CloudFormation - reference resource as default value for Parameter

Question

I have a parameter "SecretKey" and I want to provide a default value to it (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html) and the default value would be a generated random string. I already have a lambda function to do the generation of the key and a custom resource (call it RandomSecretKey) to get the value. Ultimately, I want to be able to do this in the parameters section:

"SecretKey": { ... "Default": { "Fn::GetAtt": ["RandomSecretKey", "Value"] } }

And this parameter would be referenced somewhere.

But this doesn't work because CloudFormation expects a static String based on the error message. Is there a way to do this?

Can you be more specific? What exactly are you trying to accomplish? — Matt Houser
@MattHouser I updated the description to be more specific. Thank you — BPm

Matt Houser Matt Houser · Accepted Answer · 2016-02-05T14:37:44

No. It's not possible to have a dynamic default value for CloudFormation. The reason being that the template has not executed at all at the time that parameters are being collected.

If you want this to be a parameter, your generated value will have to be generated outside of the template and passed into the template as a parameter. You could do this from a bootstrapping creation script.

Alternatively, you should be able to use a Custom Resource in your template to generate your random secret key. It should be able to persist through stack updates.

References:

Custom Resources Docs - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html
Custom Resources Example - https://blogs.aws.amazon.com/application-management/post/Tx2FNAPE4YGYSRV/Customers-CloudFormation-and-Custom-Resources

CloudFormation - reference resource as default value for Parameter

1 Answers