How can I specify a signed S3 URL as a template in CloudFormation?

Question

How can I specify a signed S3 URL as a template in CloudFormation?

In AWS CloudFormation, you can specify a template by uploading a template file or by specifying the S3 URL in the template. (Enter the URL of the Amazon S3 template)

If the bucket is publicly available, you can create a URL to access the object / template. This works fine as long as the S3 template url is a simple url:

https://s3.amazonaws.com/public-bucket/unsigned.template

But if the bucket is closed, you can create an S3 signed URL if you want to share the object with others. I am assigned a URL, which is the S3 signed URL for the template in the private bucket:

https://s3.amazonaws.com/private-bucket/signed.template?Signature=Cs6sqUABadcfZAuFu5FSMWAQ%3D&Expires=1459636414&AWSAccessKeyId=AKIAJ23456AXIOUBCNQ

Unfortunately, CF does not comply with the signed URL and breaks everything after .template. Because of this, I get an error Access Denied. Does anyone know a way to specify a signed S3 URL as a template in CloudFormation?

+4

amazon-s3 amazon-web-services amazon-cloudformation

helloV Mar 03 '16 at 23:05

source share

2 answers

It seems that you can only use the URL that you have access to (signed URLs are marked enough). But if you want to use aws cli, you can also use curl to get the contents of the template and create a stack using - template-body

$ aws cloudformation create-stack --template-body "$(curl -s '<signed url>')" --stack-name test --parameters ParameterKey=string,ParameterValue=string

, -

0

Renan 03 . '16 23:44

helloV · Accepted Answer · 2016-03-20T02:20:06+0000

AWS has finally acknowledged that this is a bug in CloudFormation, and they are working on a fix. No ETA yet.

How can I specify a signed S3 URL as a template in CloudFormation?

More articles: