feat(cli): pass CloudFormation parameters to "cdk deploy" #6385
Conversation
This commit closes #1237 I have added the command line option --parameters, -P which allows for adding CloudFormation parameters at deploy time. The functionality for deploying with parameters was already present, but I have just added a way for the command line to pass it to the deployment code. The motivation for adding this functionality has been that we have a setup where we share an account with access to CloudFormation, which is why we do not want to have some fields in plain text, while they do not have access to other services, which did not support secrets within the fields we want to keep secret. This allows us to have parameters that can be kept secret from the templates, while also having parameters with NoEcho. I have verified this functionality by both deploying a cdk project with a CfnParameter from @aws-cdk/core, and an original CloudFormation template with parameters.
ghost
requested review from
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
There was a problem hiding this comment.
thanks for starting this PR - I'd also gotten started on a PR to implement this functionality, but I'm happy to collaborate on this one to sort out the remaining items.
- how does this work with wild card deploys (i.e.
cdk deploy "*") - would that result in every stack having duplicated parameters? - does
cdk diffaccount for parameters? / any considerations there? - are there any additional considerations for
nested stacks - We should update the
READMEfor the module - We should add integration tests
shivlaks
changed the title
shivlaks
changed the title
|
Thank you for your feedback!
|
mergify
bot
dismissed
shivlaks’s stale review
Pull request has been modified.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
This changes the syntax of the --parameter parameter, so that it is now possible to specify which stack a parameter is meant for, i.e. of you want a parameter to apply to `MyStack`, then you would pass it as --parameters MyStack:key=value While still being able to pass parameters to all stacks by omitting the stack name, i.e. --paramters key=value This is being added to support wild card deployments, and deployments with multiple stacks that do not neccessary contain the same parameters. I have verified these changes by deploying a multistack cdk project, where the stacks contains different parameters, and some shared parameters.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
I have added some integration tests of both wildcard and single deployments with parameters. While also fixing a bug found while testing.
|
I have added some tests and implemented the syntax for specifying which stack a parameter belongs to. |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
What’s needed to get this over the line please? It looks like we’re pretty close, no? We’re extremely keen to see this merged as it’ll open up using CDK for us as this particular issue is blocking us. Please let me know if I can help. |
|
Thank you for your interest @john-tipper currently we need to check whether this works with nested stacks, and we need to consider if this should impact |
|
|
I have implemented the version of the parameter parsing that I mentioned above, so if that is fine, then I think we could keep that. |
Adding integration test for nested stacks. Adding section in README.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
update: I spent some time testing it out
to resolve:
thoughts @john-tipper @dkanhakl |
I was just about to ask if this would happen. I don't think it should. I'm dealing with this right now with a stack that has a default parameter that is updated by an external event. I only want the default used for the initial stack creation. Whenever the stack template updates, I want it to use the existing non-default value. |
I agree that anything which is surprising to a customer without warning is not ideal (unless they're using the |
|
Thank you for the feedback and interest. I need to understand what you mean by removing a parameter. First of all, if I understand it correctly, regarding default parameters. If you have a default and apply a parameter from the cli, then it should follow the behaviour of cloudformation and override the default. (which is what should be implemented already) But currently if you do not change anything in the template, then it will not detect a redeploy with different parameters as a change, and does need a |
I have not tested the scenario that you mention here. Since I am still new to AWS, could you please elaborate how cloudformation handles this, or point me to some documentation of this behaviour? The current implementation has only added that the ability to pass parameters to the deployment command, and not changed anything to the actual deployment itself. Does anyone have any knowledge of how this has been handled with the cloudformation parameters that cdk already uses? |
Adding an example of using parameters to the README.md
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
It seems to be expected behavior for CF even though it's surprising and frustrating (typical for CF). If update-stack is sent to CF without parameters, then the default is used even if the parameters were set in a previous It's probably outside the scope of this PR. I'll open another PR after this one is merged. |
|
For some more context, this has been a long standing feature request for the AWS CLI aws/aws-cli#2589 |
@joehillen do you mind creating a feature-request issue for that functionality? I agree that it should be addressed in a different PR @dkanhakl this is looking good, I'm running some final tests and will make some quick tweaks to the README, but otherwise I think we're looking good to move this one forward! . |
