Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fn::ForEach enhancement to create list parameters #161

Open
kothapet opened this issue Nov 22, 2024 · 2 comments
Open

Fn::ForEach enhancement to create list parameters #161

kothapet opened this issue Nov 22, 2024 · 2 comments

Comments

@kothapet
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request

What do you want us to build?

I want the ability to create list parameters with Fn::ForEach language extension. So instead of outputkey:outputValue, ability to specify just the value and that should result in an list of values.
And value could be a object.

syntax may be similar to something like

'Fn::ForEach::UniqueLoopName':
    - Identifier
    - - Value1 # Collection
      - Value2
    - OutputValue

See example

Tell us about the problem you are trying to solve. What are you trying to do, and why is it hard?

What outcome are you trying to achieve, ultimately, and why is it hard/impossible to do right now?
What is the impact of not having this problem solved? The more details you can provide, the better we will be able to understand and solve the problem.

Are you currently working around this issue?

How are you currently solving this problem?

No easy solution but to hardcode pass separate parameters.

What is the expected behavior with this new feature

Please include some code examples showing how this feature can be used.

E.g. I want to create a security group with dynamic list of ingress or egress rules.
CF should something like this

Parameters:
#
  CidrBlockList:
    Type: CommaDelimitedList
    Default: "10.0.0.0/24,10.0.10.0/24,10.0.20.0/24"
#
Resources:
#        
  TestSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties: 
      GroupName: some-group
      GroupDescription:  This is a test security group 
      VpcId: vpc-xxxxxx
      SecurityGroupIngress:
        'Fn::ForEach::IngressRule':
          - 'CidrBlock'
          - !Ref CidrBlockList
          - Description: !Sub "Allow TLS 1234 MSK IAM connections from ${CidrBlock}"
            IpProtocol: tcp
            FromPort: 1234
            ToPort: 1234
            CidrIp: !Sub "${CidrBlock}"

And it should produce

Resources:
#        
  TestSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties: 
      GroupName: some-group
      GroupDescription:  This is a test security group 
      VpcId: vpc-xxxxxx
      SecurityGroupIngress:
        - Description: !Sub "Allow TLS 1234 MSK IAM connections from 10.0.0.0/24"
          IpProtocol: tcp
          FromPort: 1234
          ToPort: 1234
          CidrIp: 10.0.0.0/24
        - Description: !Sub "Allow TLS 1234 MSK IAM connections from 10.0.10.0/24"
          IpProtocol: tcp
          FromPort: 1234
          ToPort: 1234
          CidrIp: 10.0.10.0/24
        - Description: !Sub "Allow TLS 1234 MSK IAM connections from 10.0.20.0/24"
          IpProtocol: tcp
          FromPort: 1234
          ToPort: 1234
          CidrIp: 10.0.20.0/24

Additional context

Anything else we should know?

Attachments

If you think you might have additional information that you would like to include via an attachment,
please do - we will take a look. (Remember to remove any personally-identifiable information.)
@kothapet kothapet changed the title Fn::ForEach to enhancement to create list parameters Fn::ForEach enhancement to create list parameters Nov 22, 2024
@schrockwell
Copy link

schrockwell commented Jan 22, 2025
edited
Loading

I agree this is badly needed, and I have one suggestion. With your example, there is no way to differentiate between a ForEach loop that builds an object (current behavior) versus a loop that builds an array (proposed behavior).

To set it apart, I believe the loop template should be a nested list, so it is clear that the loop is returning a list of items instead of a bunch of key/value pairs.

        'Fn::ForEach::IngressRule':
          - 'CidrBlock'
          - !Ref CidrBlockList
          # CHANGED HERE:
          - - Description: !Sub "Allow TLS 1234 MSK IAM connections from ${CidrBlock}"
              IpProtocol: tcp
              FromPort: 1234
              ToPort: 1234
              CidrIp: !Sub "${CidrBlock}"

Put another way: if the ForEach template is a list, then all the list items returned by the template should be concatenated together into a big list. This even opens up the possibility to generate multiple list items per loop iteration.

@kothapet
Copy link
Author

kothapet commented Jan 24, 2025
edited
Loading

Yeah that will work, i was just showing an example, actual implementation may vary, as long as it produces list.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@schrockwell @kothapet