Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
AWS::NoValue without quotes causes error: "Template is malformed: found unexpected ':'"
See original GitHub issueI’m getting an error with this template, but CFN builds it fine, and the js cfn-linter claims it has no errors or warnings.
Debug Logs:
$ cfn-lint --template templates/rds.yaml --log-level debug
2018-05-24 10:54:46,166 - cfnlint - ERROR - Template templates/rds.yaml is malformed: found unexpected ':'
2018-05-24 10:54:46,166 - cfnlint - ERROR - Tried to parse templates/rds.yaml as JSON but got error: Expecting value: line 1 column 1 (char 0)
If I comment out the MonitoringInterval and MonitoringRoleArn in the rDBServerInstance resource, the error seems to go away. So it seems related to my !If statements.
These lines appear to be the issue:
MonitoringInterval: !If [ EnhancedMonitoring, !Ref pProdMonitoringInterval, !Ref pDevMonitoringInterval ]
MonitoringRoleArn: !If [ EnhancedMonitoring, !GetAtt [ rDBMonitoringRole, Arn ], !Ref AWS::NoValue ]
In fact, if I comment out just MonitoringRoleArn I get an entirely different failure.
Debug Logs:
cfn-lint --template templates/rds.yaml --log-level debug
2018-05-24 11:02:20,595 - cfnlint - DEBUG - Transform templates if needed
2018-05-24 11:02:20,596 - cfnlint - DEBUG - Run scan of template...
...
2018-05-24 11:02:20,606 - cfnlint - DEBUG - Starting match function for rule E3002 at 2018-05-24 11:02:20.606796
2018-05-24 11:02:20,606 - cfnlint - DEBUG - Get names of all parameters from template...
2018-05-24 11:02:20,607 - cfnlint - DEBUG - Get resources from template...
2018-05-24 11:02:20,607 - cfnlint - DEBUG - Get condition values...
2018-05-24 11:02:20,607 - cfnlint - DEBUG - Get condition values...
2018-05-24 11:02:20,607 - cfnlint - DEBUG - Complete match function for rule E3002 at 2018-05-24 11:02:20.607507. Ran in 0:00:00.000713
2018-05-24 11:02:20,607 - cfnlint - DEBUG - Results from rule E3002 are [<cfnlint.RuleMatch object at 0x10907c240>, <cfnlint.RuleMatch object at 0x108fa1f28>]:
2018-05-24 11:02:20,607 - cfnlint - DEBUG - Get location of path ['Resources', 'rDBServerInstance', 'Properties', 'MonitoringInterval', 1, 'Ref']
2018-05-24 11:02:20,607 - cfnlint - DEBUG - Get location of path ['rDBServerInstance', 'Properties', 'MonitoringInterval', 1, 'Ref']
2018-05-24 11:02:20,607 - cfnlint - DEBUG - Get location of path ['Properties', 'MonitoringInterval', 1, 'Ref']
2018-05-24 11:02:20,607 - cfnlint - DEBUG - Get location of path ['MonitoringInterval', 1, 'Ref']
2018-05-24 11:02:20,608 - cfnlint - DEBUG - Get location of path [1, 'Ref']
2018-05-24 11:02:20,608 - cfnlint - ERROR - Tried to process rules on file templates/rds.yaml but got an error: 1
js cfn-lint:
$ /usr/local/bin/cfn-lint validate templates/rds.yaml
0 infos
0 warn
0 crit
Template valid!
Template:
---
AWSTemplateFormatVersion: '2010-09-09'
Description: MyApp RDS instances
Parameters:
pApplicationName:
Type: String
Description: Application name (typically MyApp).
Default: MyApp
pMultiAZ:
Type: String
Description: Set to true to create instances in both AZs, false for one.
AllowedValues:
- true
- false
pEnhancedMonitoring:
Type: String
Description: Set to true to enable RDS enhanced monitoring, false to disable.
AllowedValues:
- true
- false
pDBAllocatedStorage:
Type: String
Description: The amount of disk storage allocated to the database server.
pDBParameterGroupFamily:
Type: String
Description: The RDS parameter group family.
pDBInstanceClass:
Type: String
Description: The RDS instance class.
pDBEngine:
Type: String
Description: The RDS Engine.
pDBEngineVersion:
Type: String
Description: The RDS Engine version.
pDBMasterUsername:
Type: String
Description: The DB Master Username.
pDBServerPort:
Type: Number
Description: The DB engine port. Valid values are 1150-65535 except for 1434, 3389, 47001, 49152, and 49152 through 49156.
