I am trying to apply my cloudformation template and I am getting the following cryptic error:
botocore.exceptions.ClientError: An error occurred (ValidationError)
when calling the CreateStack operation: Template error: Condition
token can only be used in Conditions block
The stack trace is
File "/Users/user/.env/lib/python3.7/site-packages/botocore/client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/Users/user/.env/lib/python3.7/site-packages/botocore/client.py", line 661, in _make_api_call
raise error_class(parsed_response, operation_name)
The code looks like
cf_client = session.client('cloudformation')
cf_client.create_stack(
StackName=stack_name,
TemplateBody=template_body,
Parameters=aws_parameters,
TimeoutInMinutes=10,
OnFailure='DELETE',
Tags=aws_tags,
Capabilities=['CAPABILITY_IAM'],
)
The cloudformation template is massive and not appropriate to paste here. It stands up an application with service discovery, app mesh, fargate, etc.
What is this Condition they're referring to and what is wrong?
The error is rather cryptic and unhelpful but in my case, it was a typo in my ECS task definition.
My container has a depends on relationship and I had misconstructed the
DependsOn:
- ContainerName: envoy
- Condition: HEALTHY
Depends on is a list of maps so there should not be a - in front of Condition.
This corrects my problem:
DependsOn:
- ContainerName: envoy
Condition: HEALTHY
Related
I have a Cloudformation stack that conditionally invokes a nested stack to create a RDS instance, only if an existing database URL is not passed in as a parameter.
If I pass a value to the DBExistingEndpoint parameter in the stack, the condition CreateDB is set to false, and it will not invoke the nested RDS stack at all.
The issue is that in the AutoScaling launch config resource, there is a conditional dependency. I need to reference either the URL output from the nested stack, or the URL passed in as a parameter to place in a file in the newly launched instance.
Parameters:
DBExistingEndpoint:
Type: String
Description: Set to a URL of a RDS instance to use an existing DB, otherwise create one
Default: ''
...
Conditions:
CreateDB:
!Equals [!Ref DBExistingEndpoint, '']
...
Resources:
# Database created only if existing URL not passed in
DB:
Type: AWS::CloudFormation::Stack
Condition: CreateDB
Properties:
TemplateURL: ...
...
ClusterInstanceLaunchConfig:
Type: AWS::AutoScaling::LaunchConfiguration
Metadata:
AWS::CloudFormation::Init:
config:
files:
/etc/dbenv:
mode: "000640"
owner: root
group: root
content:
!Join
- "\n"
-
- !Sub ["DB_HOST=${DBEndpointAddress}", DBEndpointAddress: !If [CreateDB, !GetAtt DB.Outputs.RDSEndPointAddress, !Ref DBExistingEndpoint]]
...
The issue is that if I pass in an existing endpoint URL, the DB resource is skipped (correctly), but the stack creation fails with Template format error: Unresolved resource dependencies [DB] in the Resources block of the template
Ideally the DB.output.RDSEndpointAddress reference in the ClusterInstanceLauchConfig resource should be ignored because the CreateDB condition in the !If is false
Does anybody know how to code around this limitation?
You should try to set the conditional statement on a different level than it is now.
What will work for sure, is having the conditional statement on the level of the LaunchConfiguration itself, which would also mean quite a lot of duplication of the code. But maybe you could try to see the conditional on the level of content or files etc, to see if there's a middle ground somewhere, to keep duplication low, but avoid the error you're getting right now.
I m trying to remove some fields, I use filebeat 7.14 on Kubernetes
I tried as described in the doc
processors:
- drop_fields:
when:
contains
fields: ["host.os.name", "host.os.codename", "host.os.family"]
ignore_missing: false
container failed "ERROR instance/beat.go:989
Exiting: Failed to start crawler:
starting input failed: Error while initializing input:
missing or invalid condition
failed to initialize condition"
ignore_missing still messing
- drop_fields:
fields: ["host.os.name", "host.os.codename", "host.os.family"]
fields are still present
you don't seem to have a condition set under the when. take a look at https://www.elastic.co/guide/en/beats/filebeat/7.14/defining-processors.html#conditions and make sure you've got something for it to match
We use serverless-plugin-split-stacks to break resources into nested stacks and have set it up in serverless.yml as follows.
custom:
splitStacks:
perFunction: false
perType: true
perGroupFunction: false
webpack:
webpackConfig: ./webpack.config.js
includeModules: true
Everything was going well until we were greeted with the following error
Error: The CloudFormation template is invalid: Template format error: Number of resources, 206, is > greater than maximum allowed, 200
When this error happens, the condition of the nested stacks is as follows.
