Copilot-cli: CFN Conditions in addons

Created on 12 May 2020 · 11Comments · Source: aws/copilot-cli

In the wiki, there is no mention of condition for add ons. Is it supported or not?

areaddon typenhancement typrequest

Source

FarmaanElahi

Most helpful comment

Thanks that will definitely help in using the ecs cli v2 based along with
env specific resources.
Will use cfn output resources since that give better flexibility.

Keep up the good work on your on this.
Was able to get the cluster up and running for multiple env in minutes ❤️

On Tue, May 12, 2020, 11:25 PM Efe Karakus notifications@github.com wrote:

Or even adding secrets based on environment?

This is possible!
You can create a SSM SecureString parameter separately, and then inject it
as environment variable by modifying the manifest
https://github.com/aws/amazon-ecs-cli-v2/wiki/Manifests:

secrets:
MY_ENV_VAR_NAME: MY_SSM_PARAM_NAME

Here your application container will have the env variable
"MY_ENV_VAR_NAME" with the value of the secret store in the SSM parameter
"MY_SSM_PARAM_NAME".

Or is there anyway where we can import external cfn stack and put in
output.yaml

Mmm good question, I think this could work within the addons output.yaml
file:

Outputs:
MyOutputFromOtherStack:
Value: !ImportValue "MyOtherStack-SomeOutput"

Then your application container will receive the value as an environment
variable "MY_OUTPUT_FROM_OTHER_STACK"

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/aws/amazon-ecs-cli-v2/issues/915#issuecomment-627498480,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AESIMEHNTKUQHGP3ZKOJOFDRRGESHANCNFSM4M6U2RSQ
.

FarmaanElahi on 12 May 2020

❤5

All 11 comments

Hi @FarmaanElahi !

Unfortunately, we don't support conditions yet.
Added the task to our backlog to prioritize!

efekarakus on 12 May 2020

Then how can we create resource specific to env. Is it possible anyhow?

FarmaanElahi on 12 May 2020

I don't think it's possible at the moment 😔🙇.
We should look into creating an easy way of adding the Mappings and Conditions sections

efekarakus on 12 May 2020

Or is there anyway where we can import external cfn stack and put in
output.yaml, so we can use it based on the environment? Or even adding
secrets based on environment?

On Tue, May 12, 2020, 10:16 PM Efe Karakus notifications@github.com wrote:

I don't think it's possible at the moment 😔🙇.
We should look into creating an easy way of adding the Mappings and
Conditions sections

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/aws/amazon-ecs-cli-v2/issues/915#issuecomment-627462062,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AESIMEFMZV3TY7L6YGUULD3RRF4PHANCNFSM4M6U2RSQ
.

FarmaanElahi on 12 May 2020

Or even adding secrets based on environment?

This is possible!
You can create a SSM SecureString parameter separately, and then inject it as environment variable by modifying the manifest:

secrets:
  MY_ENV_VAR_NAME: MY_SSM_PARAM_NAME

Here your application container will have the env variable "MY_ENV_VAR_NAME" with the value of the secret stored in the SSM parameter "MY_SSM_PARAM_NAME".

Or is there anyway where we can import external cfn stack and put in
output.yaml

Mmm good question, I think this could work within the addons output.yaml file:

Outputs:
   MyOutputFromOtherStack:
     Value: !ImportValue "MyOtherStack-SomeOutput"

Then your application container will receive the value as an environment variable "MY_OUTPUT_FROM_OTHER_STACK"

efekarakus on 12 May 2020

👍1

Thanks that will definitely help in using the ecs cli v2 based along with
env specific resources.
Will use cfn output resources since that give better flexibility.

Keep up the good work on your on this.
Was able to get the cluster up and running for multiple env in minutes ❤️

On Tue, May 12, 2020, 11:25 PM Efe Karakus notifications@github.com wrote:

Or even adding secrets based on environment?

This is possible!
You can create a SSM SecureString parameter separately, and then inject it
as environment variable by modifying the manifest
https://github.com/aws/amazon-ecs-cli-v2/wiki/Manifests:

secrets:
MY_ENV_VAR_NAME: MY_SSM_PARAM_NAME

Here your application container will have the env variable
"MY_ENV_VAR_NAME" with the value of the secret store in the SSM parameter
"MY_SSM_PARAM_NAME".

Or is there anyway where we can import external cfn stack and put in
output.yaml

Mmm good question, I think this could work within the addons output.yaml
file:

Outputs:
MyOutputFromOtherStack:
Value: !ImportValue "MyOtherStack-SomeOutput"

Then your application container will receive the value as an environment
variable "MY_OUTPUT_FROM_OTHER_STACK"

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/aws/amazon-ecs-cli-v2/issues/915#issuecomment-627498480,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AESIMEHNTKUQHGP3ZKOJOFDRRGESHANCNFSM4M6U2RSQ
.

FarmaanElahi on 12 May 2020

❤5

Or even adding secrets based on environment?

This is possible!
You can create a SSM SecureString parameter separately, and then inject it as environment variable by modifying the manifest:
secrets:
  MY_ENV_VAR_NAME: MY_SSM_PARAM_NAME
Here your application container will have the env variable "MY_ENV_VAR_NAME" with the value of the secret stored in the SSM parameter "MY_SSM_PARAM_NAME".

Or is there anyway where we can import external cfn stack and put in
output.yaml

Mmm good question, I think this could work within the addons output.yaml file:
Outputs:
   MyOutputFromOtherStack:
     Value: !ImportValue "MyOtherStack-SomeOutput"
Then your application container will receive the value as an environment variable "MY_OUTPUT_FROM_OTHER_STACK"

@efekarakus Doesn't exactly work. I am getting the following error

Error: deploy application: check if changeset is empty: create change set ecscli-da4d9ccd-5a1b-44be-9e14-72c29cc5253b for stack savd-dev-content: ValidationError: [/Resources/TaskRole/Type/ManagedPolicyArns] 'null' values are not allowed in templates
status code: 400, request id: bf5f69db-e46b-4b90-b89e-f2131dade972: describe change set ecscli-da4d9ccd-5a1b-44be-9e14-72c29cc5253b for stack savd-dev-content: ChangeSetNotFound: ChangeSet [ecscli-da4d9ccd-5a1b-44be-9e14-72c29cc5253b] does not exist
status code: 404, request id: c2ab361c-b544-4ad7-bf7c-a7187ce2323e

Your suggestion worked when a resource file is added and referencing the created resource in the policy and adding the that in the output file. If I do that and also follow you suggestion of importing only then it works

FarmaanElahi on 14 May 2020

👍1

Sounds good!

Just to provide some visibility, we're still planning on improving the experience for addons templates to support conditionals and mappings.

We're also currently working on supporting a new command storage init (https://github.com/aws/amazon-ecs-cli-v2/issues/769) in the CLI to help you generate addons templates for S3 and DynamoDB. So hopefully that should make it easier in the future to get started with addons.

efekarakus on 14 May 2020

Finally was able to achieve that with a kind of a hack.

For somebody who what something like this till addons are fully ready

First of all I am creating resources in different stack and the naming convention is same as what cli does which is $Project-$Env-$App-ResourceName.
Using parameters defined in params.yaml. I am importing the different stack resource which has been exported
I am no more creating any resource. Just an empty random file apart from policy.yaml, outputs.yaml and params.yaml will work
Must have atleast one policy defined in policy.yaml
Atleast one policy need to be exported from outputs.yaml