'Can cloudformation SSM dynamic reference with type StringList resolve to list?
Dynamic references to SSM parameters are supported within cloudformation templates
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html
The documentation states that you can Use the ssm dynamic reference to include values stored in the Systems Manager Parameter Store of type String or StringList in your templates.
We are trying to reference a parameter of type StringList in our template using the syntax {{resolve:ssm:parameter-name:version}} and have it resolve to a list of strings in the template (more specifically, a list of SecurityGroupIds for an EC2 instance). This has not worked, and the documentation does not specify how to do this or if it is supported. We have tried using Fn::Split however it appears this gets called before dynamic value gets resolved. We are unable to use SSM values in the parameters section of the template, where this is documented. Does anyone know if it is possible to have {{resolve ... to a list of strings?
amazon-cloudformationSolution 1:[1]
AWS Support has responded to my request about this issue and explained that the answer to my question is no, it is not currently supported. The full text of their response is below.
Currently, CFN can take a StringList type, but such StringList is being returned as comma separated string values resulting in one long string. Therefore, in cases where we need it to become multiple values like an array or list of strings, for example a list of SecurityGroup Ids for an EC2 instance, it is not presently supported.
With that said, I dug further and found we internally have this as an existing feature request to which I have added your voice to help gain more traction for this feature. I do not have an ETA to share as the service team is discreet about their timeline/worklog. However, if/when the feature becomes available, it shall be publicly announced at the following places:
- AWS What's New: https://aws.amazon.com/new/
- CloudFormation Release History: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/ReleaseHistory.html
Solution 2:[2]
While waiting for AWS to implement the pending feature request for {{resolve: ... dynamic references to resolve to 'List of String' type, you can work around this currently using the SSM parameter type of AWS::SSM::Parameter::Value<List<String>> with a default value corresponding to the SSM parameter you want to reference:
Parameters:
SecurityGroups:
Type: AWS::SSM::Parameter::Value<List<String>>
Default: security-groups
Resources:
Type: AWS::EC2::Instance
Properties:
SecurityGroupIds: !Ref SecurityGroups
Solution 3:[3]
If you need to work around this using CDK v2 typescript, the following works with the unfortunate limitation that you need to know the size of the StringList a priori.
const paramName = "/test/param";
const cfnParameter = new CfnParameter(this, "ListParam", {type: "AWS::SSM::Parameter::Value<List<String>>", default: paramName});
const list = cfnParameter.valueAsList;
const size = 3
for (let i = 0; i < size; i++) {
new CfnOutput(this, `Output${i}`, {value: Fn.select(i, list)})
}
There doesn't seem to be a way to actually determine the size of list because the entity is a token and only resolved at CDK deploy time and will only have a length of 1 before that.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | ekcrisp |
| Solution 2 | wjordan |
| Solution 3 | Mark |