Troubleshooting AWS Proton
Learn to troubleshoot issues with AWS Proton.
Deployment errors that reference AWS CloudFormation dynamic parameters
If you see deployment errors that reference your CloudFormation dynamic variables, verify
that they are Jinja escaped
Example CloudFormation dynamic variable syntax:
'{{resolve:secretsmanager:MySecret:SecretString:password:EXAMPLE1-90ab-cdef-fedc-ba987EXAMPLE}}'.
Example AWS Proton parameter Jinja syntax:
'{{ service_instance.environment.outputs.env-outputs }}'.
To avoid these misinterpretation errors, Jinja escape your CloudFormation dynamic parameters as shown in the following examples.
This example is from the AWS CloudFormation User Guide. The AWS Secrets Manager secret-name and json-key segments can be used to retrieve the sign-in credentials stored in the secret.
MyRDSInstance: Type: AWS::RDS::DBInstance Properties: DBName: 'MyRDSInstance' AllocatedStorage: '20' DBInstanceClass: db.t2.micro Engine: mysql MasterUsername: '{{resolve:secretsmanager:MyRDSSecret:SecretString:username}}' MasterUserPassword: '{{resolve:secretsmanager:MyRDSSecret:SecretString:password}}'
To escape the CloudFormation dynamic parameters you can use two different methods:
-
Enclose a block between
{% raw %} and {% endraw %}:'{% raw %}' MyRDSInstance: Type: AWS::RDS::DBInstance Properties: DBName: 'MyRDSInstance' AllocatedStorage: '20' DBInstanceClass: db.t2.micro Engine: mysql MasterUsername: '{{resolve:secretsmanager:MyRDSSecret:SecretString:username}}' MasterUserPassword: '{{resolve:secretsmanager:MyRDSSecret:SecretString:password}}' '{% endraw %}' -
Enclose a parameter between
"{{ }}":MyRDSInstance: Type: AWS::RDS::DBInstance Properties: DBName: 'MyRDSInstance' AllocatedStorage: '20' DBInstanceClass: db.t2.micro Engine: mysql MasterUsername: "{{ '{{resolve:secretsmanager:MyRDSSecret:SecretString:username}}' }}" MasterUserPassword: "{{ '{{resolve:secretsmanager:MyRDSSecret:SecretString:password}}' }}"
For information, see Jinja escaping
