AWS cloudformation 嵌套堆栈因模板 URL 失败

Posted 2023-03-28

【中文标题】AWS cloudformation 嵌套堆栈因模板 URL 失败

【英文标题】：AWS cloudformation nested stacks failed by template URL

【发布时间】：2021-12-29 19:20:01

【问题描述】：

我是 cloudformation 的新手，但在当前项目中有一个模板，该模板在一个唯一文件中包含所有资源，我们尝试使用嵌套堆栈选项将多个文件分开。当我尝试部署模板时，下一条消息执行失败：

$ aws s3 cp testing-substack.yml s3://gitlab-cicd

upload: ./testing-substack.yml to s3://gitlab-cicd/testing-substack.yml


$ aws cloudformation package --template-file testing-mainstack.yml --s3-bucket gitlab-cicd --output-template testing-packstack.yaml

Unable to upload artifact substack-amp.yml referenced by TemplateURL parameter of SubstackA resource.
TemplateURL parameter of SubstackA resource is invalid. It must be a S3 URL or path to CloudFormation template file. Actual: /builds/project-0/substack-amp.yml

接下来包含两个模板（lambda 函数只有一个“Hello world”：

testing-mainstack.yml

测试A

Resources:
  SubstackA:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      TemplateURL: testing-substack.yml

测试 B

Resources:
  SubstackA:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      TemplateURL: s3://gitlab-cicd/testing-substack.yml

子栈模板：testing-substack.yml

  TestingSubLambda:
    Type: AWS::Serverless::Function
    Properties:
      Description: "Testing lambda inside substack"
      CodeUri: ./
      Handler: lambda-two.lambda_handler
      Runtime: python3.8
      FunctionName: TestingSubLambda
      # Role: arn:aws:iam::000365055762:role/lambda-essential-role
      Timeout: 480
      # Events:
      #   B2bCImportOrdersApiEvent:
      #     Type: Api
      #     Properties:
      #       Path: /b2b-channels/import-orders
      #       Method: GET
      #       RestApiId: !Ref B2bCAPIDev

如何确定将子堆栈定义为主堆栈的正确方法？

【参考方案1】：

TemplateURL 应该写成 S3 中的 URL，因此是https://...。

在this doc，写成：

TemplateURL: https://s3.amazonaws.com/cloudformation-templates-us-east-1/S3_Bucket.template

【参考方案2】：

我修复了@Shimo响应的问题，另外，使用SAM客户端。

子栈 A

AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'

Resources:
  TestingSubLambdaA:
    Type: AWS::Serverless::Function
    Properties:
      Description: "Testing lambda mnain substack"
      CodeUri: lambda-one/
      Handler: lambda-one.lambda_handler
      Runtime: python3.8
      FunctionName: TestingSubLambdaA
      Timeout: 480

子栈 B

AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'

Resources:
  TestingSubLambdaB:
    Type: AWS::Serverless::Function
    Properties:
      Description: "Testing lambda secondar substack"
      CodeUri: lambda-two/
      Handler: lambda-two.lambda_handler
      Runtime: python3.8
      FunctionName: TestingSubLambdaB
      Timeout: 480

主栈

Resources:
  SubstackA:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      TemplateURL: https://<S3-BUCKET>.s3.<AWS-REGION>.amazonaws.com/test-subkstack-a.yml
      TimeoutInMinutes: 5
      
  SubstackB:
    Type: 'AWS::CloudFormation::Stack'
    Properties:
      TemplateURL: https://<S3-BUCKET>.s3.<AWS-REGION>.amazonaws.com/test-subkstack-b.yml
      TimeoutInMinutes: 5

最后，我在发送到 S3 容器之前打包子堆栈模板。

sam package -t testing-substack-a.yml --s3-bucket <S3-BUCKET> --output-template-file test-subkstack-a.yml --region ap-northeast-1

sam package -t testing-substack-b.yml --s3-bucket <S3-BUCKET> --output-template-file test-subkstack-b.yml --region <AWS-REGION>

aws s3 cp test-subkstack-a.yml s3://<S3-BUCKET>

aws s3 cp test-subkstack-b.yml s3://<S3-BUCKET>

sam package -t testing-mainstack.yml --s3-bucket <S3-BUCKET> --output-template-file testing-packstack.yml --region <AWS-REGION>

sam deploy --template-file testing-packstack.yml --stack-name TestingStackDeploy --region <AWS-REGION> --capabilities CAPABILITY_AUTO_EXPAND CAPABILITY_IAM