Conduit [ noun ] - a pipe or tube for conveying water or other fluid.


The conduitspec.yaml is the CI pipeline specification file, which provides metadata about your Cloudformation project to facilitate building, versioning and deploying your application.

The root element of the yaml is the inventory, which is a collection of deployable artefacts within your project. Each artefact that is specified in the inventory should be uniquely identified by its portfolio* and **product names. The terms potrfolio and product have been stolen from AWS Service Catalog, but accurately represent the underlying goal of the conduitspec.yaml - the provisioning of a collection of cloudformation templates (products) for a given project (portfolio).



Serverless Framework

    - portfolio: "example-portfolio"
      product: "groovy-product"
      sls: True
          - sls package -s ${STAGE}
      artifact: .serverless/cloudformation-template-update-stack.json
          - .serverless/

Service Catalog

    - product: "groovy-product"
      portfolio: "example-portfolio"
      serviceCatalog: True
      artifact: "root-cfn-stack.yml"
      type: "yaml"
          - "first-cfn-nested-stack.yml"
          - "second-cfn-nested-stack.yml"
          - ""
          - zip lambas/*.py


My pipeline is failing with the error message: “Please do not use wildcard actions in your conduitspec.yaml deployProfile.” We can’t know up front what resources will be provisioned by a CI Pipeline, so the only appropriate IAM role to assign up front is Administrator. Thats a bad idea! The role of the deployProfile is to limit what a CI pipeline can do to only what it needs to do - you as the developer know what resources you are creating / updating / deleting and so you need to tell the CI Pipeline what IAM actions it needs access to.

Assigning a wildcard to an action violates the core principal behind the deployProfile, and so the CI Pipeline will fail if it finds one.

My pipeline is failing with the error message: “Please do not use wildcard resources in your conduitspec.yaml deployProfile.” Same as above but at resource level. Try to be as specific as possible about what resources you are creating.

Whats the HTTP URL for my nested stack? Serverless Framework - This will be generated by Serverless and the CI Pipeline will take care of the rest. Ensure that you have the sls property set to True on your conduitspec product.

Plain Cloudformation - The CI Pipeline will perform some magic to replace instances of __resources__ with the correct S3 bucket and path. All you need is “


Type: ‘AWS::CloudFormation::Stack’ Properties:

TemplateURL: “” Parameters:

ProjectName: !Ref ProjectName ServiceName: !Ref ServiceName