kickstarter / cfn-flow Goto Github PK

View Code? Open in Web Editor NEW

169.0 169.0 15.0 127 KB

A practical workflow for AWS CloudFormation

Ruby 100.00%

cfn-flow's People

Contributors

Stargazers

Watchers

Forkers

jameszh ktheory natachas doismellburning sudharsans agiza claytonbrown mukteshkrmishra manishnakar cmoel devopsred onuryaz rahul-shivalkar-cldcvr iq-scm

cfn-flow's Issues

"-capabilities CAPABILITY_IAM" feature

I am tryint to run a CF template which looks like this:

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "Lambda and API Gateway",
  "Resources": {
      "LambdaExecutionRole": {
        "Type": "AWS::IAM::Role",
        "Properties": {
          "AssumeRolePolicyDocument": {
            "Version": "2012-10-17",
            "Statement": [{
              "Effect": "Allow",
              "Principal": {
                "Service": ["lambda.amazonaws.com"]
              },
              "Action": ["sts:AssumeRole"]
            }]
          },
          "Policies": [{
            "PolicyName": "lambdalogtocloudwatch",
            "PolicyDocument": {
              "Version": "2012-10-17",
              "Statement": [{
                "Effect": "Allow",
                "Action": ["logs:CreateLogGroup", 
                "logs:CreateLogStream",
                "logs:PutLogEvents"],
                "Resource": "arn:aws:logs:*:*:*"
              }]
            }
          }]
        }
      }
  }
}

When I deploy it, the cnf-flow command returns this exception:

cfn-flow deploy prod
/usr/local/rvm/gems/ruby-2.3.0@global/gems/aws-sdk-core-2.6.49/lib/seahorse/client/plugins/raise_response_errors.rb:15:in `call': Requires capabilities : [CAPABILITY_IAM] (Aws::CloudFormation::Errors::InsufficientCapabilitiesException)

Any chance I can force this CAPABILITY_IAM feature to avoid the exception?

Many thanks,
VG

Add `update` command

This is the simplest way to support backing resources that shouldn't change between deploys (e.g., security groups, or SQS queues).

How Can I specify number of instance in my template. My requirement is, User will input the number of required instances, based on that the EC2 instance should be spin up. I will use single AMI image in all instances.

Please let me know the syntax for the same.

Timely response much appreciated.
Warm Regards,
Karthik

YAML to JSON conversion unnecessary and broken

CloudFormation now supports YAML templates natively, rendering cfn-flow's "converts from YAML to JSON" obsolete

In addition, CloudFormation Intrinsic Functions have a YAML "short form" (e.g. !GetAtt foo.bar) that cfn-flow naïvely transforms to JSON, turning a valid CF YAML template into invalid CF JSON

(If you confine yourself to the "long form" of the functions, it's fine)

--cleanup proceeds after failed release

I had a CFN stack rollback after timing out on the signal, but cfn-flow still prompted me to delete the old stack. The difference in CFN output is subtle, so I didn't spot the rollback immediately and went ahead with the delete.

Add tests

Document pattern for "backing resources"

Add examples for how to use cfn-flow with backing resources.

Backing resources are re-used across deploys, and may include:

security groups
IAM roles & instance profiles
RDS instances

`cfn-flow deploy` ignores `--help`

As a CLI user, I expect a --help argument to, ideally, give me the help for a command, or at the least, give me an error message about an unexpected argument.

Instead today I experienced:

$ bundle exec cfn-flow deploy --help
Launching stack merchantredir-1475950289
# Snip

This was mildly distressing...!

Alas I don't Ruby well enough to be able to diagnose this myself, but browsing the Thor repo suggests that Thor should respond sensibly to --help...

