Skip to main content

Programmatically update CloudFormation templates

Project description

aws-cfn-update

Programmatically update CloudFormation templates. It will update both .yaml and .json formats of a CloudFormation template. Note that formatting and comments may be lost.

Commands:

  add-new-resources          Add resources that exist in the new template and not in the existing template.
  remove-resource            Removes the specified CloudFormation resource and all resources that reference it.

  container-image            Updates the Docker image of ECS Container Definitions.

  lambda-inline-code         Updates the inline code of an AWS::Lambda::Function resource.
  config-rule-inline-code    Updates the inline code of an AWS::Config::ConfigRule resource.
  rest-api-body              Updates the body of a REST API Resource, with an standard Open API specification merged with AWS API Gateway extensions.
  state-machine-definition   Updates the definition of an AWS::StepFunctions::StateMachine.
  lambda-s3-key              Updates the S3Key entry of a Lambda Function definition.

  cron-schedule-expression   Updates the schedule expression of an AWS::Events::Rules resources to reflect the scheduled time in UTC.
  oidc-provider-thumbprints  Updates the thumbprints list of an AWS::IAM::OIDCProvider.

  latest-ami                 Updates the AMI name of Custom::AMI resources to the latest version.
  packer-latest-ami          Updates a packer.json source_ami_filter to the latest AMI version.

remove-resource - removes the specified resource and all referencing resources

will remove the specified resource and all the references. For example, the command:

aws-cfn-update remove-resource --resource AMI .

will update:

Resources:
  AMI:
    Type: Custom::AMI
  EC2Instance:
    ImageId: !Ref AMI
  AMIv2:
    Type: Custom::AMI

to:

Resources:
  AMIv2:
    Type: Custom::AMI

add-new-resources - adds new resources from another template

will add missing parameters, conditions, mappings and resources from another template to this template. For example, given the following template:

Parameters:
  Vpc:
    Type: String
Resources:
  AMI:
    Type: Custom::AMI
  AMIv2:
    Type: Custom::AMI
  EC2Instance:
    ImageId: !Ref AMI

The following command:

aws-cfn-update add-new-resources --source new.yaml old.yaml

will update old.yaml:

Resources:
  AMI:
    Type: Custom::AMI
  EC2Instance:
    ImageId: !Ref AMI

to:

Parameters:
  Vpc:
    Type: String
Resources:
  AMI:
    Type: Custom::AMI
  AMIv2:
    Type: Custom::AMI
  EC2Instance:
    ImageId: !Ref AMI

container-image - Updates the Docker image of ECS Container Definitions.

will update any container definition where the base image name matches the specified image name excluding the tag. For example, the command:

aws-cfn-update container-image --image mvanholsteijn/paas-monitor:0.6.0

will update:

  Type: AWS::ECS::TaskDefinition
  Properties:
    ContainerDefinitions:
      - Name: paas-monitor
        Image: mvanholsteijn/paas-monitor:0.5.9

to::

  Type: AWS::ECS::TaskDefinition
  Properties:
    ContainerDefinitions:
      - Name: paas-monitor
        Image: mvanholsteijn/paas-monitor:0.6.0

The environment variable AWS_CFN_UPDATE_CONTAINER_IMAGES can be used to specify a whitespace separated list of container images to update.

latest-ami - Updates the AMI name of Custom::AMI resources

will update the AMI name of Custom::AMI resources to the latest version.

For example, the command:

aws-cfn-update latest-ami --ami-name-pattern 'amzn-ami-*ecs-optimized'

Updates the AMI name of Custom::AMI resources to the latest version. It will update the following resource definition from:

         Type: Custom::AMI
         Properties:
           Filters:
             name: amzn-ami-2017.09.a-amazon-ecs-optimized
           Owners:
             - amazon

to:

         Type: Custom::AMI
         Properties:
           Filters:
             name: amzn-ami-2017.09.l-amazon-ecs-optimized
           Owners:
             - amazon

By specifying --add-new-version, a new Custom::AMI will be added to the template with a new name. A suffix v<version> is appended to create the new resource. The highest reference to the Custom::AMI resource is replaced. It will change:

