A routes target can be a network interface ID.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-route.html#cfn-ec2-route-networkinterfaceid

I want to make an AWS::IAM::Role that utilizes an AWS Managed Policies. Currently we require
policies to passed in like ManagedPolicyArns: Option[Seq[ResourceRef[AWS::IAM::ManagedPolicy]]]. Unfortunately, I can't build a ResourceRef for the AWS Managed Policies since they only have an ARN. We need to build some new mechanism to allow these to be passed in as well. Ideally we should support a list of both AWS and customer managed policies

Coveralls is failing my pull request that adds Kinesis support because it decreases coverage by 0.2% - the affected files are the S3.scala and Resource.scala files, which I have not modified. Not sure why this is happening.

In issue #57, our good friend @ddgenome changed Fn::Not, Fn::And, and Fn::Or to require a ConditionRef. As I'm working to update our usage of the library to the new version, I'm now realizing this is not correct. These functions can accept more than just a ConditionRef. They can accept themselves, along with Fn::Equals, in addition to accepting a reference to a defined condition. For example, a condition that checks if a given parameter is not blank would look like this:

``Fn::Not(Fn::Equals`(a = ParameterRef(serviceELBSubdomainNameParameter), b = StringToken("")))`

The only way to make that work in the new model is to define the equals as a intermediate condition, even if I don't ever plan to use it, and then define an additional condition for the Not.

Similarly, if you wanted to do a compound condition that nests Ands and Ors together, you'd have to define an intermediate condition for each component of that.

Of course the easiest "fix" is to back this out and go back to Token[String], but a better solution would be to come up with a type structure that allows the valid types of Fn::Not, Fn::And, Fn::Or, Fn::Equals, and ConditionRef. I have to admit that I'm still not quite a master of the type system enough to see exactly how to do this, though I'm trying to figure it out. @ddgenome or anyone else, if you have thoughts on this, please let me know.

I do believe the change to Fn::If is correct, however. It does require a named condition.

CFTG's type safety starts causing problems when trying to reference one template as a stack inside another. An example of this is if you want to have your core VPC structure in one template, include that as a AWS::CloudFormation::Stack, and then put instances into the VPC's subnets from your main template.

To do this in regular CFN, you would expose the subnet IDs as Outputs in the VPC template, and then reference them with a GetAtt, such as like this:

"SubnetId": {
     "Fn::GetAtt": ["VPCStack", "Outputs.PrivateSubnet2"]
}

However, our implementation of AWS::EC2::Instance expects Subnet ID as follows:

SubnetId:               Token[ResourceRef[`AWS::EC2::Subnet`]]

Our implementation of Fn::GetAtt is typed only to String, so we can't pass it in as something that meets the AWS::EC2::Subnet criteria.

This is an issue throughout the library -- anywhere where you may want to reference something from a parent template, if that resource's parameter is typed, you're out of luck. There's an assumption in the library that you're going to reference something you've defined within the template, and thus you'll have a typed reference to pass in. That's no longer the case when we start nesting and want to reference things with GetAtt

Of course none of this is a problem in CloudFormation itself, since all of this serializes down to simple strings in the JSON output. This is just an issue with our stronger typing.

The AWS::DynamoDB:Table case class derives from Resource, which has a DependsOn field of type Seq[String]. This is incompatible with the CloudFormation format for DynamoDB, which requires a single string for the DependsOn attribute - if an array of strings is given instead, it is ignored.

When I try to create an SNS Topic Policy that contains multiple policy statements, I get an error from CloudFormation: “Invalid parameter: Every policy statement must have a unique ID.”

Here's an example of the topic policy I'd like to create:

val topicPolicy = `AWS::SNS::TopicPolicy`("TopicPolicy",
  PolicyDocument = PolicyDocument(Statement = Seq(
    PolicyStatement(
      Effect = "Allow",
      Action = Seq(
        "sns:Publish"
      ),
      Principal = Option(DefinedPrincipal(Map("Service" → Seq("cloudformation.amazonaws.com")))),
      Resource = Option(ResourceRef(topic))
    ),
    PolicyStatement(
      Effect = "Allow",
      Action = Seq(
        "sns:Publish"
      ),
      Principal = Option(DefinedPrincipal(Map("AWS" → Seq(`Fn::Sub`("arn:aws:iam::${AWS::AccountId}:user/bholt"))))),
      Resource = Option(ResourceRef(topic))
    )
  )),
  Topics = Seq(topic)
)

I think this might be because PolicyStatement is missing a Sid field, because if I manually edit the generated JSON and add Sid elements with unique values to each policy statement, the stack creates successfully.

