CloudFormation template Resources syntax - AWS CloudFormation (original) (raw)
The Resources section is a required top-level section in a CloudFormation template. It declares the AWS resources that you want CloudFormation to provision and configure as part of your stack.
Syntax
The Resources section uses the following syntax:
JSON
"Resources" : {
"LogicalResourceName1" : {
"Type" : "AWS::ServiceName::ResourceType",
"Properties" : {
"PropertyName1" : "PropertyValue1",
...
}
},
"LogicalResourceName2" : {
"Type" : "AWS::ServiceName::ResourceType",
"Properties" : {
"PropertyName1" : "PropertyValue1",
...
}
}
}YAML
Resources:
LogicalResourceName1:
Type: AWS::ServiceName::ResourceType
Properties:
PropertyName1: PropertyValue1
...
LogicalResourceName2:
Type: AWS::ServiceName::ResourceType
Properties:
PropertyName1: PropertyValue1
...Logical ID (also called logical name)
Within a CloudFormation template, resources are identified by their logical resource names. These names must be alphanumeric (A-Za-z0-9) and unique within the template. Logical names are used to reference resources from other sections of the template.
Resource type
Each resource must have a Type attribute, which defines the kind of AWS resource it is. The Type attribute has the formatAWS::`ServiceName`::`ResourceType`. For example, the Type attribute for an Amazon S3 bucket isAWS::S3::Bucket.
For the full list of supported resource types, see the AWS resource and property types reference.
Resource properties
Resource properties are additional options that you can specify to define configuration details for the specific resource type. Some properties are required, while others are optional. Some properties have default values, so specifying those properties is optional.
For details on the properties supported for each resource type, see the topics inAWS resource and property types reference.
Property values can be literal strings, lists of strings, Booleans, dynamic references, parameter references, pseudo references, or the value returned by a function. The following examples show you how to declare different property value types:
JSON
"Properties" : {
"String" : "A string value",
"Number" : 123,
"LiteralList" : [ "first-value", "second-value" ],
"Boolean" : true
}YAML
Properties:
String: A string value
Number: 123
LiteralList:
- first-value
- second-value
Boolean: true
Physical ID
In addition to the logical ID, certain resources also have a physical ID, which is the actual assigned name for that resource, such as an EC2 instance ID or an S3 bucket name. Use the physical IDs to identify resources outside of CloudFormation templates, but only after the resources have been created. For example, suppose you give an EC2 instance resource a logical ID of MyEC2Instance. When CloudFormation creates the instance, CloudFormation automatically generates and assigns a physical ID (such asi-1234567890abcdef0) to the instance. You can use this physical ID to identify the instance and view its properties (such as the DNS name) by using the Amazon EC2 console.
For Amazon S3 buckets and many other resources, CloudFormation automatically generates a unique physical name for the resource if you don't explicitly specify one. This physical name is based on a combination of the name of the CloudFormation stack, the resource's logical name specified in the CloudFormation template, and a unique ID. For example, if you have an Amazon S3 bucket with the logical name MyBucket in a stack namedMyStack, CloudFormation might name the bucket with the following physical name MyStack-MyBucket-abcdefghijk1.
For resources that support custom names, you can assign your own physical names to help you quickly identify resources. For example, you can name an S3 bucket that stores logs as MyPerformanceLogs. For more information, see Name type.
Referencing resources
Often, you need to set properties on one resource based on the name or property of another resource. For example, you might create an EC2 instance that uses EC2 security groups, or a CloudFront distribution backed by an S3 bucket. All of these resources can be created in the same CloudFormation template.
CloudFormation provides intrinsic functions that you can use to refer to other resources and their properties. These functions allow you to create dependencies between resources and pass values from one resource to another.
The Ref function
The Ref function is commonly used to retrieve an identifying property of resources defined within the same CloudFormation template. What it returns depends on the type of resource. For most resources, it returns the physical name of the resource. However, for some resource types, it might return a different value, such as an IP address for an AWS::EC2::EIP resource or an Amazon Resource Name (ARN) for an Amazon SNS topic.
The following examples demonstrate how to use the Ref function in properties. In each of these examples, the Ref function will return the actual name of the LogicalResourceName resource declared elsewhere in the template. The !Ref syntax example in the YAML example is just a shorter way of writing the Ref function.
JSON
"Properties" : {
"PropertyName" : { "Ref" : "LogicalResourceName" }
}YAML
Properties:
PropertyName1:
Ref: LogicalResourceName
PropertyName2: !Ref LogicalResourceNameFor more detailed information about the Ref function, see Ref function.
