Aws-cli: Allow aws cloudformation deploy to use template-url

Created on 23 Feb 2017 · 10Comments · Source: aws/aws-cli

As the How to create serverless applications using AWS SAM says :

SAM template is deployed to AWS CloudFormation by creating a changeset using the SAM template followed by executing the changeset... ...Alternatively, you can use aws cloudformation deploy CLI command to deploy the SAM template. Under-the-hood it creates and executes a changeset and waits until the deployment completes.

Nevertheless, a Cloudformation create-change-set allows to use the --template-url parameter, however the aws cloudformation deploy command does not. Please update the CLI to support --template-url while doing a deploy.

This is a feature already available on the AWS Management Console, where you can deploy your stack using the URL that points to a template that is located in an S3 bucket.

AWS CLI version: 1.11.46

cloudformation packagdeploy customization feature-request

Source

armaseg

👍20

Most helpful comment

The lack of this also makes it hard to follow https://aws.amazon.com/blogs/devops/aws-cloudformation-security-best-practices/ and restrict access to a specific template.

lox on 16 Jun 2017

👍6

All 10 comments

Marking as a feature request. @sanathkr Any thoughts on this?

kyleknap on 24 Feb 2017

Possible, but the problem is deploy command does a bit more than create-change-set. It allows you to specify only certain parameters that you'd like to override, instead of all the parameters in your template. It reads your template and passes UsePreviousValue=True for parameters that have not been overridden. If your template is in S3, we have to pull it down, which the CLI might not have permissions for.

sanathkr on 24 Feb 2017

The lack of --template-url support means that aws cloudformation deploy templates are limited to 51200 bytes in size.

Even if --template-url wouldn't allow UsePreviousValue that would be a useful feature.

jghaines on 24 Mar 2017

👍3

Is there any timeline for this feature or a workaround available(other than splitting the template)? My template is affected by the limit.

matbos on 11 Apr 2017

👍4

One workaround is to split the template.

Alternatively, you can rewrite the deploy logic using AWS CLI. You just need to:

Check for the existence of the stack aws cloudformation describe-stacks - and parse the stderr for "does not exist"
Create a change-set aws cloudformation create-change-set - using --change-set-type CREATE or UPDATE appropriately
Wait for creation to complete aws cloudformation wait change-set-create-complete
Do an aws cloudformation describe-change-set and check the StatusReason for "The submitted information didn't contain changes"
Conditionally execute the change-set aws cloudformation execute-change-set. Don't execute no-op changesets.
Wait for the change-set to execute. aws cloudformation wait change-set-create-complete waits for the CREATE_COMPLETE status and behaves badly in case of failure (takes 1 hour to time-out). Instead, write a loop to poll aws cloudformation describe-stacks for the stack status. There are 16 possible statuses

jghaines on 25 May 2017

The lack of this also makes it hard to follow https://aws.amazon.com/blogs/devops/aws-cloudformation-security-best-practices/ and restrict access to a specific template.

lox on 16 Jun 2017

👍6

Yeah, this is definitely an issue we should fix. this requires quite a bit of changes to the code. PRs appreciated!

Instead of reading a local file, AWSCLI will pull the template from given S3 location, parse the parameters out, merge with the parameter overrides arguments, and call create-change-set with S3 template URL instead of uploading the template text

sanathkr on 28 Jun 2017

@stealthycoin Where did things leave off with this? It looks like it was just closed, but I still don't see support for aws cloudformation deploy --template-url in the latest cli version. What am I missing?

I ended up just using create-stack, but still interested in options here.