I wondered if someone else is using this successfully, and if so, could share an example of how they do it? If not, is there a reason that Sid is not currently part of PolicyStatement?

Current the Description property is Option[String], which means it's not possible to include CloudFormation expressions in the value. I think it would be preferable to make Description an Option[Token[String]] instead. I will be submitting a PR accordingly.

As of 2/26, Amazon now supports creating NAT gateways through Cloud Formation with a native type.
https://aws.amazon.com/about-aws/whats-new/2016/02/aws-cloudformation-adds-support-for-amazon-vpc-nat-gateway-amazon-ec2-container-registry-and-more/

We should add that type to the EC2 model and deprecate the custom CF type I wrote.

See http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-natgateway.html

I am willing to implement this, but have a question about how to implement the CustomJson field, as it must serialize to a Json object, rather than a string containing json.

The correct output would be of the following format:

{ "field": { "subObjectField": "value" } }

Rather than

{"field" : " { \"subObjectField\" : \"value\" } "}

As far as I can see there is no other field like this currently implemented.

PlacementStrategies parameter was introduced recently in CloudFormation.

Something like:

sealed trait `AWS::Region`
object `AWS::Region` extends DefaultJsonProtocol {
  case object `AWS::Region::us-east-1` extends `AWS::Region`
  case object `AWS::Region::us-west-1` extends `AWS::Region`
  ...

  implicit val format: JsonFormat[AWSRegions] = new JsonFormat[AWSRegions] {
    override def write(obj: AWSRegions)= JsString(obj.toString)
    override def read(json: JsValue): AWSRegions = {
      json.toString match {
        case "us-east-1"  => `AWS::Region::us-east-1`
        case "us-west-1" => `AWS::Region::us-west-1`
        ...
      }
    }
  }
}

AWS::IAM::InstanceProfile and AWS::IAM::ManagedPolicy specify the type of Path to be String and Option[String], respectively. These should be changed to Token[String] and Option[Token[String]].

AWS::IAM::User, AWS::IAM::Role, and AWS::IAM::Group are already using Token[String] as the Path type.

cool goodie as seen here:

9747233

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-eip-association.html

Follow up to PR #136, in src/main/scala/com/monsanto/arch/cloudformation/model/resource/S3.scala:

• Add QueueConfigurations: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-queueconfig.html
• Add Filter: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-queueconfig.html and https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-notificationconfig-lambdaconfig.html

CloudFormation fails to create an ECS service with the error Unable to assume role and validate the specified targetGroupArn. Please verify that the ECS service role being passed has the proper permissions. when the role does not yet exist.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html#gatewayattachment indicates that

When you use Auto Scaling or Amazon Elastic Compute Cloud (Amazon EC2) to create container instances for an Amazon ECS cluster, the Amazon ECS service resource must have a dependency on the Auto Scaling group or Amazon EC2 instances, as shown in the following snippet. That way the container instances are available and associated with the Amazon ECS cluster before AWS CloudFormation creates the Amazon ECS service.

Add support for the following CloudFormation resources:

• AWS::Logs::Destination
• AWS::Logs::LogGroup
• AWS::Logs::LogStream
• AWS::Logs::MetricFilter
• AWS::Logs::SubscriptionFilter

Model currently lacking Redshift support. I will take a stab, should be pretty easy to add aside from the number of properties on the cluster object which Spray may not like so much.

Load Balancing -
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html

Load Balancing Listener -
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html

Load Balancer Listener Rule -
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html

Load Balancer Target Group -
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html

Now that I've used CFTG for a while, it's become pretty obvious that almost everything should be a Token[A] to support parameters, functions, etc.

I propose changing the following parameters of AWS::RDS::DBInstance to support Token types:

• AllowMajorVersionUpgrade
• AutoMinorVersionUpgrade
• AvailabilityZone
• BackupRetentionPeriod
• DBSnapshotIdentifier
• EngineVersion
• MultiAZ
• OptionGroupName
• PreferredBackupWindow
• PreferredMaintenanceWindow
• PubliclyAccessible
• StorageEncrypted

Currently it only accepts a literal CidrBlock.

