Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
Troubleshooting AWS Proton - AWS Proton
Deployment errors that reference AWS CloudFormation dynamic parameters

Troubleshooting AWS Proton

PDFRSS

Learn to troubleshoot issues with AWS Proton.

Deployment errors that reference AWS CloudFormation dynamic parameters

If you see deployment errors that reference your CloudFormation dynamic variables, verify that they are Jinja escaped. These errors can be caused by Jinja misinterpretation of your dynamic variables. The CloudFormation dynamic parameter syntax is very similar the Jinja syntax you use with your AWS Proton parameters.

Example CloudFormation dynamic variable syntax:

'{{resolve:secretsmanager:MySecret:SecretString:password:EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE}}'.

Example AWS Proton parameter Jinja syntax:

'{{ service_instance.environment.outputs.env-outputs }}'.

To avoid these misinterpretation errors, Jinja escape your CloudFormation dynamic parameters as shown in the following examples.

This example is from the AWS CloudFormation User Guide. The AWS Secrets Manager secret-name and json-key segments can be used to retrieve the sign-in credentials stored in the secret.

MyRDSInstance:
  Type: AWS::RDS::DBInstance
  Properties:
    DBName: 'MyRDSInstance'
      AllocatedStorage: '20'
      DBInstanceClass: db.t2.micro
      Engine: mysql
      MasterUsername: '{{resolve:secretsmanager:MyRDSSecret:SecretString:username}}'
      MasterUserPassword: '{{resolve:secretsmanager:MyRDSSecret:SecretString:password}}'

To escape the CloudFormation dynamic parameters you can use two different methods:

  • Enclose a block between {% raw %} and {% endraw %}:

    '{% raw %}'
MyRDSInstance:
  Type: AWS::RDS::DBInstance
  Properties:
    DBName: 'MyRDSInstance'
      AllocatedStorage: '20'
      DBInstanceClass: db.t2.micro
      Engine: mysql
      MasterUsername: '{{resolve:secretsmanager:MyRDSSecret:SecretString:username}}'
      MasterUserPassword: '{{resolve:secretsmanager:MyRDSSecret:SecretString:password}}'
'{% endraw %}'

  • Enclose a parameter between "{{ }}":

    MyRDSInstance:
  Type: AWS::RDS::DBInstance
  Properties:
    DBName: 'MyRDSInstance'
      AllocatedStorage: '20'
      DBInstanceClass: db.t2.micro
      Engine: mysql
      MasterUsername: "{{ '{{resolve:secretsmanager:MyRDSSecret:SecretString:username}}' }}"
      MasterUserPassword: "{{ '{{resolve:secretsmanager:MyRDSSecret:SecretString:password}}' }}"

For information, see Jinja escaping.

Previous topic:

Tagging

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.