AWS::OpsWorks::Stack - AWS CloudFormation (original) (raw)
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{
"Type" : "AWS::OpsWorks::Stack",
"Properties" : {
"AgentVersion" : String,
"Attributes" : {Key: Value, ...},
"ChefConfiguration" : ChefConfiguration,
"CloneAppIds" : [ String, ... ],
"ClonePermissions" : Boolean,
"ConfigurationManager" : StackConfigurationManager,
"CustomCookbooksSource" : Source,
"CustomJson" : Json,
"DefaultAvailabilityZone" : String,
"DefaultInstanceProfileArn" : String,
"DefaultOs" : String,
"DefaultRootDeviceType" : String,
"DefaultSshKeyName" : String,
"DefaultSubnetId" : String,
"EcsClusterArn" : String,
"ElasticIps" : [ ElasticIp, ... ],
"HostnameTheme" : String,
"Name" : String,
"RdsDbInstances" : [ RdsDbInstance, ... ],
"ServiceRoleArn" : String,
"SourceStackId" : String,
"Tags" : [ Tag, ... ],
"UseCustomCookbooks" : Boolean,
"UseOpsworksSecurityGroups" : Boolean,
"VpcId" : String
}
}
Properties
AgentVersion
The default AWS OpsWorks Stacks agent version. You have the following options:
- Auto-update - Set this parameter to
LATEST. AWS OpsWorks Stacks automatically installs new agent versions on the stack's instances as soon as they are available. - Fixed version - Set this parameter to your preferred agent version. To update the agent version, you must edit the stack configuration and specify a new version. AWS OpsWorks Stacks installs that version on the stack's instances.
The default setting is the most recent release of the agent. To specify an agent version, you must use the complete version number, not the abbreviated number shown on the console. For a list of available agent version numbers, call DescribeAgentVersions. AgentVersion cannot be set to Chef 12.2.
Note
You can also specify an agent version when you create or update an instance, which overrides the stack's default setting.
Required: No
Type: String
Update requires: No interruption
Attributes
One or more user-defined key-value pairs to be added to the stack attributes.
Required: No
Type: Object of String
Pattern: [a-zA-Z0-9]+
Update requires: No interruption
ChefConfiguration
A ChefConfiguration object that specifies whether to enable Berkshelf and the Berkshelf version on Chef 11.10 stacks. For more information, see Create a New Stack.
Required: No
Type: ChefConfiguration
Update requires: No interruption
CloneAppIds
If you're cloning an AWS OpsWorks stack, a list of AWS OpsWorks application stack IDs from the source stack to include in the cloned stack.
Required: No
Type: Array of String
Update requires: Replacement
ClonePermissions
If you're cloning an AWS OpsWorks stack, indicates whether to clone the source stack's permissions.
Required: No
Type: Boolean
Update requires: Replacement
ConfigurationManager
The configuration manager. When you create a stack we recommend that you use the configuration manager to specify the Chef version: 12, 11.10, or 11.4 for Linux stacks, or 12.2 for Windows stacks. The default value for Linux stacks is currently 12.
Required: No
Type: StackConfigurationManager
Update requires: No interruption
CustomCookbooksSource
Contains the information required to retrieve an app or cookbook from a repository. For more information, see Adding Apps or Cookbooks and Recipes.
Required: No
Type: Source
Update requires: No interruption
CustomJson
A string that contains user-defined, custom JSON. It can be used to override the corresponding default stack configuration attribute values or to pass data to recipes. The string should be in the following format:
"{\"key1\": \"value1\", \"key2\": \"value2\",...}"
For more information about custom JSON, see Use Custom JSON to Modify the Stack Configuration Attributes.
Required: No
Type: Json
Update requires: No interruption
DefaultAvailabilityZone
The stack's default Availability Zone, which must be in the specified region. For more information, see Regions and Endpoints. If you also specify a value for DefaultSubnetId, the subnet must be in the same zone. For more information, see the VpcId parameter description.
Required: No
Type: String
Update requires: No interruption
DefaultInstanceProfileArn
The Amazon Resource Name (ARN) of an IAM profile that is the default profile for all of the stack's EC2 instances. For more information about IAM ARNs, see Using Identifiers.
