# Parameter Resolvers
Parameter resolvers are used to resolve values for stack parameters at runtime.
They are useful when you need to read some information from other stacks or AWS resources, and use that information as input parameters for your stacks.
Parameter resolvers have the following properties:
resolver- A string representing the resolver type
confidential- An optional boolean specifying if the parameter value should be concealed from logs
In addition to the aforementioned properties, different parameter resolvers can have properties of their own.
Built-in parameter resolvers
There are four built in parameter resolvers:
Stack output resolver reads the parameter value from a stack output of another stack configured within the same Takomo project. The stack from where the output is read is referred as the source stack, and the stack that is using the resolver is referred as the target stack.
The source stack automatically becomes the target stack's dependency.
The output value is read using credentials associated with the source stack.
If you need to read outputs of stacks that are not configured in the same Takomo project, you can use external stack output resolver.
Stack path of the source stack.
Name the stack output.
Say, we have two stacks:
The former creates a VPC and exposes its id in the stack outputs
with a name
VpcId, and the latter uses the VPC id to create some
The directory structure looks like this:
. ├─ stacks │ ├- vpc.yml │ └─ security-groups.yml └- templates ├- vpc.yml └─ security-groups.yml
Stack configuration file: stacks/security-groups.yml
security-groups.yml stack configuration we use the
to read the value for the
VpcId parameter like so:
parameters: VpcId: resolver: stack-output stack: /vpc.yml output: MyVpcId
# See Also
External stack output resolver reads the parameter value from a stack output of a stack. The stack from where the output is read is referred as the source stack, and the stack that is using the resolver is referred as the target stack.
The source stack does not have to be configured within the same Takomo project as the target stack is.
Name of the source stack.
Name of the stack output.
Region of the source stack.
Region is optional. By default, the region of the target stack is used.
IAM role used to access the stack output.
Command role is optional. By default, credentials associated with the target stack are used.
Say, we have two separate accounts:
123456789012 has one stack
src-bucket. It is located in the
us-east-1 region and exposes name of an application sources bucket in
a stack output named
123456789012 account also has
a read-only role that the
888888888888 account can assume.
888888888888 account has two stacks:
The stacks are located in the
eu-west-1 regions, respectively.
assets-bucket stack exposes name of an assets bucket in a stack output
build-infra stack is managed in our Takomo project. The two
other stacks are configured elsewhere. The
build-infra stack has two parameters:
AssetsBucket. To get the values for them, we use the
external-stack-output resolver to read the outputs from the two other stacks.
The directory structure looks like this:
. ├─ stacks │ └- build-infra.yml └- templates └─ build-infra.yml
Stack configuration file: stacks/build-infra.yml
The configuration of
build-infra stack looks like this:
regions: us-east-1 parameters: SrcBucket: resolver: external-stack-output stack: src-bucket output: SrcBucketName commandRole: arn:aws:iam::123456789012:role/read-only AssetsBucket: resolver: external-stack-output stack: assets-bucket output: AssetsBucketName region: eu-west-1
SrcBucket parameter, we need to specify the
the source stack is located in a different AWS account. We don't need
to specify the
region because the both stacks are located in the
AssetsBucket parameter, we must specify the
region but not the
because the stacks are located in the same AWS account but in different regions.
Secret resolver reads value from a stack secret within the same Takomo project.
Stack path of the stack that defines the secret.
The secret name.
Command resolver reads value from output of a shell command.
The shell command to execute.