I believe I'm using latest and sensible versions:

$ cat Gemfile.lock 
GEM
  remote: https://rubygems.org/
  specs:
    aws-sdk (2.6.5)
      aws-sdk-resources (= 2.6.5)
    aws-sdk-core (2.6.5)
      jmespath (~> 1.0)
    aws-sdk-resources (2.6.5)
      aws-sdk-core (= 2.6.5)
    cfn-flow (0.11.1)
      aws-sdk (~> 2.1, >= 2.1.8)
      multi_json
      thor (~> 0.18)
    jmespath (1.3.1)
    multi_json (1.12.1)
    thor (0.19.1)

PLATFORMS
  ruby

DEPENDENCIES
  cfn-flow

BUNDLED WITH
   1.12.5

Feature Request: CREATED_AT time in `cfn-flow list`

It'd be rad to see when a stack was created (for doing cleanup after a deploy in which you didn't pass the --cleanup flag) in cfn-list.

delete me

Open source this repo

Cleanup can't consistently find it's previous stacks

Sometimes if names are similar it thinks that backing stacks should be cleaned up too. Maybe we could use an extra tag or something to link together versions of stacks.

Finding stacks to clean up
Are you sure you want to shut down elk-logstash-1445471608? y
Deleted stack elk-logstash-1445471608
Are you sure you want to shut down elk-logstash-elb? n

Add callback hooks for extending/integrating cfn-flow

Emit events before/after:

uploading templates
launching a stack
shutting down a stack

That would allow users to, say, check that tests have passed before deploying, and log when a deploy succeeds.

Include examples for checking GitHub commit status before deploying to production environment.

Update aws sdk

I've tried making a patch for #25 but the aws sdk gem dependency is so old it doesn't recognize things like Export support Fn::Sub.

Side note: is this project still supported/active?

Add support for --profile flag for specifying AWS credentials profile

Instead of relying on environment variables or the "default" profile for AWS credentials, it'd be great if one could specify --profile for cfn-flow networking fetching commands (deploy, list, etc.) that specified which AWS credentials profile to use.

This matches the CLI interface that the official AWS CLI tool provides:

http://docs.aws.amazon.com/cli/latest/reference/

Feature request: Stack output

It'd be rad to have the stack's Output logged once a cfn-flow deploy is finished.

Can you use outputs in cfn-flow.yml without specifying a stack name?

Fn::ImportValue is able to find outputs without specifying the stack name. In my case the stack name is dynamic so I am unable to specify one.

Currently it fails when I omit the stackname, however works when I use the cloudformation ImportValue function (which omits a stack name).

Can I do something like this in my cfn-flow.yml?

Parameters:
  my_param:
    output: output_from_another_stack

cfn-flow should work outside of a git directory

$ cfn-flow list
fatal: Not a git repository (or any of the parent directories): .git
/usr/local/opt/rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/cfn-flow-0.7.0/lib/cfn-flow/git.rb:10:in `sha': Error running `git rev-parse --verify HEAD` (Thor::Error)
    from /usr/local/opt/rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/cfn-flow-0.7.0/lib/cfn-flow/cli.rb:31:in `<class:CLI>'
    from /usr/local/opt/rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/cfn-flow-0.7.0/lib/cfn-flow/cli.rb:2:in `<module:CfnFlow>'
    from /usr/local/opt/rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/cfn-flow-0.7.0/lib/cfn-flow/cli.rb:1:in `<top (required)>'
    from /usr/local/opt/rbenv/versions/2.2.2/lib/ruby/2.2.0/rubygems/core_ext/kernel_require.rb:54:in `require'
    from /usr/local/opt/rbenv/versions/2.2.2/lib/ruby/2.2.0/rubygems/core_ext/kernel_require.rb:54:in `require'
    from /usr/local/opt/rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/cfn-flow-0.7.0/lib/cfn-flow.rb:138:in `<top (required)>'
    from /usr/local/opt/rbenv/versions/2.2.2/lib/ruby/2.2.0/rubygems/core_ext/kernel_require.rb:54:in `require'
    from /usr/local/opt/rbenv/versions/2.2.2/lib/ruby/2.2.0/rubygems/core_ext/kernel_require.rb:54:in `require'
    from /usr/local/opt/rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/cfn-flow-0.7.0/bin/cfn-flow:3:in `<top (required)>'
    from /usr/local/opt/rbenv/versions/2.2.2/bin/cfn-flow:23:in `load'
    from /usr/local/opt/rbenv/versions/2.2.2/bin/cfn-flow:23:in `<main>'