2

I'm stuck with creating ssm.CfnAssociation due to I'm novice in AWS CDK and CloudFormation also. I'm trying to create AWS Systems Manager State Manager task (AWS-RunAnsiblePlaybook) by ssm.CfnAssociation, but I have misunderstanding how can I define parameters? I want to set in parameters url to s3 for playbook. As from CDK docs it should be: parameters (Union[IResolvable, None, Mapping[str, Union[IResolvable, Forwardref]]]) – AWS::SSM::Association.Parameters.

By AWS docks Type: Map of ParameterValues -> { "ParameterValues" : [ String, ... ] }

I've tried to define various types for parameters, but I always have error: Value did not match any type in union: Expected object reference, got {"plybook":"s3-url"},Value did not match any type in union: Expected object reference, got "s3-url",Expected object reference, got "s3-url" If I'm using ssm.CfnAssociation.ParameterValuesProperty for matching to key playbookurl, I have and error on the deploying step: SSMAssociation/SSMAssociation (SSMAssociation6148DA19) Value of {Parameters} must be a map where each value is a list of {String}

Could you please help me with it, because have no idea what type and how should be proper for parameters? Thank you.

class SSMAssociation(core.Construct):

def __init__(self, scope: core.Construct, id: str, 
ssm_association_name: str, **kwargs) -> None:
    super().__init__(scope, id, **kwargs)

    ssm_param_values = ssm.CfnAssociation.ParameterValuesProperty(
        parameter_values=["s3://test-ansible-test1-pl1/playbook1.yml"],
    )

    ssm_tartgets = ssm.CfnAssociation.TargetProperty(
        key="CDK-Type",
        values="EC2Instance",
    ),

    ssm_association = ssm.CfnAssociation(
        self, "SSMAssociation",
        name=ssm_association_name,
        output_location=None,
        parameters={
            "playbookurl": ssm_param_values,
        },

        targets=None,
    )
Serhii Novokhatskyi
  • 51
  • 5

2 Answers2

0

At this moment work around for this issue it's a way of using CfnInclude instead of CfnAssociation. But in my opinion it would be better to use CfnAssociation in a proper way.

class SSMAssociationConstruct(core.Construct):

def __init__(self, scope: core.Construct, id: str, 
             playbook_url: str,
             ec2_tag_key: str,
             ec2_tag_value: str,
             **kwargs) -> None:
    super().__init__(scope, id, **kwargs)

    if playbook_url is not None:
        cfn_include = core.CfnInclude(
            self, "CfnInclude",
            template={
                "Resources": {
                    "SSMAssociation": {
                        "Type" : "AWS::SSM::Association",
                        "Properties" : {
                            "AssociationName" : "SSMRunAnsible" ,
                            "Name" : "AWS-RunAnsiblePlaybook",
                            "ScheduleExpression": "cron(0 0/30 * * * ? *)",
                            "Parameters" : {
                                "playbookurl":[playbook_url],
                            },
                            "Targets" : [{
                                "Key": f"tag:{ec2_tag_key}",
                                "Values": [f"{ec2_tag_value}"]
                            }]
                          }
                    }
                }
            }
        )
Serhii Novokhatskyi
  • 51
  • 5
0

As mentioned above according to the python docs, parameters is (Union[IResolvable, None, Mapping[str, Union[IResolvable, Forwardref]]]) – AWS::SSM::Association.Parameters, so what you did is correct

I just verified cdk synth accepts:

    ssm_param_values = ssm.CfnAssociation.ParameterValuesProperty(
        parameter_values=["s3://test-ansible-test1-pl1/playbook1.yml"],
    )
    ssm_association = ssm.CfnAssociation(
        self, "SSMAssociation",
        name=ssm_association_name,
        output_location=None,
        parameters={
            "playbookurl": ssm_param_values,
        },

        targets=None,
    )

On the following versions

Python 3.7.4

aws-cdk.aws-events==1.18.0

aws-cdk.aws-iam==1.18.0

aws-cdk.aws-kms==1.18.0

aws-cdk.aws-s3==1.18.0

aws-cdk.aws-ssm==1.18.0

aws-cdk.core==1.18.0

aws-cdk.cx-api==1.18.0

aws-cdk.region-info==1.18.0

However the deploy issue still exists, where it seems that you should be using ssm_param_values.parameter_values, but it's not accepted by CDK

Filed an issue on CDK, although it may be a CF bug.

The CF documentation is certainly misleading, reported feedback:

  • Syntax says Parameters is just a key: value pair map
  • [Parameters][4] specifies a Map of [ParameterValues][5], matching CDK behaviour
Efren
  • 4,003
  • 4
  • 33
  • 75