How to use a CfnParameter in AWS CDK without filling in the value at runtime

Question

I have been attempting to use the AWS CDK to programmatically build a CloudFormation stack template, but am having trouble with using CfnParameters to parameterize the template.

When I write a template manually in json/yaml, I declare ParameterGroups with nested Parameters lists, as well as defining the individual parameters including Type, Description, AllowedPattern, etc. Then in the definition of my resources, I can reference those parameters via Ref values, eg

"CidrBlock": {
  "Ref": "MyVpcCidr"
}

My question is how do I use this feature via the CDK, defining a parameter and referencing it later in the template?

I have tried the following using software.amazon.awscdk.core.CfnParameter, but receive an error

final CfnParameter myVpcCidrParameter =
    CfnParameter.Builder.create(this, "MyVpcCidr")
        .type("String")
        .description("The CIDR block for the VPC")
        .build();

final Vpc vpc =
    Vpc.Builder.create(this, "vpc")
        .cidr(myVpcCidrParameter.getValueAsString()) // <-- error on this line
        .enableDnsSupport(true)
        .enableDnsHostnames(true)
        .build();
...

The error states

JsiiException: 'cidr' property must be a concrete CIDR string, got a Token

which seems reasonable because myVpcCidrParameter.getValueAsString() returns "${Token[TOKEN.10]}".

However I don't see any other method on CfnParameter or the Vpc.Builder to allow me to use a parameter reference to specify the property value as a reference to my parameter.

What is the proper way to use the CDK to build a template with parameters and resources defined using those parameters?

Does this answer your question? https://stackoverflow.com/questions/64574020/aws-cdk-any-way-to-pass-vpc-cidr-through-input-parameter — gshpychka, Nov 01 '21 at 16:53
@gshpychka This question is clearer and defines the requirement in a better way. Also, none of the answer to the other question seem to answer what is asking here. — Paolo, Nov 01 '21 at 17:14
The top answer answers the question - you cannot do this with CfnParameters, and you shouldn't. It provides a canonical alternative. — gshpychka, Nov 01 '21 at 17:46
You won't find a canonical answer, since the use of CfnParameters in CDK is discouraged. — gshpychka, Nov 01 '21 at 18:18
Sure, but it does mean non-canonical. It does seem impossible with the L2 construct at least, though. — gshpychka, Nov 01 '21 at 18:41
To clarify - it doesn't seem that `cidr` accepts a reference in cloudformation. Has your experience been different? — gshpychka, Nov 08 '21 at 12:32

score 1 · Answer 1 · answered Nov 30 '21 at 19:28

Your use of CfnParameters looks correct however there are known issues when used with resources such as:

VPCs
Load balancers
Load balancer targets

Here's an explanation of why this occurs.

A better alternative would be to use CDK context

Here's your example updated using context:

final String myVpcCidr = (String)this.getNode().tryGetContext("myVpcCidr");

final Vpc vpc =
    Vpc.Builder.create(this, "vpc")
        .cidr(myVpcCidr) // <-- Use context value
        .enableDnsSupport(true)
        .enableDnsHostnames(true)
        .build();

Similar to parameters, you can provide the context key/value via CLI:

cdk synth --context myVpcCidr=value MyStack

Context values can also be provided to your AWS CDK app in 5 other ways:

Automatically from the current AWS account.
In the project's cdk.context.json file.
In the context key of the project's cdk.json file.
In the context key of your ~/.cdk.json file.
In your AWS CDK app using the construct.node.setContext() method.

See the CDK context docs for more info.

How to use a CfnParameter in AWS CDK without filling in the value at runtime

1 Answers1