Required: Yes
Type: String
Update requires: No interruption
DefaultOs
The stack's default operating system, which is installed on every instance unless you specify a different operating system when you create the instance. You can specify one of the following.
- A supported Linux operating system: An Amazon Linux version, such as
Amazon Linux 2,Amazon Linux 2018.03,Amazon Linux 2017.09,Amazon Linux 2017.03,Amazon Linux 2016.09,Amazon Linux 2016.03,Amazon Linux 2015.09, orAmazon Linux 2015.03. - A supported Ubuntu operating system, such as
Ubuntu 18.04 LTS,Ubuntu 16.04 LTS,Ubuntu 14.04 LTS, orUbuntu 12.04 LTS. CentOS Linux 7Red Hat Enterprise Linux 7- A supported Windows operating system, such as
Microsoft Windows Server 2012 R2 Base,Microsoft Windows Server 2012 R2 with SQL Server Express,Microsoft Windows Server 2012 R2 with SQL Server Standard, orMicrosoft Windows Server 2012 R2 with SQL Server Web. - A custom AMI:
Custom. You specify the custom AMI you want to use when you create instances. For more information, see Using Custom AMIs.
The default option is the current Amazon Linux version. Not all operating systems are supported with all versions of Chef. For more information about supported operating systems, see AWS OpsWorks Stacks Operating Systems.
Required: No
Type: String
Update requires: No interruption
DefaultRootDeviceType
The default root device type. This value is the default for all instances in the stack, but you can override it when you create an instance. The default option isinstance-store. For more information, see Storage for the Root Device.
Required: No
Type: String
Allowed values: ebs | instance-store
Update requires: No interruption
DefaultSshKeyName
A default Amazon EC2 key pair name. The default value is none. If you specify a key pair name, AWS OpsWorks installs the public key on the instance and you can use the private key with an SSH client to log in to the instance. For more information, see Using SSH to Communicate with an Instance and Managing SSH Access. You can override this setting by specifying a different key pair, or no key pair, when you create an instance.
Required: No
Type: String
Update requires: No interruption
DefaultSubnetId
The stack's default subnet ID. All instances are launched into this subnet unless you specify another subnet ID when you create the instance. This parameter is required if you specify a value for theVpcId parameter. If you also specify a value forDefaultAvailabilityZone, the subnet must be in that zone.
Required: Conditional
Type: String
Update requires: No interruption
EcsClusterArn
The Amazon Resource Name (ARN) of the Amazon Elastic Container Service (Amazon ECS) cluster to register with the AWS OpsWorks stack.
Note
If you specify a cluster that's registered with another AWS OpsWorks stack, AWS CloudFormation deregisters the existing association before registering the cluster.
Required: No
Type: String
Update requires: No interruption
ElasticIps
A list of Elastic IP addresses to register with the AWS OpsWorks stack.
Note
If you specify an IP address that's registered with another AWS OpsWorks stack, AWS CloudFormation deregisters the existing association before registering the IP address.
Required: No
Type: Array of ElasticIp
Update requires: No interruption
HostnameTheme
The stack's host name theme, with spaces replaced by underscores. The theme is used to generate host names for the stack's instances. By default, HostnameTheme is set to Layer_Dependent, which creates host names by appending integers to the layer's short name. The other themes are:
Baked_GoodsCloudsEurope_CitiesFruitsGreek_Deities_and_TitansLegendary_creatures_from_JapanPlanets_and_MoonsRoman_DeitiesScottish_IslandsUS_CitiesWild_Cats
To obtain a generated host name, call GetHostNameSuggestion, which returns a host name based on the current theme.
Required: No
Type: String
Update requires: No interruption
Name
The stack name. Stack names can be a maximum of 64 characters.
Required: Yes
Type: String
Update requires: No interruption
RdsDbInstances
The Amazon Relational Database Service (Amazon RDS) database instance to register with the AWS OpsWorks stack.
Note
If you specify a database instance that's registered with another AWS OpsWorks stack, AWS CloudFormation deregisters the existing association before registering the database instance.
Required: No
Type: Array of RdsDbInstance
Update requires: No interruption
ServiceRoleArn
The stack's IAM role, which allows AWS OpsWorks Stacks to work with AWS resources on your behalf. You must set this parameter to the Amazon Resource Name (ARN) for an existing IAM role. For more information about IAM ARNs, see Using Identifiers.
