0

I am trying to form a text with /. here is my cloudformation code:

Resources:
  KeyAlias:
    Type: AWS::KMS::Alias
    DependsOn: KMSKey  
    Properties:
      AliasName: alias/!Sub ${project}-${EnvironmentApp}
      TargetKeyId:
        Ref: KMSKey

I get a constraint validation error on this line:

AliasName: alias/!Sub ${project}-${EnvironmentApp}

Apparently cfn does not like / there. However when I replace the sub function with something static like :

"AliasName": alias/test

Also when I use join as follows:

      AliasName:
        - Fn::Join:
          - "/"
          - - 'alias'
            - Ref: project
            - Ref: EnvironmentApp

I get the following error:

Value of property AliasName must be of type String

How can I achieve the above and pass the constraint issue? Or is it possible at all?

Hamed Minaee
  • 2,480
  • 4
  • 35
  • 63

1 Answers1

1

Try using the Sub intrinsic function as follows (not tested)

AliasName: !Sub
  - alias/${project}-${EnvironmentApp}
  - { project: !Ref project, EnvironmentApp: !Ref EnvironmentApp}

Based on the Cloudformation docs for AWS::KMS::Alias, you must include the /

Also you don't need the DependsOn in this case since KMSKey is referenced in the TargetKeyId

maafk
  • 6,176
  • 5
  • 35
  • 58
  • Yes it worked so what is this: - { project: !Ref project, EnvironmentApp: !Ref EnvironmentApp}? project and EnvironmentApp are params I get from user so now I am confused if I use sub then replacement should happen why do we need - { project: !Ref project, EnvironmentApp: !Ref EnvironmentApp} – Hamed Minaee Sep 21 '17 at 23:29
  • I went based on the [Sub documentation example](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-sub.html#w2ab2c21c28c56c11). You could also try something like `AliasName: !Sub alias/${project}-${EnvironmentApp}` I think your initial problem was having 'alias/' before using `!Sub` – maafk Sep 22 '17 at 13:38