ParameterOverrides string can fail CloudFormation character limit

[lukehedger]

It is possible to generate a CloudFormation template with a value in the CodePipeline.Stages.Actions.Configuration.ParameterOverrides field that violates the maximum character limit.

Reproduction Steps

new CloudFormationCreateUpdateStackAction({
  parameterOverrides: {
    test: "somethingOver1000Characters..."
  }
});

Error Log

Pipeline (PipelineXYZ) 1 validation error detected: Value at 'pipeline.stages.4.member.actions.1.member.configuration' failed to satisfy constraint: Map value must satisfy constraint: [Member must have length less than or equal to 1000, Member must have length greater than or equal to 1]

Environment

• CLI Version : aws-cli/1.16.130 Python/3.7.4 Darwin/18.7.0 botocore/1.12.120
• Framework Version: 1.20
• OS : macOS
• Language : TypeScript

Other

As a possible solution, it seems the JSON to string transformation performed here could be adapted to make us of the Fn::Join function.

Looking at the tests it would suggest this is already being done but I have not been able to generate a CFN template that uses Fn::Join as asserted here.

---

This is 🐛 Bug Report

[skinny85]

Hey @lukehedger ,

thanks for opening the issue. Couple of follow-up questions:

1. I'm not sure what the original ask is. Do you want us to perform this validation sooner, so that it fails at CDK build time, instead of deployment time?
2. To force the use of Fn::Join, you can pass a Token inside the parameters; for example, similar like the test does:

new cpactions.CloudFormationCreateUpdateStackAction({
    // ...
    parameterOverrides: {
      RepoName: new codecommit.Repository(this, 'Repo', {
        repositroyName: 'repo'
      }).repositoryName,
    },
  }));

But I'm pretty sure using Fn::Join would not get you around the 1000 character limit.

Thanks,
Adam

[lukehedger]

Hey @skinny85 - thanks for the message. The ask is primarily how do I change the generation of the parameterOverrides value to stop throwing this error.

I am using the parameterOverrides to provide the dynamic S3 location of Lambda code (for 4 Lambdas) at the pipeline's runtime, as described in this example:

parameterOverrides: {
  ...props.lambdaCode.assign(lambdaBuildOutput.s3Location),
}

The output looks something like this:

"ParameterOverrides": "{\"LambdaSourceBucketNameParameter00000000\":{\"Fn::GetArtifactAtt\":[\"LambdaBuildOutput\",\"BucketName\"]},\"LambdaSourceObjectKeyParameter00000001\":{\"Fn::GetArtifactAtt\":[\"LambdaBuildOutput\",\"ObjectKey\"]}

How would I pass a Token here to force use of Fn::Join?

Or is the only way to actually get around the 1000 character limit to shorten the keys or split up the Lambdas across multiple stacks?

[skinny85]

Or is the only way to actually get around the 1000 character limit to shorten the keys or split up the Lambdas across multiple stacks?

Yes. I'm 99% certain using Fn::Join would not change anything here.

I think the solution you're looking for is this: #1588 (comment)

[lukehedger]

Okay thanks @skinny85 I will use this solution. Thanks for your help!

[skinny85]

No problem, let me know if that fixes your issue!

[lukehedger]

All fixed, thanks @skinny85!