I'm getting an error with the following piece of code , for some reason Cloudformation is not allowing me to upload my template due to this error:
"One or more Fn::Sub intrinsic functions don't specify expected arguments. Specify a string as first argument, and an optional second argument to specify a mapping of values to replace in the string"
Here is what is causing that but I don't know whats wrong with it:
Its an ENV variable in a container definition for ECS:
- Name: 'DB_URL'
Value: !Sub
- "mysql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}"
- DB_USER: application_user
- DB_PASSWORD: "{{resolve:ssm-secure:/${Prefix}/database/application_user/password}}"
- DB_NAME: "{{resolve:ssm:/${Prefix}/DB_NAME}}"
- DB_PORT: "{{resolve:ssm:/${Prefix}/DB_PORT}}"
- DB_HOST: "{{resolve:ssm:/${Prefix}/DB_HOST}}"
- Prefix: !Ref ParameterStorePrefix
I haven't tried much, I wanted a bit of direction as I couldn't find a fix online.
Expectation is the ENV VAR is not hardcoded in the Cloudformation and it is able to have a value of :
mysql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}
whilst retrieving the parameters in curly brackets from systems manager or secrets manager.
Should be like this:
- Name: 'DB_URL'
Value: !Sub
- "mysql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}"
-
DB_USER: application_user
DB_PASSWORD: !Sub "{{resolve:ssm-secure:/${ParameterStorePrefix}/database/application_user/password}}"
DB_NAME: !Sub "{{resolve:ssm:/${ParameterStorePrefix}/DB_NAME}}"
DB_PORT: !Sub "{{resolve:ssm:/${ParameterStorePrefix}/DB_PORT}}"
DB_HOST: !Sub "{{resolve:ssm:/${ParameterStorePrefix}/DB_HOST}}"
Not sure about Sub for secrets though. But the main issue is the 2nd parameter of main sub is an object (not an array).
On another note. It looks like you are trying to use it in your stack's Outputs section. Not sure it is a good idea to output a database password.