How to solve AWS CloudFormation dynamic property value use cases

Problem statement: We have to create resources using CloudFormation. There is a resource within the template that needs its property value from another resource created in a different stack.

There are couple of ways to solve of this use case and provide solution for the problem. Let us see the details of each approach.

1. Using import/export : In the primary/first stack create an output section to export the property that is needed for the secondary stack. In the secondary stack reference the previously exported property using import value.

This uses tight coupling concept. If the goal is to ensure that secondary stack should not be updated (drifted in property value), this approach solves for that. However, it brings a problem due to the same tight coupling. Assume that both stacks are created successfully. When user changes the first stack resource which impacts the secondary stack, then update will fail because the exported value is in use and cannot be changed. So this creates a management overhead.

1. Using parameters

Create two stacks independently and use parameters. This alternative method solves for the tight coupling. However if the stacks are independent then the user has a different kind of problem. Ensuring that the parameter values passed in the second stack is accurate without any typographical mistake as well as manual effort involved with passing those parameters.

These two patterns have some advantage as well as disadvantage and in my opinion not the most optimal pattern for most use cases. The users are then wondering what should be the way to solve the problem. It is by taking the advantages from both above patterns and leaving off the disadvantages. Using parameters gives flexibility to change the stacks independently. So we can use that. A tooling based export and import reduces typographical mistake. Hence, we use System Manager's parameter store. We create a parameter in SSM in the first stack. This ensures that the value in parameter store is reflecting the resource value. In the secondary stack we use dynamic reference of SSM parameter and CloudFormation will resolve to that value. This also gives more control over the parameter storage mechanism especially with adding encryption or security around who gets access to the parameter.

The idea for this article came based on poll conducted. Hope you found this article worth your time spent reading and helpful for future implementations. Please add comments as well as share topics you are interested in learning.