The Fn::GetAtt function
The Ref function is helpful if the parameter or the value returned for a resource is exactly what you want. However, you may need other attributes of a resource. For example, if you want to create a CloudFront distribution with an S3 origin, you need to specify the bucket location by using a DNS-style address. A number of resources have additional attributes whose values you can use in your template. To get these attributes, you use the Fn::GetAtt function.
The following examples demonstrate how to use the GetAtt function in properties. The Fn::GetAtt function takes two parameters, the logical name of the resource and the name of the attribute to be retrieved. The!GetAtt syntax example in the YAML example is just a shorter way of writing the GetAtt function.
JSON
"Properties" : {
"PropertyName" : {
"Fn::GetAtt" : [ "LogicalResourceName", "AttributeName" ]
}
}YAML
Properties:
PropertyName1:
Fn::GetAtt:
- LogicalResourceName
- AttributeName
PropertyName2: !GetAtt LogicalResourceName.AttributeNameFor more detailed information about the GetAtt function, see Fn::GetAtt.
Examples
The following examples illustrate how to declare resources and how CloudFormation templates can reference other resources defined within the same template and existing AWS resources.
Topics
- Declaring a single resource with a custom name
- Referencing other resources with the Ref function
- Referencing resource attributes using the Fn::GetAtt function
Declaring a single resource with a custom name
The following examples declare a single resource of typeAWS::S3::Bucket with the logical name MyBucket. TheBucketName property is set to amzn-s3-demo-bucket, which should be replaced with the desired name for your S3 bucket.
If you use this resource declaration to create a stack, CloudFormation will create an Amazon S3 bucket with default settings. For other resources, such as an Amazon EC2 instance or Auto Scaling group, CloudFormation requires more information.
JSON
{
"Resources": {
"MyBucket": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketName": "amzn-s3-demo-bucket"
}
}
}
}YAML
Resources:
MyBucket:
Type: 'AWS::S3::Bucket'
Properties:
BucketName: amzn-s3-demo-bucketReferencing other resources with the Ref function
The following examples show a resource declaration that defines an EC2 instance and a security group. The Ec2Instance resource references theInstanceSecurityGroup resource as part of itsSecurityGroupIds property using the Ref function. It also includes an existing security group (sg-12a4c434) that's not declared in the template. You use literal strings to refer to existing AWS resources.
JSON
{
"Resources": {
"Ec2Instance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"SecurityGroupIds": [
{
"Ref": "InstanceSecurityGroup"
},
"sg-12a4c434"
],
"KeyName": "MyKey",
"ImageId": "ami-1234567890abcdef0"
}
},
"InstanceSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable SSH access via port 22",
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": 22,
"ToPort": 22,
"CidrIp": "0.0.0.0/0"
}
]
}
}
}
}YAML
Resources:
Ec2Instance:
Type: 'AWS::EC2::Instance'
Properties:
SecurityGroupIds:
- !Ref InstanceSecurityGroup
- sg-12a4c434
KeyName: MyKey
ImageId: ami-1234567890abcdef0
InstanceSecurityGroup:
Type: 'AWS::EC2::SecurityGroup'
Properties:
GroupDescription: Enable SSH access via port 22
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0Referencing resource attributes using the Fn::GetAtt function
The following examples show a resource declaration that defines a CloudFront distribution resource and an S3 bucket. The MyDistribution resource specifies the DNS name of the MyBucket resource usingFn::GetAtt function to get the bucket's DomainName attribute. You'll notice that the Fn::GetAtt function lists its two parameters in an array. For functions that take multiple parameters, you use an array to specify their parameters.
JSON
{
"Resources": {
"MyBucket": {
"Type": "AWS::S3::Bucket"
},
"MyDistribution": {
"Type": "AWS::CloudFront::Distribution",
"Properties": {
"DistributionConfig": {
"Origins": [
{
"DomainName": {
"Fn::GetAtt": [
"MyBucket",
"DomainName"
]
},
"Id": "MyS3Origin",
"S3OriginConfig": {}
}
],
"Enabled": "true",
"DefaultCacheBehavior": {
"TargetOriginId": "MyS3Origin",
"ForwardedValues": {
"QueryString": "false"
},
"ViewerProtocolPolicy": "allow-all"
}
}
}
}
}
}YAML
Resources:
MyBucket:
Type: 'AWS::S3::Bucket'
MyDistribution:
Type: 'AWS::CloudFront::Distribution'
Properties:
DistributionConfig:
Origins:
- DomainName: !GetAtt
- MyBucket
- DomainName
Id: MyS3Origin
S3OriginConfig: {}
Enabled: 'true'
DefaultCacheBehavior:
TargetOriginId: MyS3Origin
ForwardedValues:
QueryString: 'false'
ViewerProtocolPolicy: allow-all