I have a parameter "SecretKey" and I want to provide a default value to it (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html) and the default value would be a generated random string. I already have a lambda function to do the generation of the key and a custom resource (call it RandomSecretKey) to get the value. Ultimately, I want to be able to do this in the parameters section:
"SecretKey": {
  ...
  "Default": { "Fn::GetAtt": ["RandomSecretKey", "Value"] }
}
And this parameter would be referenced somewhere.
But this doesn't work because CloudFormation expects a static String based on the error message. Is there a way to do this?
You use the Ref intrinsic function to reference a parameter, and AWS CloudFormation uses the parameter's value to provision the stack. You can reference parameters from the Resources and Outputs sections of the same template.
The Fn::GetAtt intrinsic function returns the value of an attribute from a resource in the template. For more information about GetAtt return values for a particular resource, refer to the documentation for that resource in the Resource and property reference.
To import existing resources into a CloudFormation stack, you need to provide: A template that describes the entire stack, including both the resources to import and (for existing stacks) the resources that are already part of the stack. Each resource to import must have a DeletionPolicy attribute in the template.
Pseudo parameters are parameters that are predefined by AWS CloudFormation. You don't declare them in your template. Use them the same way as you would a parameter, as the argument for the Ref function.
No. It's not possible to have a dynamic default value for CloudFormation. The reason being that the template has not executed at all at the time that parameters are being collected.
If you want this to be a parameter, your generated value will have to be generated outside of the template and passed into the template as a parameter. You could do this from a bootstrapping creation script.
Alternatively, you should be able to use a Custom Resource in your template to generate your random secret key. It should be able to persist through stack updates.
References:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With