Default: 1433
pProdMonitoringInterval:
Type: Number
Description: The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance when running in the Prod stage.
Default: 60
pDevMonitoringInterval:
Type: Number
Description: The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance when running in the Dev stage.
Default: 0
Resources:
rParameterGroup:
Type: AWS::RDS::DBParameterGroup
Properties:
Description: !Join [' ', [!Ref pApplicationName, 'RDS Parameter Group.']]
Family: !Ref pDBParameterGroupFamily
Tags:
- Key: app
Value: !Ref pApplicationName
- Key: env
Value:
Fn::ImportValue: !Sub "${pApplicationName}:config:env"
rDBSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: !Join [' ', [!Ref pApplicationName, 'RDS Subnet Group.']]
SubnetIds:
- Fn::ImportValue: !Sub "${pApplicationName}:subnet:data:1"
- Fn::ImportValue: !Sub "${pApplicationName}:subnet:data:2"
Tags:
- Key: app
Value: !Ref pApplicationName
- Key: env
Value:
Fn::ImportValue: !Sub "${pApplicationName}:config:env"
rDBPassword:
Type: Custom::Secret
Properties:
Name: !Sub "/passwords/rds/${AWS::StackName}"
KeyAlias: alias/aws/ssm
Alphabet: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
Length: 30
ReturnSecret: true
ServiceToken:
Fn::Join: [ ":", [ "arn:aws:lambda", !Ref "AWS::Region", ! "Ref": "AWS::AccountId", "function:binxio-cfn-secret-provider" ] ]
rDBMonitoringRole:
Type: AWS::IAM::Role
Condition: EnhancedMonitoring
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: monitoring.rds.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: "MyAppRDSEnhancedMonitoring"
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:PutRetentionPolicy
Resource:
- arn:aws:logs:*:*:log-group:RDS*
- Effect: Allow
Action:
- logs:CreateLogStream
- logs:PutLogEvents
- logs:DescribeLogStreams
- logs:GetLogEvents
Resource:
- arn:aws:logs:*:*:log-group:RDS*:log-stream:*
rDBServerInstance:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: !Ref pDBAllocatedStorage
AllowMajorVersionUpgrade: False
AutoMinorVersionUpgrade: True
BackupRetentionPeriod: 35
CopyTagsToSnapshot: True
DBInstanceClass: !Ref pDBInstanceClass
DBParameterGroupName: !Ref rParameterGroup
DBSubnetGroupName: !Ref rDBSubnetGroup
Engine: !Ref pDBEngine
EngineVersion: !Ref pDBEngineVersion
LicenseModel: license-included
MasterUserPassword: !GetAtt [ rDBPassword, "Secret" ]
MasterUsername: !Ref pDBMasterUsername
MonitoringInterval: !If [ EnhancedMonitoring, !Ref pProdMonitoringInterval, !Ref pDevMonitoringInterval ]
MonitoringRoleArn: !If [ EnhancedMonitoring, !GetAtt [ rDBMonitoringRole, Arn ], !Ref AWS::NoValue ]
MultiAZ: !If [ MultiAZ, true, false ]
Port: !Ref pDBServerPort
PubliclyAccessible: False
StorageEncrypted: True
StorageType: gp2
Tags:
- Key: app
Value: !Ref pApplicationName
- Key: env
Value:
Fn::ImportValue: !Sub "${pApplicationName}:config:env"
VPCSecurityGroups:
- Fn::ImportValue: !Sub "${pApplicationName}:sg:data"
Conditions:
MultiAZ: !Equals [ !Ref pMultiAZ, true ]
EnhancedMonitoring: !Equals [ !Ref pEnhancedMonitoring, true ]
Issue Analytics
- State:
- Created 5 years ago
- Comments:7 (7 by maintainers)
Top Results From Across the Web
AWS::NoValue without quotes causes error: "Template is ...
I'm getting an error with this template, but CFN builds it fine, and the js cfn-linter claims it has no errors or warnings....
Read more >Resolve template validation or template format errors in ... - AWS
Choose one of the following solutions based on the error message that you receive: For "JSON not well-formed" or "YAML not well-formed" ...
Read more >@aws-cdk/aws-logs | Yarn - Package Manager
This library supplies constructs for working with CloudWatch Logs. Log Groups/Streams. The basic unit of CloudWatch is a Log Group. Every log group...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
#87 should fix the second issue and added tests to make sure continue to cover this appropriately.
for the first one the quickest fix for you is to quote AWS::NoValue until we can do more testing and get a fix out for that.
No serious impact on my side, I just wanted to make sure we had captured all the issues to improve the error handling. Thanks for this!