CloudFormation template Conditions syntax - AWS CloudFormation (original) (raw)
The optional Conditions section contains statements that define the circumstances under which entities are created or configured. For example, you can create a condition and associate it with a resource or output so that CloudFormation creates the resource or output only if the condition is true. Similarly, you can associate a condition with a property so that CloudFormation sets the property to a specific value only if the condition is true. If the condition is false, CloudFormation sets the property to an alternative value that you specify.
You can use conditions when you want to reuse a template to create resources in different contexts, such as test versus production environments. For example, in your template, you can add an EnvironmentType input parameter that accepts eitherprod or test as inputs. For the prod environment, you might include EC2 instances with certain capabilities, while for the test environment, you might use reduced capabilities to save money. This condition definition allows you to define which resources are created and how they're configured for each environment type.
Syntax
The Conditions section consists of the key name Conditions. Each condition declaration includes a logical ID and one or more intrinsic functions.
JSON
"Conditions": {
"LogicalConditionName1": {
"Intrinsic function": ...[
},
"LogicalConditionName2": {
"Intrinsic function": ...
}
}YAML
Conditions:
LogicalConditionName1:
Intrinsic function:
...
LogicalConditionName2:
Intrinsic function:
...How conditions work
To use conditions, follow these steps:
- Add a parameter definition – Define the inputs that your conditions will evaluate in the
Parameterssection of your template. The conditions evaluate to true or false based on these input parameter values. Note that pseudo parameters are automatically available and don't require explicit definition in theParameterssection. For more information about pseudo parameters, see Get AWS values using pseudo parameters. - Add a condition definition – Define conditions in the
Conditionssection using intrinsic functions such asFn::If,Fn::Equals, andFn::Not. These conditions determine when CloudFormation creates the associated resources. The conditions can be based on:- Input or pseudo parameter values
- Other conditions
- Mapping values
- Associate conditions with resources or outputs – Reference conditions in resources or outputs using the
Conditionkey and a condition's logical ID. Optionally, useFn::Ifin other parts of the template (such as property values) to set values based on a condition.
CloudFormation evaluates conditions when creating or updating a stack. CloudFormation creates entities that are associated with a true condition and ignores entities that are associated with a false condition. CloudFormation also re-evaluates these conditions during each stack update before modifying any resources. Entities that remain associated with a true condition are updated, while those that become associated with a false condition are deleted.
Important
During a stack update, you can't update conditions by themselves. You can update conditions only when you include changes that add, modify, or delete resources.
Condition intrinsic functions
You can use the following intrinsic functions to define conditions:
Note
Fn::If is only supported in the metadata attribute, update policy attribute, and property values in the Resources section andOutputs sections of a template.
Examples
Topics
Environment-based resource creation
This following examples provision an EC2 instance, and conditionally create and attach a new EBS volume only if the environment type is prod. If the environment is test, they just create the EC2 instance without the additional volume.
JSON
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"EnvType": {
"Description": "Environment type",
"Default": "test",
"Type": "String",
"AllowedValues": [
"prod",
"test"
],
"ConstraintDescription": "must specify prod or test"
}
},
"Conditions": {
"CreateProdResources": {
"Fn::Equals": [
{
"Ref": "EnvType"
},
"prod"
]
}
},
"Resources": {
"EC2Instance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "ami-1234567890abcdef0"
}
},
"MountPoint": {
"Type": "AWS::EC2::VolumeAttachment",
"Condition": "CreateProdResources",
"Properties": {
"InstanceId": {
"Ref": "EC2Instance"
},
"VolumeId": {
"Ref": "NewVolume"
},
"Device": "/dev/sdh"
}
},
"NewVolume": {
"Type": "AWS::EC2::Volume",
"Condition": "CreateProdResources",
"Properties": {
"Size": 100,
"AvailabilityZone": {
"Fn::GetAtt": [
"EC2Instance",
"AvailabilityZone"
]
}
}
}
}
}YAML
AWSTemplateFormatVersion: 2010-09-09
Parameters:
EnvType:
Description: Environment type
Default: test
Type: String
AllowedValues:
- prod
- test
ConstraintDescription: must specify prod or test
Conditions:
CreateProdResources: !Equals
- !Ref EnvType
- prod
Resources:
EC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-1234567890abcdef0
MountPoint:
Type: AWS::EC2::VolumeAttachment
Condition: CreateProdResources
Properties:
InstanceId: !Ref EC2Instance
VolumeId: !Ref NewVolume
Device: /dev/sdh
NewVolume:
Type: AWS::EC2::Volume
Condition: CreateProdResources
Properties:
Size: 100
AvailabilityZone: !GetAtt
- EC2Instance
- AvailabilityZoneMulti-condition resource provisioning
The following examples conditionally create an S3 bucket if a bucket name is provided, and attach a bucket policy only when the environment is set toprod. If no bucket name is given or the environment istest, no resources are created.
JSON
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"EnvType": {
"Type": "String",
"AllowedValues": [
"prod",
"test"
]
},
"BucketName": {
"Default": "",
"Type": "String"
}
},
"Conditions": {
"IsProduction": {
"Fn::Equals": [
{
"Ref": "EnvType"
},
"prod"
]
},
"CreateBucket": {
"Fn::Not": [
{
"Fn::Equals": [
{
"Ref": "BucketName"
},
""
]
}
]
},
"CreateBucketPolicy": {
"Fn::And": [
{
"Condition": "IsProduction"
},
{
"Condition": "CreateBucket"
}
]
}
},
"Resources": {
"Bucket": {
"Type": "AWS::S3::Bucket",
"Condition": "CreateBucket",
"Properties": {
"BucketName": {
"Ref": "BucketName"
}
}
},
"Policy": {
"Type": "AWS::S3::BucketPolicy",
"Condition": "CreateBucketPolicy",
"Properties": {
"Bucket": {
"Ref": "Bucket"
},
"PolicyDocument": { ... }
}
}
}
}YAML
AWSTemplateFormatVersion: 2010-09-09
Parameters:
EnvType:
Type: String
AllowedValues:
- prod
- test
BucketName:
Default: ''
Type: String
Conditions:
IsProduction: !Equals
- !Ref EnvType
- prod
CreateBucket: !Not
- !Equals
- !Ref BucketName
- ''
CreateBucketPolicy: !And
- !Condition IsProduction
- !Condition CreateBucket
Resources:
Bucket:
Type: AWS::S3::Bucket
Condition: CreateBucket
Properties:
BucketName: !Ref BucketName
Policy:
Type: AWS::S3::BucketPolicy
Condition: CreateBucketPolicy
Properties:
Bucket: !Ref Bucket
PolicyDocument: ...