      CustomAMI:
         Type: Custom::AMI
         Properties:
           Filters:
             name: amzn-ami-2017.09.a-amazon-ecs-optimized
           Owners:
             - amazon
      CustomAMIv2:
         Type: Custom::AMI
         Properties:
           Filters:
             name: amzn-ami-2017.09.b-amazon-ecs-optimized
           Owners:
             - amazon
      Instance:
         Type: AWS::EC2::Instance
         Properties:
            ImageId: !Ref CustomAMIv2
Outputs:
  OldestAMI:
    Value: !Ref CustomAMI

to:

      CustomAMI:
         Type: Custom::AMI
         Properties:
           Filters:
             name: amzn-ami-2017.09.a-amazon-ecs-optimized
           Owners:
             - amazon
      CustomAMIv2:
         Type: Custom::AMI
         Properties:
           Filters:
             name: amzn-ami-2017.09.b-amazon-ecs-optimized
           Owners:
             - amazon
      CustomAMIv3:
         Type: Custom::AMI
         Properties:
           Filters:
             name: amzn-ami-2017.09.l-amazon-ecs-optimized
           Owners:
             - amazon
      Instance:
         Type: AWS::EC2::Instance
         Properties:
            ImageId: !Ref CustomAMIv3		# <--- updated this
Outputs:
  OldestAMI:
    Value: !Ref CustomAMI			# <-- unchanged

container-image - Updates the Docker image of ECS Container Definitions.

Updates the schedule expression of an AWS::Events::Rules resources to reflect the scheduled time in UTC. The required cron rule is taken from the description. It will update the following resource definition from:

DailyTaskSchedule:
  Type: AWS::Events::Rule
  Properties:
    Description: run daily - cron(30 01 * * ? *)
    Name: run daily
    ScheduleExpression: cron(30 01 * * ? *)
    State: ENABLED

to:

DailyTaskSchedule:
  Type: AWS::Events::Rule
  Properties:
    Description: run daily - cron(30 01 * * ? *)
    Name: run daily
    ScheduleExpression: cron(30 23 * * ? *)
    State: ENABLED

with --timezone Europe/Amsterdam and --date 2018-08-01. If the updater is run with --date 2018-12-01, it will change it to:

DailyTaskSchedule:
  Type: AWS::Events::Rule
  Properties:
    Description: run daily - cron(30 01 * * ? *)
    Name: run daily
    ScheduleExpression: cron(30 00 * * ? *)
    State: ENABLED

rest-api-body - update the body of an AWS::ApiGateway::RestApi

Updates the body of a REST API Resource, with an standard Open API specification merged with AWS API Gateway extensions.

If you specify --add-new-version, it will create a new version of the resource and update all references to it. This will enforce the deployment of the new api.

If you want to keep the previous definition, specify --keep to a value of 2 or higher. This might be handy if you have old clients still accessing the old version of the API.

If no changes are detected, no changes are made. Please make sure that all dictionary keys in th specifications are strings, not integers (especially the case with responses). When updating json CFN templates, the compare algorithm does not work properly.

Options:
  --resource TEXT                AWS::ApiGateway::RestApi body to update [required]
  --open-api-specification PATH  defining the interface  [required]
  --api-gateway-extensions PATH  to add the the specification  [required]
  --add-new-version              of the RestAPI resource and replace all references
  --keep INTEGER                 number of versions to keep, if --add-new-version is specified

lambda-inline-code - updates the inline code of an AWS::Lambda::Function resource.

Update the inline code of an AWS::Lambda::Function to include the content of the specified file. It changes:

    ELBListenerRuleProvider:
      Type: AWS::Lambda::Function
      Function: cfn-listener-rule-provider

into:

    ELBListenerRuleProvider:
      Type: AWS::Lambda::Function
      Properties:
        Code:
          ZipFile:
            import boto3
            import cfnresponse
            ELB = boto3.client('elbv2')
            ...
        Function: cfn-listener-rule-provider

lambda-s3-key - updates the S3Key entry of a Lambda Function definition

Updates the S3Key entry of a Lambda Function definition. The s3 key must be a semver key name in the format .zip: For example:

aws-cfn-update lambda-s3-key --s3-key lambdas/iam-sudo-0.3.1.zip

will change:

      ELBListenerRuleProvider:
        Type: AWS::Lambda::Function
        Properties:
          Code:
            S3Bucket: !Sub 'binxio-public-${AWS::Region}'
            S3Key: lambdas/iam-sudo-0.1.0.zip

into:

      ELBListenerRuleProvider:
        Type: AWS::Lambda::Function
        Properties:
          Code:
            S3Bucket: !Sub 'binxio-public-${AWS::Region}'
            S3Key: lambdas/iam-sudo-0.3.1.zip
              ...

