this happen is probably pretty hard, given the many abstractions cfndsl introduces.

Having parameters like "AvailabilityZone{1,2,3}" show up at random in the list makes debugging and output template sharing a little more difficult, I think.

Thanks!

Joshua

@aaronwalker This is great, been thinking (Not for this PR) but it could be better if you were able to define a .cfndsl.yml config in your project directory which could look like:

extras: "default_extras.yml"
templates:
  component_one:
    filename: "component_one/template.json"
    extras: "component_one/extras.yml"
    output: "stacks/component_one.json"

You then just run cfndsl and it'll generate the templates based on this configuration (Bonus of having default extras at the top then each template can override and have it's own extras).

With the identifier as the key for the config, you could also just generate one component by doing something like:

cfndsl -c component_one

(Would have to look at the best way of handling this to keep backwards compatibility)

Complain when a template tries to create a resource of a type that is not supported.

Should be an array of Strings as documented at

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#cfn-iam-role-managepolicyarns

Am I doing something obviously wrong?

laptop:cfndsl-templates josh$ cfndsl
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Errors.rb:7: warning: don't put space before argument parentheses
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Errors.rb:15: warning: don't put space before argument parentheses
/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/rubygems/custom_require.rb:31:in `gem_original_require': /Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Types.rb:74: syntax error, unexpected '=', expecting '|' (SyntaxError)
...ethod(method_name) do | value=nil, *rest, &block|
                              ^
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Types.rb:74: Can't assign to nil
...d(method_name) do | value=nil, *rest, &block|
                              ^
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Types.rb:74: syntax error, unexpected ',', expecting '='
...d_name) do | value=nil, *rest, &block|
                              ^
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Types.rb:139: syntax error, unexpected kELSE, expecting kEND
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Types.rb:145: syntax error, unexpected '=', expecting '|'
                define_method(method) do | value=nil, *rest, &block |
                                                 ^
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Types.rb:145: Can't assign to nil
                define_method(method) do | value=nil, *rest, &block |
                                                     ^
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Types.rb:145: syntax error, unexpected ',', expecting '='
                define_method(method) do | value=nil, *rest, &block |
                                                            ^
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Types.rb:157: syntax error, unexpected kEND, expecting $end
  end  
     ^
    from /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/rubygems/custom_require.rb:31:in `require'
    from /Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl.rb:7
    from /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/rubygems/custom_require.rb:31:in `gem_original_require'
    from /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/rubygems/custom_require.rb:31:in `require'
    from /Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/bin/cfndsl:2
    from /usr/bin/cfndsl:19:in `load'
    from /usr/bin/cfndsl:19
lap-28-174:cfndsl-templates josh$ cfndsl autoscale.rb 
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Errors.rb:7: warning: don't put space before argument parentheses
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Errors.rb:15: warning: don't put space before argument parentheses
/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/rubygems/custom_require.rb:31:in `gem_original_require': /Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Types.rb:74: syntax error, unexpected '=', expecting '|' (SyntaxError)
...ethod(method_name) do | value=nil, *rest, &block|
                              ^
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Types.rb:74: Can't assign to nil
...d(method_name) do | value=nil, *rest, &block|
                              ^
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Types.rb:74: syntax error, unexpected ',', expecting '='
...d_name) do | value=nil, *rest, &block|
                              ^
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Types.rb:139: syntax error, unexpected kELSE, expecting kEND
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Types.rb:145: syntax error, unexpected '=', expecting '|'
                define_method(method) do | value=nil, *rest, &block |
                                                 ^
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Types.rb:145: Can't assign to nil
                define_method(method) do | value=nil, *rest, &block |
                                                     ^
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Types.rb:145: syntax error, unexpected ',', expecting '='
                define_method(method) do | value=nil, *rest, &block |
                                                            ^
/Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl/Types.rb:157: syntax error, unexpected kEND, expecting $end
  end  
     ^
    from /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/rubygems/custom_require.rb:31:in `require'
    from /Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/lib/cfndsl.rb:7
    from /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/rubygems/custom_require.rb:31:in `gem_original_require'
    from /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/rubygems/custom_require.rb:31:in `require'
    from /Library/Ruby/Gems/1.8/gems/cfndsl-0.0.16/bin/cfndsl:2
    from /usr/bin/cfndsl:19:in `load'
    from /usr/bin/cfndsl:19
laptop:cfndsl-templates josh$ 

I'm currently writing a templates for some new infrastructure and I'm finding I need to repeat the Property declaration more than I'd like.
It'd be great if you could bundle together the Property declarations for a resource.

