# Parameter Resolvers

Parameter resolvers are used to resolve values for stack parameters at runtime.

They are useful when you need to read some information from other stacks or AWS resources, and use that information as input parameters for your stacks.

Parameter resolvers have the following properties:

  • resolver - A string representing the resolver type
  • confidential - An optional boolean specifying if the parameter value should be concealed from logs

In addition to the aforementioned properties, different parameter resolvers can have properties of their own.

Built-in parameter resolvers

There are four built in parameter resolvers:

See also

# stack-output

Stack output resolver reads the parameter value from a stack output of another stack configured within the same Takomo project. The stack from where the output is read is referred as the source stack, and the stack that is using the resolver is referred as the target stack.

The source stack automatically becomes the target stack's dependency.

The output value is read using credentials associated with the source stack.

If you need to read outputs of stacks that are not configured in the same Takomo project, you can use external stack output resolver.

# Properties

resolver

Use stack-output.

stack

Stack path of the source stack.

output

Name the stack output.

# Example

Say, we have two stacks: vpc.yml and security-groups.yml. The former creates a VPC and exposes its id in the stack outputs with a name VpcId, and the latter uses the VPC id to create some security groups.

Directory structure

The directory structure looks like this:

.
├─ stacks
│  ├- vpc.yml
│  └─ security-groups.yml
└- templates
   ├- vpc.yml
   └─ security-groups.yml

Stack configuration file: stacks/security-groups.yml

In security-groups.yml stack configuration we use the stack-output resolver to read the value for the VpcId parameter like so:

parameters:
  VpcId:
    resolver: stack-output
    stack: /vpc.yml
    output: MyVpcId

# See Also

# external-stack-output

External stack output resolver reads the parameter value from a stack output of a stack. The stack from where the output is read is referred as the source stack, and the stack that is using the resolver is referred as the target stack.

The source stack does not have to be configured within the same Takomo project as the target stack is.

# Properties

resolver

Use external-stack-output.

stack

Name of the source stack.

output

Name of the stack output.

region

Region of the source stack.

Region is optional. By default, the region of the target stack is used.

commandRole

IAM role used to access the stack output.

Command role is optional. By default, credentials associated with the target stack are used.

# Example

Say, we have two separate accounts: 123456789012 and 888888888888.

The account 123456789012 has one stack src-bucket. It is located in the us-east-1 region and exposes name of an application sources bucket in a stack output named SrcBucketName. The 123456789012 account also has a read-only role that the 888888888888 account can assume.

The 888888888888 account has two stacks: assets-bucket and build-infra. The stacks are located in the us-east-1 and eu-west-1 regions, respectively. The assets-bucket stack exposes name of an assets bucket in a stack output named AssetsBucket.

Only the build-infra stack is managed in our Takomo project. The two other stacks are configured elsewhere. The build-infra stack has two parameters: SrcBucket and AssetsBucket. To get the values for them, we use the external-stack-output resolver to read the outputs from the two other stacks.

Directory structure

The directory structure looks like this:

.
├─ stacks
│  └- build-infra.yml
└- templates
└─ build-infra.yml

Stack configuration file: stacks/build-infra.yml

The configuration of build-infra stack looks like this:

regions: us-east-1
parameters:
  SrcBucket:
    resolver: external-stack-output
    stack: src-bucket
    output: SrcBucketName
    commandRole: arn:aws:iam::123456789012:role/read-only
  AssetsBucket:
    resolver: external-stack-output
    stack: assets-bucket
    output: AssetsBucketName
    region: eu-west-1

For the SrcBucket parameter, we need to specify the commandRole because the source stack is located in a different AWS account. We don't need to specify the region because the both stacks are located in the same region.

For the AssetsBucket parameter, we must specify the region but not the commandRole because the stacks are located in the same AWS account but in different regions.

# secret

Secret resolver reads value from a stack secret within the same Takomo project.

# Properties

resolver

Use secret.

stack

Stack path of the stack that defines the secret.

secret

The secret name.

# command

Command resolver reads value from output of a shell command.

# Properties

resolver

Use cmd.

command

The shell command to execute.

Last Updated: 5/21/2020, 8:21:46 PM