Aws-cdk: ParameterOverrides string can fail CloudFormation character limit
It is possible to generate a CloudFormation template with a value in the CodePipeline.Stages.Actions.Configuration.ParameterOverrides field that violates the maximum character limit.
Reproduction Steps
new CloudFormationCreateUpdateStackAction({
parameterOverrides: {
test: "somethingOver1000Characters..."
}
});
Error Log
Pipeline (PipelineXYZ) 1 validation error detected: Value at 'pipeline.stages.4.member.actions.1.member.configuration' failed to satisfy constraint: Map value must satisfy constraint: [Member must have length less than or equal to 1000, Member must have length greater than or equal to 1]
Environment
- CLI Version : aws-cli/1.16.130 Python/3.7.4 Darwin/18.7.0 botocore/1.12.120
- Framework Version: 1.20
- OS : macOS
- Language : TypeScript
Other
As a possible solution, it seems the JSON to string transformation performed here could be adapted to make us of the Fn::Join function.
Looking at the tests it would suggest this is already being done but I have not been able to generate a CFN template that uses Fn::Join as asserted here.
This is :bug: Bug Report
lukehedger
All 6 comments
Hey @lukehedger ,
thanks for opening the issue. Couple of follow-up questions:
- I'm not sure what the original ask is. Do you want us to perform this validation sooner, so that it fails at CDK build time, instead of deployment time?
- To force the use of
Fn::Join, you can pass a Token inside the parameters; for example, similar like the test does:
new cpactions.CloudFormationCreateUpdateStackAction({
// ...
parameterOverrides: {
RepoName: new codecommit.Repository(this, 'Repo', {
repositroyName: 'repo'
}).repositoryName,
},
}));
But I'm pretty sure using Fn::Join would not get you around the 1000 character limit.
Thanks,
Adam
skinny85
on 10 Jan 2020
Hey @skinny85 - thanks for the message. The ask is primarily how do I change the generation of the parameterOverrides value to stop throwing this error.
I am using the parameterOverrides to provide the dynamic S3 location of Lambda code (for 4 Lambdas) at the pipeline's runtime, as described in this example:
parameterOverrides: {
...props.lambdaCode.assign(lambdaBuildOutput.s3Location),
}
The output looks something like this:
"ParameterOverrides": "{\"LambdaSourceBucketNameParameter00000000\":{\"Fn::GetArtifactAtt\":[\"LambdaBuildOutput\",\"BucketName\"]},\"LambdaSourceObjectKeyParameter00000001\":{\"Fn::GetArtifactAtt\":[\"LambdaBuildOutput\",\"ObjectKey\"]}
How would I pass a Token here to force use of Fn::Join?
Or is the only way to actually get around the 1000 character limit to shorten the keys or split up the Lambdas across multiple stacks?
lukehedger
on 13 Jan 2020
Or is the only way to actually get around the 1000 character limit to shorten the keys or split up the Lambdas across multiple stacks?
Yes. I'm 99% certain using Fn::Join would not change anything here.
I think the solution you're looking for is this: https://github.com/aws/aws-cdk/issues/1588#issuecomment-550502381
skinny85
on 13 Jan 2020
Okay thanks @skinny85 I will use this solution. Thanks for your help!
lukehedger
on 14 Jan 2020
No problem, let me know if that fixes your issue!
skinny85
on 14 Jan 2020
All fixed, thanks @skinny85!
lukehedger
on 14 Jan 2020
Related issues
vgribok
路
3Comments
eladb
路
3Comments
pepastach
路
3Comments
EduardTheThird
路
3Comments
PaulMaddox
路
3Comments
Most helpful comment
All fixed, thanks @skinny85!