CloudFormation does not seem to currently support EMR.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-subnet.html#cfn-ec2-subnet-mappubliciponlaunch

The library is missing support for the Fn::Split intrinsic function, which would be useful for e.g. importing a list of subnets from a VPC stack into a stack defining a Lambda that needs to run in that VPC.

I am preparing a pull request that adds support for Fn::Split.

Hi,

I recently stumbled across your work and I'm busy rewriting my Cfndsl templates to Scala using it. One issue that I have is that I use an existing VPC in my templates, so I have a token (or parameter) for my VPC. The builders provided by cloudformation-template-generator however require a proper AWS::EC2::VPC or similar implicit. (Specifically, withVPC and withSubnet are being issues.)

Is there an easy way to convert my token (or parameter) to a resource type, or will I have to fork and extend the project?

Hi, are there any plans to implement support for the ECS/ECR related entities (AWS docs here)? Specifically:

• AWS::ECR::Repository
• AWS::ECS::Cluster
• AWS::ECS::Service
• AWS::ECS::TaskDefinition

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2-instance-privateipaddress

There's 24 methods within this code-base that will throw.

???

scala> ???
scala.NotImplementedError: an implementation is missing
  at scala.Predef$.$qmark$qmark$qmark(Predef.scala:230)
  ... 30 elided

Reference to 24

$pwd
/.../cloudformation-template-generator
$grep -r 'def read' src/main/ | grep '???' | wc -l
      24

I'm guessing that most of them are due to a non-implemented read that's likely not used in practice.

  implicit def format2: JsonFormat[ResourceRef[_]] = new JsonFormat[ResourceRef[_]] {
    def write(obj: ResourceRef[_]) = AmazonFunctionCall.format.write(obj)

    //TODO: Implement Readers, but this is necessary to get Seq[T] JsonFormat for ResourceRef's
    def read(json: JsValue) = ???
  }

If the read, i.e. JsValue => A method is not needed, then, I would expect that only a JsonWriter instance should be provided.

There are use cases in which you might want to use a ParameterRef within a Fn::Join. This works just fine for String/Int parameters. However if the case of a CidrParameter or IPAddress you end up with a Token[CidrParameter] instead of a Token[String].

Example code:

import com.monsanto.arch.cloudformation.model._
import com.monsanto.arch.cloudformation.model.resource._
import com.monsanto.arch.cloudformation.model.simple.Builders._
import TransportProtocol._
import spray.json._
import DefaultJsonProtocol._
​
object Broke {
  val vpcCidrBlockParameter = CidrBlockParameter(
    name        = "VPCCIDR",
    Default     = CidrBlock(10,0,0,0,16),
    Description = "The VPC net block (CIDR)"
  )
  val sParameter = StringParameter(
    name        = "Stringy",
    Default     = "nothing",
    Description = "Something"
  )
  val vpcTemplate = withVpc(ParameterRef(vpcCidrBlockParameter)) { implicit vpc =>
    withAZ("us-east-1a") { implicit az =>
      withSubnet("Subnet", CidrBlock(10, 0, 0, 0, 24)) { implicit subnet =>
        val instance = `AWS::EC2::Instance`(
          name = "simple",
          InstanceType = "t2.micro",
          KeyName = "none",
          SubnetId = subnet,
          ImageId = AMIId("blech"),
          Tags = Seq(),
          SecurityGroupIds = Seq(),
          UserData = Some(`Fn::Base64`(`Fn::Join`("", Seq(
            "foo",
            ParameterRef(sParameter), // this is fine
            "bar",
            ParameterRef(vpcCidrBlockParameter), // comment this out and all is cool 

           /* hacky solution
           Token.fromFunction(ParameterRef(vpcCidrBlockParameter)).asInstanceOf[Token[String]]
           */
            "baz"
          ))))
        )
        Template.fromResource(instance)
      }
    }
  }
}

Thanks to @ddgenome for reporting.

Currently, DBSubnetGroup expects users to pass in SubnetIds as Seq of ResourceRefs and hence does not support ParameterRef.

