Tag stack created by Codepipeline - aws-cloudformation

Is it possible to add tags to stacks created by Codepipeline using Cloudformation as the Provider for Deployment?

As this documentation says you have a possibility to set tags for your stack in Template Configuration File. Note that end of the article illustrate an example where Configuration File has an Tags section with "Department" : "Marketing" key-value.

Related

How to Include/Reference Multiple Resource files in CloudFormation?

I am new to cloud formation templates. I am trying to organize the templates based on AWS services so that I can easily manage it. For example, iam-roles in one file, dynamodb tables on another, s3, lambda resources in individual files. When I try to make a master file from these partials I am able to include only one partial in the resource section on Fn::Transform. I need two suggestions, am I going in the right direction? and how to include all the partials into my main.yml?
Resources:
"Fn::Transform":
Name: 'AWS::Include'
Parameters:
Location:
Fn::Sub: "s3://s3url/iam-roles.yml"
"Fn::Transform":
Name: 'AWS::Include'
Parameters:
Location:
Fn::Sub: "s3://s3url/ddbtables.yml"
The above code definitely throws an error. How to merge these partials?
From the images you have shared in the question, the templates you have created have to be included using AWS::CloudFormation::Stack.
Fn::Transform is a macro which is used to do preprocessing of a cloudformation templates. For example, we can do search and replace of some strings in the cloudformation templates using Macros.

How can I check if a resource was created by CloudFormation?

I have inherited an AWS account with a lot of resources. Some of them were created manually, other by CloudFormation.
How can I check if a resource (in my case Security Group) was created by CloudFormation and belongs to a stack?
For some security groups aws ec2 describe-security-groups --group-ids real_id results in:
...
"Tags": [
{
"Value": "REAL_NAME",
"Key": "aws:cloudformation:logical-id"
},
{
"Value": "arn:aws:cloudformation:<REAL_ID>",
"Key": "aws:cloudformation:stack-id"
},
]
...
Other security groups don't have any tags.
Is it the only indicator? I mean, someone could easily remove tags form an SG created by CloudFormation.
As per the official documentation, in addition to any tags you define, AWS CloudFormation automatically creates the following stack-level tags with the prefix aws::
aws:cloudformation:logical-id
aws:cloudformation:stack-id
aws:cloudformation:stack-name
All stack-level tags, including automatically created tags, are propagated to resources that AWS CloudFormation supports. Currently, tags are not propagated to Amazon EBS volumes that are created from block device mappings.
--
This should be a good place to start with but since CF doesn't enforce the stack state so if someone deleted something manually then you would never know.
If I were you, I would export everything (supported) via Cloudformer and re-design the whole setup my way.
Another way:
You can pass PhysicalResourceId of a resource to describe_stack_resources and get the stack information if it belongs to a CF stack. This is an example:
cf = boto3.client('cloudformation')
cf.describe_stack_resources(PhysicalResourceId="i-0xxxxxxxxxxxxxxxx")
https://boto3.readthedocs.io/en/latest/reference/services/cloudformation.html#CloudFormation.Client.describe_stack_resources
I had the same issue. After no luck finding an answer I made a quick PowerShell script that will just look for a resource name in all of the stacks.
When CF was introduced the stacks didn't tag resources and even now I have issues with CloudFormation reliably tagging resources, there are still times it will tag one resource and not tag another even with the same resource type and in the same stack. In addition some resources like CloudWatch Alarms don't have tags.
$resourceName = "*MyResource*" #Part of the resource name, surrounded by asterisks (*)
$awsProfile = "Dev" #AWS Profile to use
$awsRegion = "us-east-1" #Region to query
Get-CFNStack -ProfileName $awsProfile -Region $awsRegion | Get-CFNStackResourceList -ProfileName $awsProfile -Region $awsRegion | Where-Object {$_.PhysicalResourceId -ilike $resourceName} | Select-Object StackName,PhysicalResourceId

Taking over existing Domains (HostedZones) in CloudFormation

I've been setting up CloudFormation templates for some new infrastructure for a project and I've made it to Route 53 Hosted Zones.
Now ideally I'd like to create a "core-domains" stack with all our hosted zones and base configuration. Thing is we already have these created manually using the AWS console (and they're used for test/live infrastructure), is there any way to supply the existing "HostedZoneId" as a property to the resource definition and essentially have it introspect what we already have and then apply the diff? (If I've done my job there shouldn't be a diff hopefully so should just be a no-op!).
I can't see a "HostedZoneId" property in the docs: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-route53-hostedzone.html
Any suggestions?
PS. I'm assuming this isn't possible and I'll have to recreate all the HostedZones under CloudFormation but I thought I'd check :)
Found it. It's fine to make other HostedZones, they're issued with new Nameservers, just use the "HostedZoneConfig: Comment" field to note down which hosted zone is which and then you can switch the nameservers over when you're ready!

CodePipeline CloudFormation Template configuration

I'm trying to use the CloudFormation Template configuration field in a CodePipeline. If you edit the CloudFormation in CodePipeline it looks like this:
If my InputArtifactName is MyAppBuild and I have a CloudFormation config file in cfg-prd.json, my hope was I could enter MyAppBuild::cfg-prd.json and have it pick it up.
I get an error about the template file not being valid even though it works manually as:
--parameters cfg-prd.json
Note that the Template Configuration File has a different JSON structure than the format accepted by the --parameters option to aws cloudformation create-stack:
{
"Parameters" : {
"NameOfTemplateParameter" : "ValueOfParameter",
...
},
"StackPolicy" : {
"Statement" : [
StackPolicyStatement
]
}
}
A nice trick to see what the Cloudformation layout should be is to create a pipeline which you know will work. Then use the CLI to extract a cloudformation template.
aws codepipeline get-pipeline --name <pipelinename>
You will get the JSON of the Codepipeline resource. There will be a few changes required but from this you can see exactly what the syntax should be and from there parameterised your template and create Codepipelines programatically.

How to change a buildConfig in OpenShift 3

I'm working through the sample tutorial on OpenShift 3. I created the example application nodejs-mongodb-example. But in the "edit parameters" step, I put the wrong URL to my forked repository, and I get a failed build.
I thought maybe I'd be able to extract the buildConfig file (is that a template?) on the command line, but I haven't found a way to do that.
Is there a way to edit and replace this bad buildConfig without deleting all of the application objects and starting over?
You can use the oc edit command to edit an existing object. For example, oc edit buildconfig/myapp to edit the BuildConfig named myapp.
To add to #ncdc answer, here are the docs for oc :
https://docs.openshift.com/enterprise/3.0/cli_reference/basic_cli_operations.html
and specifically for oc edit :
https://docs.openshift.com/enterprise/3.0/cli_reference/basic_cli_operations.html#application-modification-cli-operations