1

Let's consider the following Mappings and FindInMap are used in the same AWS CloudFormation template. They will work.

Now, consider the VpcIds under Mappings are in the master.yaml template, and I am trying to create the EgressOnlyInternetGateway resource from the nested.yaml template using those Mappings located in the master.yaml template.

How can I accomplish this?

# master.yaml
Mappings:
  VpcIds:
    us-east-1: 
      "123456789012": "vpc-00011122233344455"
      "234567890123": "vpc-11122233344455566"
    us-west-1: 
      "123456789012": "vpc-22233344455566677"
      "234567890123": "vpc-33344455566677788"


# nested.yaml
Resources:
  EgressOnlyInternetGateway:
    Type: AWS::EC2::EgressOnlyInternetGateway
    Properties:
      VpcId: !FindInMap [VpcIds, !Ref "AWS::Region", !Ref "AWS::AccountId"]

Update: I am trying to create a resource MyTestNestedSg in MyTestNestedStack (MyTestNestedStack.yaml) using the a mapped parameter defined in MyTestMasterStack as showing below. I am getting error: Parameter values specified for a template which does not require them, against MyTestNestedStack.

How can I resolve this?

Please note that the resource MyTestMasterSg under MyTestMasterStack is just for the completeness.

# MyTestMasterStack.yaml
Mappings:
  VpcIds:
    us-east-1: 
      "123456789012": "vpc-00011122233344455" 
      "234567890123": "vpc-11122233344455566" 

Resources:
  MyTestNestedStack:
    Type: AWS::CloudFormation::Stack
    Properties: 
      Parameters: 
        VpcId: !FindInMap [VpcIds, !Ref "AWS::Region", !Ref "AWS::AccountId"]
      TemplateURL: "https://s3.amazonaws.com/my_template_bucket_name/MyTestNestedStack.yaml"
      TimeoutInMinutes: 60

  MyTestMasterSg:
    Type: AWS::EC2::SecurityGroup
    Properties:
      VpcId: "vpc-017a12485ad93e94a"
      GroupDescription: Testing resource creation wtih Mappings from the parent Stack
      GroupName: MyTestMasterSg
      SecurityGroupIngress:
        - CidrIp: 10.1.0.0/16
          FromPort: 80
          IpProtocol: tcp
          ToPort: 80

# MyTestNestedStack.yaml
Resources:
  MyTestNestedSg:
    Type: AWS::EC2::SecurityGroup
    Properties:
      VpcId: !Ref VpcId
      GroupDescription: Testing resource creation wtih Mappings from the parent Stack
      GroupName: MyTestNestedSg
      SecurityGroupIngress:
        - CidrIp: 10.1.0.0/16
          FromPort: 8080
          IpProtocol: tcp
          ToPort: 8080
Rafiq
  • 1,380
  • 4
  • 16
  • 31

1 Answers1

2

You can't do this. You have to past resolved mapping values through Parameters to your AWS::CloudFormation::Stack resource.

Nested stacks should be self sufficient and they don't have access to the parent stack's parameters, mappings or resources. They can only work with data that you explicitly pass through Parameters of AWS::CloudFormation::Stack resource.

So in parent stack you would have to do:

MyNestedStack:
  Type: AWS::CloudFormation::Stack
  Properties: 
    Parameters: 
      VpcId : !FindInMap [VpcIds, !Ref "AWS::Region", !Ref "AWS::AccountId"]
  TemplateURL: String

Update

Your MyTestNestedStack.yaml is missing Paramters:

Parameters:
  
  VpcId:
    Type: AWS::EC2::VPC::Id
Marcin
  • 215,873
  • 14
  • 235
  • 294
  • Thanks @Marcin for the prompt response. I followed this. Then I in `MyNestedStack` template, I used this reference `VpcId: !Ref VpcId` for creating a security group, but it failed with error `Parameter values specified for a template which does not require them.` against `MyNestedStack`. Not sure if I am missing anything else. – Rafiq Jan 27 '21 at 01:55
  • 1
    @Rafiq Can you update your question with current state of your templates? – Marcin Jan 27 '21 at 01:56
  • 1
    @Rafiq I updated the answer. Please have a look. – Marcin Jan 27 '21 at 02:53