org-formation-cli icon indicating copy to clipboard operation
org-formation-cli copied to clipboard
verified publisher icon org-formation

Feature request: an org-formation conditional function

Open zaro0508 opened this issue 3 years ago • 2 comments

Feature Request

Org-formation has functions. I would like a conditional function, an !If function...

Why

Because I wan to conditionally set one property in my cloudformation resource..

cloudtrail-trail.yaml snippet:

Parameters:
  EncryptTrail:
    Type: String
    AllowedValues: ["true", "false"]
    Default: "false"

  Conditions:
    IsEncryptTrail: !Equals [EncryptTrail, "true"]

  CloudTrail:
    Type: AWS::CloudTrail::Trail
    Properties:
      S3BucketName: !Ref CloudTrailBucket
      IsLogging: true
      IncludeGlobalServiceEvents: true
      IsMultiRegionTrail: true
      EnableLogFileValidation: true
      CloudWatchLogsLogGroupArn: !Ref CloudWatchLogsLogGroupArn
      CloudWatchLogsRoleArn: !Ref CloudWatchLogsRoleArn
      KMSKeyId: !If [IsEncryptTrail, !Ref Key, !Ref 'AWS::NoValue']

Example

_tasks.yaml snippet:

Cloudtrail:
  Type: update-stacks
  StackName: 'cloudtrail'
  ..
  ..
  DefaultOrganizationBinding:
    Account: '*'
  Parameters:
    EncryptTrail: !If [!Ref LogCentralAccount, !Ref CurrentAccount, "true", "false"]

Expected result: Deploy this cloudtrail stack to all accounts. When this stack is deployed to the LogCentralAccount account pass in "true" for EncryptTrail, otherwise pass in "false"

zaro0508 avatar Jun 14 '22 00:06 zaro0508

I think this would be a great addition. I would, however, prefer to keep the syntax compatible with CloudFormation see here.

this means that your 1st example would work, but your second example would require another function. something like Fn::Equals. so: !If [!Equals[ !Ref LogCentralAccount, !Ref CurrentAccount], "true", "false"]

does that make sense?

OlafConijn avatar Jun 14 '22 14:06 OlafConijn