AWS Cloudformation/Codepipeline 参数:[ProjectId] 必须有值

AWS Cloudformation / Codepipeline Parameters: [ProjectId] must have values

我正在尝试创建一个简单的(目前)云 formation/code 管道集成,但是在为 cloudformation 生成变更集时出现错误。

我的代码管道使用以下代码构建输出 YML(下面的模板):- aws cloudformation package --template template.json --s3-bucket $S3_BUCKET --output-template template-export.yml 导出然后进入云形成以创建变更集。

当它尝试创建变更集时,出现此错误 Parameters: [ProjectId] must have values (Service: AmazonCloudFormation; Status Code: 400; Error Code: ValidationError; Request ID: 4d20b24f-fd8b-11e8-9014-599dd1a18437)

出了什么问题?

输入template.json

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": {
    "ProjectId": {
      "Type": "String",
      "Description": "Codepipeline cloudformation test"
    },
    "Stage": {
      "Default": "",
      "Type": "String",
      "Description": "I am guessing some thing goes here"
    }
  },
  "Resources": {
    "LambdaExecutionRole": {
      "Type": "AWS::IAM::Role",
      "Description": "Creating service role in IAM for AWS Lambda",
      "Properties": {
        "RoleName": {
          "Fn::Sub": "CodeStar-${ProjectId}-Execution${Stage}"
        },
        "AssumeRolePolicyDocument": {
          "Statement": [{
            "Action": "sts:AssumeRole",
            "Effect": "Allow",
            "Principal": {
              "Service": [
                "lambda.amazonaws.com"
              ]
            }
          }]
        },
        "ManagedPolicyArns": [
          "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
        ],
        "Path": "/"
      }
    },
    "CreateUser": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Handler": "API/CreateUser.handler",
        "Code": "API/CreateUser.py",
        "Role": {
          "Fn::GetAtt": [
            "LambdaExecutionRole",
            "Arn"
          ]
        },
        "Runtime": "python2.7",
      }
    }
  }

}

codebuild 模板的输出-export.yml

AWSTemplateFormatVersion: '2010-09-09'
Parameters:
  ProjectId:
    Description: Codepipeline cloudformation test
    Type: String
  Stage:
    Default: ''
    Description: I am guessing some thing goes here
    Type: String
Resources:
  CreateUser:
    Properties:
      Code:
        S3Bucket: xxxx
        S3Key: xxxx
      Handler: API/CreateUser.handler
      Role:
        Fn::GetAtt:
        - LambdaExecutionRole
        - Arn
      Runtime: python2.7
    Type: AWS::Lambda::Function
  LambdaExecutionRole:
    Description: Creating service role in IAM for AWS Lambda
    Properties:
      AssumeRolePolicyDocument:
        Statement:
        - Action: sts:AssumeRole
          Effect: Allow
          Principal:
            Service:
            - lambda.amazonaws.com
      ManagedPolicyArns:
      - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
      Path: /
      RoleName:
        Fn::Sub: CodeStar-${ProjectId}-Execution${Stage}
    Type: AWS::IAM::Role

其他信息:

Cloudformation 正在使用具有完全管理员权限的 IAM。 allow *

生成变更集设置:

这里的问题是您没有将值传递给 cloudformation 模板中的 ProjectId 参数,如果您在此处查看模板片段:

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": {
    "ProjectId": {
      "Type": "String",
      "Description": "Codepipeline cloudformation test"
    },
    "Stage": {
      "Default": "",
      "Type": "String",
      "Description": "I am guessing some thing goes here"
    }
  },

您已经为参数 Stage 指定了默认值,而 ProjectId 没有任何默认值,这意味着如果您没有在 CLI 命令中指定您希望 ProjectId 值是什么,那么它将什么都不是将导致验证失败,因为它期望有一个针对该参数的字符串,而实际上该值为 None.

如果改为这样做:

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": {
    "ProjectId": {
      "Default": "",
      "Type": "String",
      "Description": "Codepipeline cloudformation test"
    },
    "Stage": {
      "Default": "",
      "Type": "String",
      "Description": "I am guessing some thing goes here"
    }
  },

这意味着该条目将是一个空字符串,但 cloudformation 模板不应再失败验证。