It doesn't currently provide a helpful error message indicating that you've tried to do this. I'd like to address that in a follow-on PR as I think it would be helpful to detect and provide a helpful message indicating that it can be replaced by using |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
* feat(aws-cdk): pass cloudformation parameters to "cdk deploy" This commit closes #1237 I have added the command line option --parameters, -P which allows for adding CloudFormation parameters at deploy time. The functionality for deploying with parameters was already present, but I have just added a way for the command line to pass it to the deployment code. The motivation for adding this functionality has been that we have a setup where we share an account with access to CloudFormation, which is why we do not want to have some fields in plain text, while they do not have access to other services, which did not support secrets within the fields we want to keep secret. This allows us to have parameters that can be kept secret from the templates, while also having parameters with NoEcho. I have verified this functionality by both deploying a cdk project with a CfnParameter from @aws-cdk/core, and an original CloudFormation template with parameters. * feat(cli): pass cloudformation parameter to "cdk deploy" This changes the syntax of the --parameter parameter, so that it is now possible to specify which stack a parameter is meant for, i.e. of you want a parameter to apply to `MyStack`, then you would pass it as --parameters MyStack:key=value While still being able to pass parameters to all stacks by omitting the stack name, i.e. --paramters key=value This is being added to support wild card deployments, and deployments with multiple stacks that do not neccessary contain the same parameters. I have verified these changes by deploying a multistack cdk project, where the stacks contains different parameters, and some shared parameters. * feat(cli): pass cloudformation parameters to "cdk deploy" I have added some integration tests of both wildcard and single deployments with parameters. While also fixing a bug found while testing. * feat(cli): pass cloudformation parameters to "cdk deploy" Adding integration test for nested stacks. Adding section in README. * feat(cli): pass cloudformation parameters to "cdk deploy" Adding an example of using parameters to the README.md * update README * more README cleanup Co-authored-by: Elad Ben-Israel <[email protected]> Co-authored-by: Shiv Lakshminarayan <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
* feat(aws-cdk): pass cloudformation parameters to "cdk deploy" This commit closes aws#1237 I have added the command line option --parameters, -P which allows for adding CloudFormation parameters at deploy time. The functionality for deploying with parameters was already present, but I have just added a way for the command line to pass it to the deployment code. The motivation for adding this functionality has been that we have a setup where we share an account with access to CloudFormation, which is why we do not want to have some fields in plain text, while they do not have access to other services, which did not support secrets within the fields we want to keep secret. This allows us to have parameters that can be kept secret from the templates, while also having parameters with NoEcho. I have verified this functionality by both deploying a cdk project with a CfnParameter from @aws-cdk/core, and an original CloudFormation template with parameters. * feat(cli): pass cloudformation parameter to "cdk deploy" This changes the syntax of the --parameter parameter, so that it is now possible to specify which stack a parameter is meant for, i.e. of you want a parameter to apply to `MyStack`, then you would pass it as --parameters MyStack:key=value While still being able to pass parameters to all stacks by omitting the stack name, i.e. --paramters key=value This is being added to support wild card deployments, and deployments with multiple stacks that do not neccessary contain the same parameters. I have verified these changes by deploying a multistack cdk project, where the stacks contains different parameters, and some shared parameters. * feat(cli): pass cloudformation parameters to "cdk deploy" I have added some integration tests of both wildcard and single deployments with parameters. While also fixing a bug found while testing. * feat(cli): pass cloudformation parameters to "cdk deploy" Adding integration test for nested stacks. Adding section in README. * feat(cli): pass cloudformation parameters to "cdk deploy" Adding an example of using parameters to the README.md * update README * more README cleanup Co-authored-by: Elad Ben-Israel <[email protected]> Co-authored-by: Shiv Lakshminarayan <[email protected]> Co-authored-by: mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>
This commit closes #1237
I have added the command line option --parameters, -P which allows for
adding CloudFormation parameters at deploy time.
The functionality for deploying with parameters was already present,
but I have just added a way for the command line to pass it to the
deployment code.
The motivation for adding this functionality has been that we have
a setup where we share an account with access to CloudFormation, which
is why we do not want to have some fields in plain text, while they do
not have access to other services, which did not support secrets within
the fields we want to keep secret. This allows us to have parameters
that can be kept secret from the templates, while also having parameters
with NoEcho.
I have verified this functionality by both deploying a cdk project
with a CfnParameter from @aws-cdk/core, and an original CloudFormation
template with parameters.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license