Required: Yes
Type: String
Update requires: Replacement
SourceStackId
If you're cloning an AWS OpsWorks stack, the stack ID of the source AWS OpsWorks stack to clone.
Required: No
Type: String
Update requires: Replacement
Tags
A map that contains tag keys and tag values that are attached to a stack or layer.
- The key cannot be empty.
- The key can be a maximum of 127 characters, and can contain only Unicode letters, numbers, or separators, or the following special characters:
+ - = . _ : / - The value can be a maximum 255 characters, and contain only Unicode letters, numbers, or separators, or the following special characters:
+ - = . _ : / - Leading and trailing white spaces are trimmed from both the key and value.
- A maximum of 40 tags is allowed for any resource.
Required: No
Type: Array of Tag
Update requires: No interruption
UseCustomCookbooks
Whether the stack uses custom cookbooks.
Required: No
Type: Boolean
Update requires: No interruption
UseOpsworksSecurityGroups
Whether to associate the AWS OpsWorks Stacks built-in security groups with the stack's layers.
AWS OpsWorks Stacks provides a standard set of built-in security groups, one for each layer, which are associated with layers by default. With UseOpsworksSecurityGroups you can instead provide your own custom security groups. UseOpsworksSecurityGroups has the following settings:
- True - AWS OpsWorks Stacks automatically associates the appropriate built-in security group with each layer (default setting). You can associate additional security groups with a layer after you create it, but you cannot delete the built-in security group.
- False - AWS OpsWorks Stacks does not associate built-in security groups with layers. You must create appropriate EC2 security groups and associate a security group with each layer that you create. However, you can still manually associate a built-in security group with a layer on creation; custom security groups are required only for those layers that need custom settings.
For more information, see Create a New Stack.
Required: No
Type: Boolean
Update requires: No interruption
VpcId
The ID of the VPC that the stack is to be launched into. The VPC must be in the stack's region. All instances are launched into this VPC. You cannot change the ID later.
- If your account supports EC2-Classic, the default value is
no VPC. - If your account does not support EC2-Classic, the default value is the default VPC for the specified region.
If the VPC ID corresponds to a default VPC and you have specified either theDefaultAvailabilityZone or the DefaultSubnetId parameter only, AWS OpsWorks Stacks infers the value of the other parameter. If you specify neither parameter, AWS OpsWorks Stacks sets these parameters to the first valid Availability Zone for the specified region and the corresponding default VPC subnet ID, respectively.
If you specify a nondefault VPC ID, note the following:
- It must belong to a VPC in your account that is in the specified region.
- You must specify a value for
DefaultSubnetId.
For more information about how to use AWS OpsWorks Stacks with a VPC, see Running a Stack in a VPC. For more information about default VPC and EC2-Classic, see Supported Platforms.
Required: No
Type: String
Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource name. For example:
{ "Ref": "_myStack_" }
For the AWS OpsWorks stack myStack, Ref returns the AWS OpsWorks stack ID.
For more information about using the Ref function, see Ref.
Fn::GetAtt
Examples
Template Snippet
The following snippet creates an AWS OpsWorks stack that uses the default service role and Amazon EC2 role, which are created after you use AWS OpsWorks for the first time:
JSON
"myStack" : {
"Type" : "AWS::OpsWorks::Stack",
"Properties" : {
"Name" : {"Ref":"OpsWorksStackName"},
"ServiceRoleArn" : { "Fn::Join": ["", ["arn:aws:iam::", {"Ref":"AWS::AccountId"}, ":role/aws-opsworks-service-role"]] },
"DefaultInstanceProfileArn" : { "Fn::Join": ["", ["arn:aws:iam::", {"Ref":"AWS::AccountId"}, ":instance-profile/aws-opsworks-ec2-role"]] },
"DefaultSshKeyName" : {"Ref":"KeyName"}
}
}YAML
myStack:
Type: "AWS::OpsWorks::Stack"
Properties:
Name:
Ref: "OpsWorksStackName"
ServiceRoleArn:
Fn::Join:
- ""
-
- "arn:aws:iam::"
-
Ref: "AWS::AccountId"
- ":role/aws-opsworks-service-role"
DefaultInstanceProfileArn:
Fn::Join:
- ""
-
- "arn:aws:iam::"
-
Ref: "AWS::AccountId"
- ":instance-profile/aws-opsworks-ec2-role"
DefaultSshKeyName:
Ref: "KeyName"Specify tags for layers and stacks
The following complete template example specifies tags for an AWS OpsWorks layer and stack that reference parameter values.
