Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dynamic referencing in a template not resolving #30

Closed
hine0088 opened this issue Dec 14, 2020 · 3 comments
Closed

dynamic referencing in a template not resolving #30

hine0088 opened this issue Dec 14, 2020 · 3 comments
Labels
proposed

Comments

@hine0088
Copy link

While using dynamic referencing in a template, it seems that the secret value isn't resolved correctly and results in an empty string. The file uploaded to S3 while creating the environment template has the correct syntax but the template as seen in the CloudFormation console for the stack seems to have an empty string. Instead of letting CloudFormation resolve the dynamic references, it seems that it is being resolved even before it gets to CloudFormation. Interestingly enough, it is taking the dynamic referencing syntax out of the comments as well which leads me to believe that it is parsing the template entirely before creating the CloudFormation stack.
@hine0088 hine0088 changed the title [Request]: Describe issue here dynamic referencing in a template no resolving Dec 14, 2020
@hine0088 hine0088 changed the title dynamic referencing in a template no resolving dynamic referencing in a template not resolving Dec 14, 2020
@clareliguori
Copy link
Member

Hi @hine0088 I assume you're referring to CloudFormation dynamic references, for example:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html#dynamic-references-secretsmanager

Both CloudFormation dynamic references and Jinja use the same special characters {{ and }} to indicate something that should be resolved:
{{resolve:secretsmanager:MySecret:SecretString:password:EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE}}

During the Jinja compilation phase of the Proton deployment, Jinja is attempting to interpret that dynamic reference because it is between {{ and }}, and replaces it with an empty string as it is not a valid Jinja expression.

You can use Jinja escaping to escape those characters so that they end up in the final CloudFormation template:
https://jinja.palletsprojects.com/en/2.11.x/templates/#escaping

For example:

{{ '{{resolve:secretsmanager:MySecret:SecretString:password:EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE}}' }}

Or:

{% raw %}
  MyRDSInstance:
    Type: 'AWS::RDS::DBInstance'
    Properties:
      DBName: MyRDSInstance
      AllocatedStorage: '20'
      DBInstanceClass: db.t2.micro
      Engine: mysql
      MasterUsername: '{{resolve:secretsmanager:MyRDSSecret:SecretString:username}}'
      MasterUserPassword: '{{resolve:secretsmanager:MyRDSSecret:SecretString:password}}'
{% endraw %}

@hine0088
Copy link
Author

That worked perfectly, thanks so much! Easier to see with hindsight now. I did the following

MyRDSInstance:
Type: 'AWS::RDS::DBInstance'
Properties:
DBName: MyRDSInstance
AllocatedStorage: '20'
DBInstanceClass: db.t2.micro
Engine: mysql
{% raw %}
MasterUsername: '{{resolve:secretsmanager:MyRDSSecret:SecretString:username}}'
MasterUserPassword: '{{resolve:secretsmanager:MyRDSSecret:SecretString:password}}'
{% endraw %}

@rafavallina
Copy link
Contributor

I'm going to resolve this as it seems to have been cleared (thanks Clare!). We are looking to compile some best practices when writing a template, and will add this suggestion

@clareliguori clareliguori mentioned this issue Feb 10, 2021
Closed
@clareliguori clareliguori mentioned this issue Oct 13, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
proposed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@clareliguori @rafavallina @hine0088