Lookup Subnet ARN By Name in Cloudformation - aws-cloudformation

Is it possible to reference a subnet by tag name in a cloudformation script? I am in a VPC with multiple regions. Each region has subnets with tag names like "app_a", "app_b", "app_c" for application level subnets in availability zones a, b and c. Ideally, I would like to avoid putting all the subnet ARNS in a big map in the Mappings section of the template. Assuming I don't have access to outputs of another template that created the subnet, is there any other way to refer to the subnets by name?

You can add a custom resource where you pass the AccountId, Region, VPC Name. It can return the VPC_ID, Subnets, and whatever else yo need.

Related

Retrieve a VPC to create a security group

I'm trying to get back a VPC and then create a security group with rules in it. I have been following the steps here in their docs however I need to get a vpc that isn't the default vpc.
I have code like so:
const primaryVpcId = config.require("primaryVpcId");
const primaryVpc = awsx.ec2.Vpc.fromExistingIds("primary", {
vpcId: primaryVpcId
});
const sg = new awsx.ec2.SecurityGroup("jcsg", {vpc:primaryVpc});
The problem is the primaryVpc object is empty so when I run pulumi up it errors saying the subnet ids are empty. I know there is nothing wrong with the vpc in aws so the retrieving of it is failing somehow.
Based on the docs it looks like when using the fromExistingIds you have to specify subresource ids as well. If you're planning on using subnets you'll have to pass in the ids for those too they don't appear to be autodiscovered.
Get an existing Vpc resource's state with the given name and IDs of its relevant sub-resources. This will not cause a VPC (or any sub-resources) to be created, and removing this Vpc from your pulumi application will not cause the existing cloud resource (or sub-resources) to be destroyed.
const importedVpc = awsx.ec2.Vpc.fromExistingIds('primary', {
vpcId: 'theId',
privateSubnetIds: ['id1', 'id2']
})
I imagine you'd have to do the same for any of the properties from ExistingVpcIdArgs (the second parameter to the function) that you plan to use elsewhere in the program.

No Outputs section in cloudformation template

In cloudformation template, there is an outputs sections which is used for talking to cross-stack.
Is that correct to say that this part should not exist if there is only one stack we are creating in one AWS account?
The outputs section can be used for cross-stack references with Export and Fn::ImportValue. It can also be used for general output for the user. A few examples:
Admin URL like https://123.123.123.123/admin
Credentials for a newly created user
Identifier for any of the resources for easy access
An attribute of a resource like EC2 instance IP address

Create a KMS custom Key in CloudFormation template for different region

Is there any way to generate a custom KMS Key via CloudFormation template in a different region than the region which is specified in the respective AWS User account you use to run the template?
Merci A
Short answer:
No, not directly.
Long answer:
It can actually be done in one of two ways. First, using StackSets, you can create a single template that will be deployed in selected accounts (1 in this occurence) and regions.
The second way to achieve your goal is to use a Custom Resource to create your KMS keys in other regions. This custom resource will invoke a Lambda function to handle the lifecycle of your KMS keys. Within this Lambda you will have to call the appropriate APIs to create/update/delete the KMS keys in the desired region.

What is child nameserver and what is use of it?

I need to know about child nameserver, What is it and for what purpose can we use that ?
I have seen an option in whois.com about child name server which has to be pointed out to an ip address, I have tried to use as an subdomain, but I can use subdomain by another way, so basically what is use of that actually ?
Quoting from a source I found using Google:
"Child Name Servers are private labelled name servers which are registered with domain registry under your own domain name.
eg. ns1.domainname.com, ns2.domainname.com
Child Name Servers needs to be registered with registry and also it's A record needs to be pointed to IP address of DNS Server before they can be used as name servers with other domain names. Child Name Servers can be only registered by owner of the primary domain name."
You could use them for a number of reasons; e.g.
If the parent nameserver is run by a DNS provider, the child nameserver could allow you to host the names in the subdomain yourself ... and update them without relying on the DNS provider's (possibly clunky) APIs.
Within a large organization it could allow the management of different subdomains to be done by different groups.
You might do it if you wanted a subdomain to contain dynamic names.
I have seen an option in whois.com ...
I think you might be confused about the purpose of the WHOIS service. It is purely for documenting which people (notionally) control which domains. To implement a child domainserver, you just need an A record in the parent domainserver that points to the child.

how to use the option nameServerSet using the google Cloud DNS API

If I am right the nameServerSet could give me the option to specify the DNS servers to handle request for a domain, this could be useful if I want to use my own domains like for doing white label.
From the docs: nameServerSet
nameServerSet Optionally specifies the NameServerSet for this
ManagedZone. A NameServerSet is a set of DNS name servers that all
host the same ManagedZones. Most users will leave this field unset.
But what are the posible "string" values to use?