How to disable CloudFormation Input parameter for user

Question

I am trying to use the following input parameter in my template:

```
AmiID:
    Type: AWS::SSM::Parameter::Value
    Description: Only the following image is supported currently.
    Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
    ConstraintDescription: Must be a supported AMI ID.
```
And, i don't want the user to mess with this input parameter.
Is it possible to restrict user from editing this particular field in stack creation process?

Accepted Answer

I assume you are using this for EC2 resource, e.g.
```
Parameters:
  LatestAmiId:
    Type: 'AWS::SSM::Parameter::Value'
    Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'

Resources:
 Instance:
    Type: 'AWS::EC2::Instance'
    Properties:
      ImageId: !Ref LatestAmiId
```

An option is not to specify it as a parameter. Instead use `resolve:ssm` function as per below
```
Resources:
 Instance:
    Type: 'AWS::EC2::Instance'
    Properties:
      ImageId: "{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}"
```

Answer

Hi

You can probably use the `AllowedValues ` in CloudFormation to create a list of allowed values. Only the values in this list can be used, so if you have a list with only one value the user must use that.

```
AmiID:
    Type: AWS::SSM::Parameter::Value
    Description: Only the following image is supported currently.
    Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
    AllowedValues:
        -  /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
    ConstraintDescription: Must be a supported AMI ID.
```

Answer

Not sure if possible but one approach could be to look into the Cloudformation Conditions and apply to the input: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/conditions-section-structure.html

How to disable CloudFormation Input parameter for user

相關內容