The environment variable AWS_CFN_UPDATE_LAMBDA_S3_KEYS can be used to specify a whitespace separated list of S3 keys to update.

config-rule-inline-code - updates the inline code of an AWS::Config::ConfigRule resource.

Update the inline code of an AWS::Config::ConfigRule to include the content of the specified file. When executing:

aws-cfn-update config-rule-inline-code --resource ConfigRule --file ./rules/my-rule.guard template.yaml

It changes:

    ConfigRule:
      Type: AWS::Config::ConfigRule
      Properties:
        Source:
          Owner: CUSTOM_POLICY
          CustomPolicyDetails:
            EnableDebugLogDelivery: true
            PolicyRuntime: guard-2.x.x

into:

    ConfigRule:
      Type: AWS::Config::ConfigRule
      Properties:
        Source:
          Owner: CUSTOM_POLICY
          CustomPolicyDetails:
            EnableDebugLogDelivery: true
            PolicyRuntime: guard-2.x.x
            PolicyText: |
              rule name when resourceType == "AWS::S3::Bucket" {
                  ...
              }
            ...

state-machine-definition - updates the definition string of an AWS::StepFunctions::StateMachine

Updates the definition of an AWS::StepFunctions::StateMachine.

The definition is read from the file specified by --definition. By default, the content will be passed into the Fn::Sub function to allow references to parameters and resource attributes in the template.

If you do not want substitution for your definition, specify --no-fn-sub.

Options:
  --resource TEXT         AWS::StepFunctions::StateMachine definition to
                          update  [required]
  --definition PATH       of the state machine  [required]
  --fn-sub / --no-fn-sub  for the definition
  --help                  Show this message and exit.

For an example, check out ./samples/state-machine-definition

oidc-provider-thumbprints - updates the thumbprints list of an AWS::IAM::OIDCProvider.

By default, it updates the thumbprints of all OIDCProviders specified templates. Optionally, you can specify a specific OIDC provider.

Options:
  --url TEXT  of the OIDC provider to update, or all if not specified
  --append    append the fingerprint
  --help      Show this message and exit.

Installation

Simply run:

pip install aws-cfn-update

Usage

To use it:

aws-cfn-update --help

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aws-cfn-update-0.12.1.tar.gz (101.6 kB view details)

Uploaded Source

Built Distribution

aws_cfn_update-0.12.1-py3-none-any.whl (36.9 kB view details)

Uploaded Python 3

File details

Details for the file aws-cfn-update-0.12.1.tar.gz.

File metadata

  • Download URL: aws-cfn-update-0.12.1.tar.gz
  • Upload date:
  • Size: 101.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/5.0.0 CPython/3.9.18

File hashes

Hashes for aws-cfn-update-0.12.1.tar.gz
Algorithm Hash digest
SHA256 3de1944584e5baca2574b0855eb1e6105fa076a1f60dc5d688a6b4685e09343e
MD5 76ccbcbaa80c82a7c5037929cca70853
BLAKE2b-256 98c2aa692e286f37536ca4df3d6174873051d6fcd317cc95e0abad1690182160

See more details on using hashes here.

File details

Details for the file aws_cfn_update-0.12.1-py3-none-any.whl.

File metadata

File hashes

Hashes for aws_cfn_update-0.12.1-py3-none-any.whl
Algorithm Hash digest
SHA256 c6344efd62ce1a4a13a04ab4c920ece5076eb58bae9a3d3888cd6441ce07c5fc
MD5 fdeba02aad214a11c9cbce145fb102bf
BLAKE2b-256 a3940d9ef716111d1974db1787d7f1fb1cd94fbf7ca24044bc14a9dddc23b5ff

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page