Currently I've got the following code

  Resource("MySQLDatabase") {
    Type "AWS::RDS::DBInstance"
    Property("Engine", "MySQL")
    Property("DBName", "Production")
    Property("MultiAZ", Ref("MultiAZDatabase"))
    Property("MasterUsername", Ref("DBUsername"))
    Property("MasterUserPassword", Ref("DBPassword"))
    Property("DBInstanceClass", Ref("DBInstanceClass"))
    Property("")
  }

It'd be nice if you could pass in a hash instead. eg

  Resource("MySQLDatabase") {
    Type "AWS::RDS::DBInstance"
    Properties(["Engine" => "MySQL",
                         "DBName" => "Production")
                         "MultiAZ" => Ref("MultiAZDatabase"))
                         "MasterUsername" => Ref("DBUsername"))
                         "MasterUserPassword" => Ref("DBPassword"))
                         "DBInstanceClass" => Ref("DBInstanceClass")]
  }

Does this sound like something that would be useful?

I have a QueuePolicy resource which works well with cfndsl

  Resource("sqspolicyEvents") do
    Type("AWS::SQS::QueuePolicy")
    Property("Queues", [
      Ref("queueEvents")
    ])
    Property("PolicyDocument", {
      "Statement" => [
        {
          "Action"    => ["SQS:SendMessage"],
          "Effect"    => "Allow",
          "Principal" => {"AWS" => [ "*"] },
          "Resource"  => [FnGetAtt("queueEvents", "Arn")],
          "Sid"       => "Sid1430973749198"
        }
      ]
    })
  end

I'm in the process of updating my 'code' to use the abstracted objects; eg:

  QueuePolicy(:sqspolicyEvents) {
    Queues [ Ref("queueEvents") ]
    PolicyDocument {
      "Statement" => [
        {
          "Action"    => ["SQS:SendMessage"],
          "Effect"    => "Allow",
          "Principal" => {"AWS" => [ "*"] },
          "Resource"  => [FnGetAtt("queueEvents", "Arn")],
          "Sid"       => "Sid1430973749198"
        }
      ]
    }
  }

However I'm getting a syntax error: syntax error, unexpected =>, expecting '}'

What's the correct way to format a PolicyDocument? The definitions in aws_types.yaml indicates a Type of JSON but I've not been able to work out how to do format this.

  "AWS::IAM::Policy" :
   Properties:
    PolicyName: String
    PolicyDocument: JSON
    Groups: [ String ]
    Users: [ String ]
    Roles: [ String ]

Hi,

Is possible to add additional types support for

"AWS::CloudFormation::Authentication"

"AWS::CloudFormation::Init"

Thank you

Some companies will only use gems with a certain license.
The canonical and easy way to check is via the gemspec,

via e.g.

spec.license = 'MIT'
# or
spec.licenses = ['MIT', 'GPL-2']

Even for projects that already specify a license, including a license in your gemspec is a good practice, since it is easily
discoverable there without having to check the readme or for a license file. For example, it is the field that rubygems.org uses to display a gem's license.

For example, there is a License Finder gem to help companies ensure all gems they use
meet their licensing needs. This tool depends on license information being available in the gemspec. This is an important enough
issue that even Bundler now generates gems with a default 'MIT' license.

If you need help choosing a license (sorry, I haven't checked your readme or looked for a license file), github has created a license picker tool.

In case you're wondering how I found you and why I made this issue, it's because I'm collecting stats on gems (I was originally looking for download data) and decided to collect license metadata,too, and make issues for gemspecs not specifying a license as a public service :).

I hope you'll consider specifying a license in your gemspec. If not, please just close the issue and let me know. In either case, I'll follow up. Thanks!

p.s. I've written a blog post about this project

It would be nice if there were a way to include a way to declare the custom properties and attributes that the custom resource allows, as well.

aws_types.aws is missing QueueName: String from Properties.

it should be able to support

  Queue(:queueEvents) {
    QueueName QUEUE_EVENTS_NAME
    VisibilityTimeout "30"
  }

suggested fix:

  "AWS::SQS::Queue" :
    Properties:
     VisibilityTimeout: String
     QueueName: String
    Attributes:
     Arn: String
     QueueName: String

Openstack's Orchestration package, Heat, seems to be almost blow for blow similar to AWS Cloudformation (YAML instead of JSON, and some other minor diffs...) It should not be too hard to adapt this project to also be able to drive openstack configurations.

For properties of simple types, ensure that the supplied value matches up with the type. For properties of complex type, make sure that the value supplied is not incompatible (eg for a parameter that wants an array of structures, complain if you give it a string.)

Add some data about what is allowed in aws_types. Add metadata declarators to CFTemplate. Add new types as needed for the cfn-init metadata sections.