avatarTeri Radichel

Summary

The website content discusses the author's decision to stop using CloudFormation's ImportValue due to issues with syntax, alignment of import and export names, and the shift to a multi-account architecture, opting instead for a more reliable method of inserting parameter values with guardrails in their framework.

Abstract

The author, Teri Radichel, shares their frustration with the ImportValue function in AWS CloudFormation, citing repeated problems with syntax, maintaining consistent naming conventions, and the complexities introduced by a multi-account architecture. As a result, they have chosen to abandon the use of ImportValue in favor of a custom method that involves manually looking up and inserting necessary values as parameters within their CloudFormation templates. This approach is part of a larger framework they are developing, which includes guardrails to ensure security and reliability. The author also notes the importance of proper AWS CLI configuration to avoid issues such as referencing stacks in the wrong region, which can lead to unclear error messages from AWS. The post concludes with the author's intention to use this documented approach in future to save time.

Opinions

  • The author finds ImportValue in CloudFormation to be problematic and a source of wasted time due to its complexity and unclear error messages.
  • They express a desire for AWS to allow the use of the shorter !ImportValue syntax instead of the more verbose Fn::ImportValue within a Sub function.
  • The author has encountered specific issues such as handling empty values and region configuration errors, which have contributed to their decision to adopt an alternative method.
  • They believe that their new method of parameter insertion with guardrails will be more efficient and less error-prone for their multi-account AWS setup.
  • The author is documenting their solution for future reference and to assist others who may face similar challenges with CloudFormation templates.

An Import Value in a Sub in AWS CloudFormation

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics | Code.

🔒 Related Stories: Bugs | AWS Security | Secure Code | CloudFormation

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Just for the record: I have stopped using CloudFormation ImportValue due to too many issues trying to figure out the syntax, keeping the import and export names aligned, and because I am now working on a multi-account architecture. I opt for simply looking up and inserting the values as parameters instead with certain guardrails in the framework I’m building here:

I was having a hard time remembering how to use an sub with an import to reference a domain name in some output.

I found this old block of code that apparently worked before.

I don’t know if the issue I was having was the result of having an empty value in there or somehow a join would have helped em, but in any case, this works.

I passed in two parameters to a CloudFormation template. You have to use Fn::ImportValue with Sub (not !ImportValue). I really wish AWS would fix it so you could use the short version but anyway it doesn’t work.

In the case I was testing, I later realized my AWS CLI configuration was reverting to the incorrect region so a stack I was trying to reference did not exist. If that was the source of the problem — a null value or empty string due to a missing stack — AWS error messaging is absolutely unclear in that case.

At any rate, I’m noting this code for future reference when I need it next time.

Trying to use Sub with Import in CloudFormation is a constant source of wasted time in my experience. I know this works so hopefully it saves me time in the future!

This is also related to the following errors I got while troubleshooting the problem:

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2023

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight Lab
Need Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for Presentation
Follow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
Error Message
Import Value
Sub
Cloudformation
Syntax
Recommended from ReadMedium
avatarAlexander Nguyen
The resume that got a software engineer a $300,000 job at Google.

1-page. Well-formatted.

4 min read
avatarAbhay Parashar
17 Mindblowing Python Automation Scripts I Use Everyday

Scripts That Increased My Productivity and Performance

14 min read
avatarDevon Price
Laziness Does Not Exist

Psychological research is clear: when people procrastinate, there's usually a good reason

11 min read
avatarSufyan Maan, M.Eng
What Happens When You Start Reading Every Day

Think before you speak. Read before you think. — Fran Lebowitz

7 min read
avataranubhav jhalani
AWS Multi-Account Strategy-Part 3

You can jump to other parts of this series here:

7 min read
avatarShuai Li
Most Developers Failed with this Senior-Level Python Interview Question

What is the difference between [0] * 3 and [0, 0, 0]?

8 min read