Serverless: [serverless-plugin-split-stacks]: Resources per stack:
Serverless: [serverless-plugin-split-stacks]: - (root): 206
Serverless: [serverless-plugin-split-stacks]: - APINestedStack: 55
Serverless: [serverless-plugin-split-stacks]: - PermissionsNestedStack: 49
My problem is that even though we have set up split-stacks properly, why doesn't it split the resources in the root stack into new stacks?
If there's anything I have missed here, please educate me on this. Thanks for all helpful suggestions.
This npm package serverless-plugin-split-stacks not working. This package has been Deprecated - FAILED - BUG
For more information: https://www.npmjs.com/package/serverless-plugin-split-stacks
To resolve your problem (Serverless Workarounds for CloudFormation's 200 Resource Limit) read some tips:
https://www.serverless.com/blog/serverless-workaround-cloudformation-200-resource-limit
We are using mta to structure our application and deploying it using the SAP Cloud SDK Pipeline and Transport Management landscape.
In the mta.yaml, we are referencing the org (organization) parameter value using the placeholder notation ${org}.
The issue is that the org name contains spaces between the characters (viz. Sample Org Name) and that is causing error during the application deployment to Cloud Foundry.
We do not want to rename the org name.
Is there any other placeholder notation that removes the spaces between the characters?
We have observed that ${default-host} removes the spaces from the organization name but its scope is limited to only modules and not resources.
We need the substitution variable in the resources scope.
Appreciate if someone can help us here to resolve the issue.
Please find snippet of the mta.yaml and the error message.
resources:
- name: uaa_test_app
parameters:
path: ./xs-security.json
service-plan: application
service: xsuaa
config:
xsappname: 'test-app-${org}-${space}'
type: org.cloudfoundry.managed-service
Error Message:
Service operation failed: Controller operation failed: 502 Updating service "uaa_test_app" failed: Bad Gateway: Service broker error: Service broker xsuaa failed with: org.springframework.cloud.servicebroker.exception.ServiceBrokerException: Error updating application null (Error parsing xs-security.json data: Inconsistent xs-security.json: Invalid xsappname "Test-App-Sample Org Name-test": May only include characters 'a'-'z', 'A'-'Z', '0'-'9', '_', '-', '', and '/'.)
When I try to deploy package on SAM, the very first status comes in cloud formation console is ROLLBACK_IN_PROGRESS after that it gets changed to ROLLBACK_COMPLETE
I have tried deleting the stack and trying again, but every time same issue occurs.
Error in terminal looks like this-
Sourcing local options from ./SAMToolkit.devenv
SAM_PARAM_PKG environment variable not set
SAMToolkit will operate in legacy mode.
Please set SAM_PARAM_PKG in your .devenv file to run modern packaging.
Run 'sam help package' for more information
Runtime: java
Attempting to assume role from AWS Identity Broker using account 634668058279
Assumed role from AWS Identity Broker successfully.
Deploying stack sam-dev* from template: /home/***/1.0/runtime/sam/template.yml
sam-additional-artifacts-url.txt was not found, which is fine if there is no additional artifacts uploaded
Replacing BATS::SAM placeholders in template...
Uploading template build/private/tmp/sam-toolkit.yml to s3://***/sam-toolkit.yml
make_bucket failed: s3://sam-dev* An error occurred (BucketAlreadyOwnedByYou) when calling the CreateBucket operation: Your previous request to create the named bucket succeeded and you already own it.
upload: build/private/tmp/sam-toolkit.yml to s3://sam-dev*/sam-toolkit.yml
An error occurred (ValidationError) when calling the DescribeStacks operation: Stack with id sam-dev* does not exist
sam-dev* will be created.
Creating ChangeSet ChangeSet-2020-01-20T12-25-56Z
Deploying stack sam-dev*. Follow in console: https://aws-identity-broker.amazon.com/federation/634668058279/CloudFormation
ChangeSet ChangeSet-2020-01-20T12-25-56Z in sam-dev* succeeded
"StackStatus": "REVIEW_IN_PROGRESS",
sam-dev* reached REVIEW_IN_PROGRESS
Deploying stack sam-dev*. Follow in console: https://console.aws.amazon.com/cloudformation/home?region=us-west-2
Waiting for stack-create-complete
Waiter StackCreateComplete failed: Waiter encountered a terminal failure state
Command failed.
Please see the logs above.
I set SQS as event source for Lambda, but didn't provided the permissions like this
- Effect: Allow
Action:
- sqs:ReceiveMessage
- sqs:DeleteMessage
- sqs:GetQueueAttributes
Resource: "*"
in lambda policies.
I found this error in "Events" tab of "CloudFormation" service.