How can I write nested IF in serverless.yml using yaml format file while using it for cloud formation?

Asked 27/5, 2019 at 4:41 Answered 6/8, 2021 at 15:12

amazon-web-services yaml aws-cloudformation serverless-framework serverless-application-model

I'm trying to access secrets created in secrets manager(https://aws.amazon.com/secrets-manager/) via SSM (Systems Manager- https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html ) i.e. AWS Parameter store, and store it in a custom YAML variable in serverless.yml file? I am trying to implement cloud formation through serverless framework(https://serverless.com/), and I am trying to implement a nested if statement in cloud formation for implementing the above using the code below.

 stage: &stage 'dev' #Hardcoded for now
 rdsMasterPassword:
 !If
  - !Equals [*stage,"prod"]
  - ${ssm:/aws/reference/secretsmanager/cred-prod~true:rdsMasterPassword}
  - !If 
      - !Equals [*stage,"staging"]
      - ${ssm:/aws/reference/secretsmanager/cred-staging~true:rdsMasterPassword}
      - ${ssm:/aws/reference/secretsmanager/cred-dev~true:rdsMasterPassword}

I have tried Cloud formation instrinsic functions Fn::If for this but facing this errror : Fn::If requires a list argument with the first element being a condition

Toxoid answered 27/5, 2019 at 4:41 Comment(5)

AWS uses the YAML format. YML is not the same as YAML and the recommended extension for YAML files has been .yaml at least since Sep 2006. – Overabound 27/5, 2019 at 5:10

Serverless framework uses YML, from what I read through its documentation. I am not using AWS SAM format, but the serverless.yml autocreated by serverless framework cli. – Toxoid 27/5, 2019 at 5:24

What you present there is data in YAM format. YML is XML based and looks completely different. Please provide a link that supports your claim, or remove the tag yaml. – Overabound 27/5, 2019 at 5:57

Check this out: serverless.com/framework/docs/providers/aws/guide/… – Toxoid 27/5, 2019 at 6:13

That is all YAML format. And AWS is outdated in that they still have not implemented a recommendation made on the YAML website in 2006, to use .yaml as a file extension for YAML format files. However to name YAML (format) files (whether with the recommended .yaml extension, with .yml or any other extension) a YML is not outdated, is like calling Java source code Python because someone put it a file with a .py extension. If you can't correct the file extension please at least use the right file format terminology. – Overabound 27/5, 2019 at 7:5

Just want to point out that if you're looking to load different SSM paths based on environment, you can achieve this many ways, outlined here

I've had a pleasant time loading through json files, for example

-- serverless-staging.json --
{
  "ssm_path": "/path/to/staging/ssm/parameter"
}

-- serverless-prod.json --
{
  "ssm_path": "/path/to/prod/ssm/parameter"
}

-- serverless.yml --
...
stage: ${opt:stage, 'dev'}
environment:
  SSM_PATH: ${file(serverless-${self:provider.stage}.json):ssm_path}
... etc etc

Hope this helps whoever else lands here from a search

Nightgown answered 5/12, 2019 at 22:1 Comment(0)

Due to a restriction in YAML, it is not possible to use the shortcut syntax for a sequence of intrinsic functions.

See the "Important" section in the docs for reference.

Try this:

stage: &stage 'dev' #Hardcoded for now
rdsMasterPassword:
  Fn::If:
    - Fn::Equals: [*stage, "prod"]
    - ${ssm:/aws/reference/secretsmanager/cred-prod~true:rdsMasterPassword}
    - Fn::If: 
      - Fn::Equals: [*stage, "staging"]
      - ${ssm:/aws/reference/secretsmanager/cred-staging~true:rdsMasterPassword}
      - ${ssm:/aws/reference/secretsmanager/cred-dev~true:rdsMasterPassword}

Langille answered 6/8, 2021 at 15:12 Comment(0)

Recommended topics

Hot tags