cfer
cfer copied to clipboard
seanedwards
AWS::SSM::Association issue
On the AWS::SSM::Association object it has a property called Parameters, when trying to specify that in cfer like this...
resource :OperationsSsmPatchBaselineAssociation, "AWS::SSM::Association" do
association_name "ops-patch-association"
name "AWS-RunPatchBaseline"
schedule_expression "cron(0/30 * * * ? *)"
parameters do
operation ["Scan"]
end
targets [
{
"Key": "tag:Inspector",
"Values": ["true"]
}
]
end
It just silently drops the Parameters section (probably because of it's unfortunate name)...
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "",
"Metadata": {
"Cfer": {
"Version": {
"major": 0,
"minor": 6,
"patch": 0
}
}
},
"Parameters": { },
"Mappings": { },
"Conditions": { },
"Resources": {
"OperationsSsmPatchBaselineAssociation": {
"Type": "AWS::SSM::Association",
"Properties": {
"AssociationName": "ops-patch-association",
"Name": "AWS-RunPatchBaseline",
"ScheduleExpression": "cron(0/30 * * * ? *)",
"Targets": [
{
"Key": "tag:Inspector",
"Values": [
"true"
]
}
]
}
}
},
"Outputs": { }
}
The work around we found was to do...
resource :OperationsSsmPatchBaselineAssociation, "AWS::SSM::Association" do
association_name "ops-patch-association"
name "AWS-RunPatchBaseline"
schedule_expression "cron(0/30 * * * ? *)"
self["Properties"]["Parameters"] = { "Operation": ["Scan"] }
targets [
{
"Key": "tag:Inspector",
"Values": ["true"]
}
]
end
