This awesome CloudFormation feature is not talked about enough!
AWS CloudFormation provides parameters to get input from users. You can further validate these parameters by restricting the user input to, say, a list of values, or a regex pattern or a range of numbers.
The above template uses NoEcho which masks your user input as asterisks. It also uses AWS specific parameter “AWS::EC2::KeyPair::KeyName” which would automatically create a drop-down of EC2 Key-Pairs.
Now, these validation are quite helpful. But you usually want more customization! A parameter value may depend on another, e.g., You use a VPC parameter and then another parameter which has a list of subnets to pick from. A user could pick any of the subnets even if they’re not in that VPC!! 😦
This is where “Cross-parameter validation” comes in. 😄
A “Rules” section can be added which would include “assertions”. These assertions can validate the other parameters in the CloudFormation. In the template below, the list of subnets is being validated against the selected VPC.
You’d receive this kind of validation error:
The functionality can further be customized. You can have conditional assertions, i.e., the rule would run if a certain condition is met.
If ConfirmPassword is set to ‘Yes’, the assertions would check if both the passwords are equal, if not, display an error.
Note:
- Not all intrinsic functions can be used within Rules. Here is the list of valid functions.
- Negative Assertions don’t seem to be working. e.g., if you try to assert a parameter should not be empty, the assertions doesn’t seem to work. (or maybe I couldn’t make it work!! Please share if you could)
- Here is a CloudFormation template from AWS.
