Template format error: YAML not well-formed.

Archives Ansible Project
1

Hi all,

My cloudformation template has exceeded the template body limit more than 51200 bytes and I am trying to upload to s3 and deploy using cross account. I used template_url parameter in the playbook but giving an error. Before adding template_url, I had template_body which was working fine. I have only replaced template_body to template_url.

Please find the playbook below:

  • name: create xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles changeset
    cloudformation:
    stack_name: “xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles”
    state: present
    region: “{{ account_config.1 }}”
    aws_access_key: “{{ account_config.0.sts_creds.access_key }}”
    aws_secret_key: “{{ account_config.0.sts_creds.secret_key }}”
    security_token: “{{ account_config.0.sts_creds.session_token }}”
    create_changeset: true
    changeset_name: “{{ cf_changeset_name }}”
    template_url: “https://s3.console.aws.amazon.com/s3/buckets/xxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxx/cloudformation/xxxxxxx/xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles.yaml
    template_parameters: “{{ account_config.0.account_config.stacks[’ xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles’].params }}”
    termination_protection: no
    tags: “{{ global_tags | combine(account_config.0.account_config.stacks[’ xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles’].override_tags, recursive=True) }}”
    loop: “{{ assumed_roles_with_account_config.results|subelements(‘account_config.regions’, skip_missing=True) }}”
    loop_control:
    loop_var: account_config
    label: “{{ account_config.0.account_config.account_alias }}:{{ account_config.1 }}”
    tags:
    rxgt-ps-identity-stack-deploy

  • name: create xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles stack
    cloudformation:
    stack_name: “xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles”
    state: present
    region: “{{ account_config.1 }}”
    aws_access_key: “{{ account_config.0.sts_creds.access_key }}”
    aws_secret_key: “{{ account_config.0.sts_creds.secret_key }}”
    security_token: “{{ account_config.0.sts_creds.session_token }}”
    create_changeset: false
    changeset_name: “{{ cf_changeset_name }}”
    template_url: “https://s3.console.aws.amazon.com/s3/buckets/xxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxx/cloudformation/xxxxxxx/xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles.yaml

template_parameters: “{{ account_config.0.account_config.stacks[‘xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles’].params }}”
termination_protection: no
tags: “{{ global_tags | combine(account_config.0.account_config.stacks[‘xx-xxxx-xxxx-xxxxxx-iam-atlas-developer-roles’].override_tags, recursive=True) }}”

Convert to a list of dicts duplicated per region. See https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter

loop: “{{ assumed_roles_with_account_config.results|subelements(‘account_config.regions’, skip_missing=True) }}”
loop_control:
loop_var: account_config
label: “{{ account_config.0.account_config.account_alias }}:{{ account_config.1 }}”
when: with_stack_deploy
tags:
rxgt-ps-identity-stack-deploy

2

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (ValidationError) when calling the CreateChangeSet operation: Template format error: YAML not well-formed. (line 12, column 6)

3

It would have shown line number as well in the error. Please look into yaml file.

May be it could be an issue with unnecessary tab/space.

Regards,
Karthik.C

4

Yes, it did show the line number (line 12, column 6). I checked the line with tab and space

  • name: get sts session token

I did not make any update on this section. The only change I made was instead of template_body, I changed to template_url.

5

hi, when I paste that YAML to

https://jsonformatter.org/yaml-validator

it reckons line 22 is a problem - the second -name entry. When I remove from line 22 down it reckons it’s valid YAML.

Regards, Straff

6

What is the problem that it reports on line 22?

When posting code, please post in a fixed-width font if you can. Makes it easier to check indentation.

Regards, K.

7

ooops … the error was due to me copy/paste formatting - the second ‘-name’ got indented too far - fixing that indentation makes it valid YAML according to that site

8

Please find my code below: I checked the code using YAML validator and looks like it is valid. But still complaining about Line 12 column 6.

Any help please?

9

I suspect the issue is introduced by the copy/pasting.
Can you pipe it directly to yamllint and tell us what that says?

DIck

10

Hi,

That issue is now fixed by re-doing that part of the code but introduced with another error: S3 error: Requests specifying Server Side Encryption with AWS KMS managed keys require AWS Signature Version 4. This is because the S3 bucket is encrypted. I tried to create a temporary unencrypted bucket and it works fine. I found a document and it says “to use KMS with S3 encryption you have to set the signature version to v4 explicitly”

https://forums.aws.amazon.com/thread.jspa?threadID=165286
https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version

I am not sure where this needs to be updated, as I am running this code from Cloud9 environment. I guess it is Python-Boto SDK.