I attempted to make code changes to allow for this, but it seems like it's hard to do this without breaking backward compatibility. The main issue is that the output JSON in case of ParameterRef needs to be like:
"SubnetIds": {"Ref": "subnets"}
instead of the usual (when subnets are passed as Seq of ResourceRef):

SubnetIds": [
  {"Ref": "subnet1"},
  {"Ref": "subnet2",
]

Here is what I tried:

1. Create a new AWS::EC2::Subnet_Parameter_List type that has AWS Type as ListAWS::EC2::Subnet::Id and Rep = Seq[AWS::EC2::Subnet].

2. Change the type of SubnetIds to Seq[Token[ResourceRef[AWS::EC2::Subnet]]] but this results in incorrect json.
   SubnetIds": [ {"Ref": "subnets"} ]

3. Change the type of SubnetIds to Token[Seq[ResourceRef[AWS::EC2::Subnet]]] but the implicit conversion from Resource to ResourceRef does not kick in (Token[Seq[Resource]] does not implicit convert to Token[Seq[ResourceRef]]).

4. Introduce a new ResourcesRef type like:

   case class ResourcesRef[R <: Resource[R]](rs: Seq[R]) {
   val arguments = rs.map(r => ResourceRef(r))
   def serializeArguments = arguments.toJson
   }
   object ResourcesRef extends DefaultJsonProtocol {
   
   implicit def fromResourceRefs[R <: Resource[R]](rs: Seq[ResourceRef[R]]): ResourcesRef[R] = ResourcesRef(rs.map(_.r))
   
   implicit def fromParameterRef[R <: Resource[R]](parameterRef: ParameterRef[Seq[R]]): ResourcesRef[R] = {
   ???
   }
   
   implicit def format[R <: Resource[R]]: JsonFormat[ResourcesRef[R]] = new JsonFormat[ResourcesRef[R]] {
     def write(obj: ResourcesRef[R]) = obj.serializeArguments
   
     //TODO: Implement Readers, but this is necessary to get Seq[T] JsonFormat for ResourceRef's
     def read(json: JsValue) = ???
   }
   }
   

   but as you can see, I can't figure out how to convert ParameterRef to ResourcesRef.

Any guidance on this will be much appreciated.

As of 2/26, Elastic Search domains can be created in CF.

https://aws.amazon.com/about-aws/whats-new/2016/02/aws-cloudformation-adds-support-for-amazon-vpc-nat-gateway-amazon-ec2-container-registry-and-more/
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html

It looks like #122 added support for Scala 2.12, but I don't see an artifact published in JCenter. Am I just missing something or is publishing for 2.12 not enabled yet?

Announcement: https://aws.amazon.com/about-aws/whats-new/2017/04/aws-cloudformation-adds-support-for-amazon-cognito-ebs-elastic-volumes-and-updates-resource-coverage/

• IdentityPool - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypool.html
• IdentityPoolRoleAttachment -
  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-identitypoolroleattachment.html
• UserPool - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html
• UserPoolClient - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html
• UserPoolGroup - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolgroup.html
• UserPoolUser - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpooluser.html
• UserPoolUserToGroupAttachment - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolusertogroupattachment.html

See http://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#host-conditions

This should be as simple as adding a host-pattern RuleCondition builder similar to

def `path-pattern`(Values: Seq[String]): RuleCondition = RuleCondition(Some("path-pattern"), Some(Values))

Every time I add or remove objects (resources, parameters, etc.), the output JSON is completely shuffled. After I make a change to the Scala code, I'd like to review the change in the output JSON. The random order makes it very difficult.

AWS::Route53::RecordSet currently has generalRecord() and generalRecordByID() to support creating record sets by either the hosted zone name or ID. Alias records, which must be created differently than other record types, can only be created with a hosted zone name. This prevents creating alias records when more than one hosted zone have the same name (for example, internal hosted zones for multiple VPCs that all have the same name like "internal.company.com").

Hey, I really like the work you've done here. Not an expert in scala so I'm just wondering if there is a better way to do what I need.

Currently the RouteTableId parameter for AWS::EC2::Route is a Token[ResourceRef[AWS::EC2::RouteTable]]. However in my case the default route table is already created in aws and is passed in as a parameter.

