Description
The problem
Some properties have limited support for intrinsic functions (e.g. Ref, Fn::GetAtt, Fn::If, etc.).
Using unsupported intrinsic functions in such properties can cause issues with deployment.
Why it happens
AWS SAM is a AWS CloudFormation macro; it receives a SAM template as input (as-is, along with the intrinsic functions), and returns a CloudFormation template which is then deployed by CloudFormation.
This means that SAM is unable to resolve some intrinsic functions. For example, an !If condition with a Ref to a stack parameter is resolvable (SAM has access to the stack parameters), but a Ref to a stack resource is not (as the transform happens before deployment). Furthermore, SAM supports limited intrinsic function resolution for only some properties.
It's not an issue for properties that are passed as-is to properties of the underlying CloudFormation resources, but it becomes an issue when SAM must know the value for its transform logic.
Workarounds
Add the AWS::LanguageExtensions transform
The AWS::LanguageExtensions transform will resolve intrinsic functions if the value is known when Transforms are run.
Replace:
Transform: AWS::Serverless-2016-10-31With:
Transform:
- AWS::LanguageExtensions
- AWS::Serverless-2016-10-31The AWS SAM CLI currently doesn't process AWS::LanguageExtensions locally, so it won't work where local transforms are needed.
Note
There is a known issue where AWS::Serverless-2016-10-31 and AWS::LanguageExtensions can conflict; see aws-cloudformation/cfn-language-discussion#109.
Use a pass-through property, if available
Pass-through properties are passed directly to the underlying CloudFormation resources, hence intrinsic functions work. Check the "AWS CloudFormation compatibility" notice under properties to see whether the property is passed as-is to an underlying CloudFormation resource.
For example for the Schedule event type, use the State property instead of Enabled.
Use raw CloudFormation
If nothing else works, you can always switch to using the underlying CloudFormation resources directly. Since they are not processed by SAM, CloudFormation will be able to resolve the intrinsic functions.
You can get the transformed CloudFormation template of a stack <my-stack> using:
aws cloudformation get-template --query TemplateBody --change-set-name "$(aws cloudformation describe-stacks --query 'Stacks[0].ChangeSetId' --output text --stack-name <my-stack>)"Which you can then use to replace the affected resources.
See also #3007 (comment) for other ways of transforming a SAM template into a CloudFormation template.