Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

S3 Directives Override package Bucket/BucketOwner #656

Open
georgealton opened this issue Mar 7, 2025 · 0 comments
Open

S3 Directives Override package Bucket/BucketOwner #656

georgealton opened this issue Mar 7, 2025 · 0 comments

Comments

@georgealton
Copy link
Contributor

georgealton commented Mar 7, 2025
edited
Loading

When rain packages a templates all objects are uploaded to the S3 Bucket passed into the pkg command, but sometimes artifacts need to be in specific Buckets.

My use case here:
In a CloudFormation Stack, I define an AWS::CloudFormation::StackSet Resource, and that StackSet deploys to different Regions. I'd like that template to look something like

AWSTemplateFormatVersion: "2010-09-09"

Resources:
  Hooks:
    Type: AWS::CloudFormation::StackSet
    Properties:
      StackSetName: Hooks
      StackInstancesGroup:
        - Regions:
            - us-east-1
          DeploymentTargets:
            OrganizationalUnitIds:
              - ou-xyz-123
          ParameterOverrides:
            - ParameterKey: S3URIAWSDynamoDBTable
              ParameterValue: !Rain::S3
                Path: path/to/ddb/hook.guard
                Bucket: hooks-us-east-1
                BucketOwner: 012345678912
                Extension: guard
        - Regions:
            - eu-west-1
          DeploymentTargets:
            OrganizationalUnitIds:
              - ou-xyz-123
            - ParameterKey: S3URIAWSDynamoDBTable
              ParameterValue: !Rain::S3
                Path: path/to/ddb/hook.guard
                Bucket: hooks-eu-west-1
                BucketOwner: 012345678912
                Extension: guard
         ...

The template the stackset deploys takes the S3 URI (generated by rain) as a Parameter.

Parameters:
  S3URIAWSDynamoDBTable:
    Type: String

Resources:
  AWSDynamoDBTable:
    Type: AWS::CloudFormation::GuardHook
    Properties:
      Alias: Some::AWSDynamoDBTable::Policy
      ExecutionRole: !Sub arn:aws:iam::${AWS::AccountId}:role/CloudFormationHooks
      FailureMode: WARN
      HookStatus: ENABLED
      LogBucket: !Sub some-aws-cloudformation-hooks-logs-${AWS::Region}
      RuleLocation:
        Uri: !Ref S3URIAWSDynamoDBTable
      TargetFilters:
        InvocationPoints:
          - PRE_PROVISION
        Actions:
          - CREATE
          - UPDATE
        TargetNames:
          - AWS::DynamoDB::Table
      TargetOperations:
        - RESOURCE
        - CHANGE_SET

Would you be open to this as a feature?

I solve this currently by doing the artifact uploads in CI outside of rain, then passing the Object Names in as Parameters to the StackSet, and building the S3 URIs with !Sub, but I'd like to do this in rain as it reduces the wiring complexity.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@georgealton