So I need to do

AWS::EC2::Route`(
    name = "RouteToMainVpc",
    RouteTableId = ParameterRef(defaultVpcRouteTableIdParameter),
    DestinationCidrBlock = cidrBlock,
    connectionBobber = VPCPeeringRoute(vpcPeeringConnection)
  )

That doesn't work, but if I change the signature of that parameter to Token[String]. Then everything seems to be good. I imagine what I've done is remove the type safety, can you explain how you decide on using Token[String] vs Token[ResourceRef[some_aws_thing]].

Thanks

See guoshimin@cf2ac98

> test
[warn] Credentials file /Users/shimin/.bintray/.credentials does not exist
[info] Compiling 7 Scala sources to /Users/shimin/src/github.com/guoshimin/cloudformation-template-generator/target/scala-2.11/test-classes...
[error] /Users/shimin/src/github.com/guoshimin/cloudformation-template-generator/src/test/scala/com/monsanto/arch/cloudformation/model/TemplateDoc_AT.scala:91: value / is not a member of scala.collection.immutable.Range.Inclusive
[error]               val sshToBastion = ParameterRef(allowSSHFromParameter) ->- (22 to 22) / TCP ->- bastion
[error]                                                                                     ^
[error] one error found
[error] (test:compileIncremental) Compilation failed
[error] Total time: 7 s, completed Aug 11, 2015 9:38:26 AM

A route's target can be a peering connection: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-route.html

CloudFormation supports nesting stacks within other stacks. This is an important capability that is missing as of 3.3.4. I've added support for it in a fork and will submit a PR shortly.

Requested by Autodesk.

The MountPoints parameter of com.monsanto.arch.cloudformation.model.resource.ContainerDefinition is missing according to http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-containerdefinitions.html#cfn-ecs-taskdefinition-containerdefinition-mountpoints

It would be helpful to build this project for Scala 2.10 to enable more easily using it from sbt. For example, we have Scala services that are assembled to either jars uploaded to S3 (e.g. for AWS Lambda functions) or Docker images published to our private Docker registry. In both cases, the publishing happens from an sbt plugin. It would be great to define a CloudFormation stack as part of the build and have it created or updated by executing something like sbt deploy.

However, since sbt is essentially a version behind Scala itself (sbt 0.13 is compiled with Scala 2.10), it's not easy to include this library as a dependency of an sbt 0.13 plugin. I'm working around it now by including the CloudFormation code as a sub-project that writes the template to a local file. sbt runs the sub-project, reads in the generated file, and then uses the AWS SDK to create or update the CloudFormation stack. This is inconvenient in several ways, as you can imagine.

I tried compiling the library using 2.10, but ran into problems with case classes with more than 22 parameters. Before I try refactoring those case classes, I wanted to get some feedback on the overall goal, and whether, in the end, you're open to supporting Scala 2.10.

Follow up to #155, add remaining optional fields to AWS::Events::Rule

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-events-rule.html

Hello!

Love this project! Exactly what I was looking for - I wanted to create a SBT plugin for my project which when executing release task - would also auto generate the cloudformation task definition templates. This sbt plugin would glean the necessary information from the build settings to generate the template.

However, more than a quarter of my sbt plugins have not been cross compiled for 2.11.

Would it be possible to compile and release this library against scala 2.10?

Thank you for considering my request!

Using version:

"com.monsanto.arch" % "cloud-formation-template-generator_2.11" % "3.6.0"

Right now AWS::CloudFormation::Stack takes [Map[String, String]], which only allows for hard coded parameter values. At the very least, we want values to be a Token[String] so that we can reference parameters to this template that we want to pass through to the nested template.

Even this isn't perfect, however, since we have parameter types that are typed more strongly than string. For example, to pass a CidrBlockParameter through, we'd have to "convert" it to a StringParameter as follows:

ParameterRef(StringParameter(vpcCidrParameter.name))

This seems hacky, especially since the "conversion" here is only to satisfy the type system...the underlying JSON generated is the same. Should see if we can come up with some implicit conversions.

As of 3.3.4 there is no support for the AWS::Lambda::Alias or AWS::Lambda::Version resource types. This is required for many deployment scenarios including mine.

I've implemented this in a fork and will be submitting a PR shortly.

Seems like at some point (my fault I'm sure) we had a number of direct-to-master commits, should we merge those back into develop and get back to the standard flow? @ddgenome is that the way to fix it?