JSON
{
"Resources": {
"ServiceRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
{
"Ref": "OpsServicePrincipal"
}
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path": "/",
"Policies": [
{
"PolicyName": "opsworks-service",
"PolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:*",
"iam:PassRole",
"cloudwatch:GetMetricStatistics",
"elasticloadbalancing:*"
],
"Resource": "*"
}
]
}
}
]
}
},
"OpsWorksEC2Role": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
{
"Ref": "Ec2ServicePrincipal"
}
]
},
"Action": [
"sts:AssumeRole"
]
}
]
},
"Path": "/"
}
},
"InstanceRole": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [
{
"Ref": "OpsWorksEC2Role"
}
]
}
},
"myStack": {
"Type": "AWS::OpsWorks::Stack",
"Properties": {
"Name": "TestStack",
"ServiceRoleArn": {
"Fn::GetAtt": [
"ServiceRole",
"Arn"
]
},
"DefaultInstanceProfileArn": {
"Fn::GetAtt": [
"InstanceRole",
"Arn"
]
},
"Tags": [
{
"Key": {
"Ref": "StackKey"
},
"Value": {
"Ref": "StackValue"
}
}
]
}
},
"myLayer": {
"Type": "AWS::OpsWorks::Layer",
"Properties": {
"EnableAutoHealing": "true",
"AutoAssignElasticIps": "false",
"AutoAssignPublicIps": "true",
"StackId": {
"Ref": "myStack"
},
"Type": "custom",
"Shortname": "shortname",
"Name": "name",
"Tags": [
{
"Key": {
"Ref": "LayerKey"
},
"Value": {
"Ref": "LayerValue"
}
}
]
}
}
},
"Parameters": {
"StackKey": {
"Type": "String"
},
"LayerKey": {
"Type": "String"
},
"StackValue": {
"Type": "String"
},
"LayerValue": {
"Type": "String"
},
"OpsServicePrincipal": {
"Type": "String"
},
"Ec2ServicePrincipal": {
"Type": "String"
}
}
}YAML
Resources:
ServiceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- !Ref OpsServicePrincipal
Action:
- 'sts:AssumeRole'
Path: /
Policies:
- PolicyName: opsworks-service
PolicyDocument:
Statement:
- Effect: Allow
Action:
- 'ec2:*'
- 'iam:PassRole'
- 'cloudwatch:GetMetricStatistics'
- 'elasticloadbalancing:*'
Resource: '*'
OpsWorksEC2Role:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- !Ref Ec2ServicePrincipal
Action:
- 'sts:AssumeRole'
Path: /
InstanceRole:
Type: AWS::IAM::InstanceProfile
Properties:
Path: /
Roles:
- !Ref OpsWorksEC2Role
myStack:
Type: AWS::OpsWorks::Stack
Properties:
Name: TestStack
ServiceRoleArn: !GetAtt
- ServiceRole
- Arn
DefaultInstanceProfileArn: !GetAtt
- InstanceRole
- Arn
Tags:
- Key: !Ref StackKey
Value: !Ref StackValue
myLayer:
Type: AWS::OpsWorks::Layer
Properties:
EnableAutoHealing: 'true'
AutoAssignElasticIps: 'false'
AutoAssignPublicIps: 'true'
StackId: !Ref myStack
Type: custom
Shortname: shortname
Name: name
Tags:
- Key: !Ref LayerKey
Value: !Ref LayerValue
Parameters:
StackKey:
Type: String
LayerKey:
Type: String
StackValue:
Type: String
LayerValue:
Type: String
OpsServicePrincipal:
Type: String
Ec2ServicePrincipal:
Type: StringSee also
- CreateStack in the AWS OpsWorks API Reference.
- Create a New Stack in the AWS OpsWorks User Guide.