Security News
The Push to Ban Ransom Payments Is Gaining Momentum
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.
cfn-resolver-lib
Advanced tools
Readme
JavaScript library that resolves and evaluates values in AWS CloudFormation templates based on the provided stack parameters and produces the JS object representation of the resolved CFN template.
Did you ever had to debug what's wrong with your AWS CloudFormation template and why your stack deployment fails? Your YAML/JSON could contain some logic with all kinds of nested intrinsic functions and CFN pseudo parameters and sometimes this can get even more complex when you use a tool (e.g. AWS CDK) that generates the file for you.
If you have more than couple of these in your templates it is quite time consuming to figure out which exactly caused the deployment to fail. This simple tool (cfn-resolver-lib and cfn-resolver-cli) tries to mitigate the issue by evaluating these logic and provide the final exact values that will be used in deployment time.
cfn-resolver can help you
s3_reader
IAM user has access to prod-uswest2-redshift-log
S3 bucket in us-west-2
region in your prod
stack.Check out cfn-resolver-cli
Install the npm package
npm i cfn-resolver-lib
Write your JavaScript code:
const NodeEvaluator = require('cfn-resolver-lib');
const stackParameters = {
RefResolvers:
{
"AWS::Region": "us-west-2",
"AWS::Partition": "aws",
"AWS::AccountId": "000000111111",
"Stage": "prod",
"AWS::StackId": "MyEvaluatedFakeStackUsWest2"
}
};
const resolvedObj = new NodeEvaluator(cloufFormationTemplateDeseralizedObj, stackParameters).evaluateNodes();
You can pass additional resolver maps to the NodeEvaluator
instance, just like RefResolvers
to customize or override the built-in behaviour.
By default the tool tries to resolve the attributes of resources that are defined within the template itself, but you have the opportunity to override the behaviour for specific cases. Just define the Fn::GetAtt resolver map for custom attribute resolution:
{
"Fn::GetAttResolvers": {
MyResourceLogicalId1: {
"AttribeteKey1": "TheOverridenAttributeValue"
}
}
}
With Fn::GetAtt
you can refer to ARN of an other resource defined in the template.
The tool supports ARN resolution for some of the most common AWS CloudFormation resource types (Lambda function, SQS queue, SNS topic, S3 bucket, DyanmoDB Table, etc), but user can provide additional ARN shemas to NodeEvaulator
intance:
{
"ArnSchemas": {
"AWS::DynamoDB::Table": "arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}"
}
}
The ${Partition}
, ${Region}
and ${Region}
placeholders will be resolved by using the stack parameters. The last placeholder of the arn schema (in the above example ${TableName}
) will be resolved from the attribute from the resource (if both the resource and its attribute can be found in the template).
Define yout Fn::ImportValue resolvers in the parameter map as the following:
{
"Fn::ImportValueResolvers": {
"OtherStacksExportedKey1": "MyFakeImportedValue1"
}
}
Feel free to implement any missing features or fix bugs. In any case don't forget to add unit tests.
FAQs
Library that resolves AWS Cloudformation templates with exact values
The npm package cfn-resolver-lib receives a total of 16,494 weekly downloads. As such, cfn-resolver-lib popularity was classified as popular.
We found that cfn-resolver-lib demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.
Application Security
New SEC disclosure rules aim to enforce timely cyber incident reporting, but fear of job loss and inadequate resources lead to significant underreporting.
Security News
The Python Software Foundation has secured a 5-year sponsorship from Fastly that supports PSF's activities and events, most notably the security and reliability of the Python Package Index (PyPI).