AWS CloudFormation
AWS CloudFormation Cheatsheet
Jinchao lin
{
"AWSTemplateFormatVersion" : "version date",
"Description" : "JSON string",
"Metadata" : {
template metadata
},
"Parameters" : {
set of parameters
},
"Mappings" : {
set of mappings
},
"Conditions" : {
set of conditions
},
"Resources" : {
set of resources // required
},
"Outputs" : {
set of outputs
}
}
Resource
Basic structure:
"Resources" : {
"Logical ID" : {
"Type" : "Resource type", # AWS::aws-product-name::data-type-name
"Properties" : {
Set of properties
}
}
}
Resource properties are additional options that you can specify for a resource. For example, for each Amazon EC2 instance, you must specify an AMI ID for that instance. You declare the AMI ID as a property of the instance, as shown in the following snippet:
"Resources" : {
"MyInstance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"UserData" : {
"Fn::Base64" : {
"Fn::Join" : [ "", [ "Queue=", { "Ref" : "MyQueue" } ] ]
} },
"AvailabilityZone" : "us-east-1a",
"ImageId" : "ami-20b65349"
}
},
"MyQueue" : {
"Type" : "AWS::SQS::Queue",
"Properties" : {
}
}
}
Depending on the resource type, some properties are required, such as the ImageId property for an AWS::EC2::Instance resource, and others are optional. If a resource does not require any properties to be declared, omit the properties section of that resource.
Metadata
You can use the optional Metadata section to include arbitrary JSON objects that provide details about the template. For example, you can include template implementation details about specific resources, as shown in the following snippet:
"Metadata" : {
"Instances" : {"Description" : "Information about the instances"},
"Databases" : {"Description" : "Information about the databases"}
}
Parameter
General Syntax:
"Parameters" : {
"ParameterLogicalID" : {
"Type" : "DataType",
"ParameterProperty" : "value"
}
}
General parameter:
"Parameters" : {
"InstanceTypeParameter" : {
"Type" : "String",
"Default" : "t1.micro",
"AllowedValues" : ["t1.micro", "m1.small", "m1.large"],
"Description" : "Enter t1.micro, m1.small, or m1.large. Default is t1.micro."
},
"DBPort" : {
"Default" : "3306",
"Description" : "TCP/IP port for the database",
"Type" : "Number",
"MinValue" : "1150",
"MaxValue" : "65535"
},
"DBPwd" : {
"NoEcho" : "true",
"Description" : "The database admin account password",
"Type" : "String",
"MinLength" : "1",
"MaxLength" : "41",
"AllowedPattern" : "[a-zA-Z0-9]*"
}
}
AWS specific parameter:
"Parameters" : {
"myKeyPair" : {
"Description" : "Amazon EC2 Key Pair",
"Type" : "AWS::EC2::KeyPair::KeyName"
},
"mySubnetIDs" : {
"Description" : "Subnet IDs",
"Type" : "List<AWS::EC2::Subnet::Id>"
}
}
Mapping
The optional Mappings section matches a key to a corresponding set of named values. For example, if you want to set values based on a region, you can create a mapping that uses the region name as a key and contains the values you want to specify for each specific region. You use the Fn::FindInMap intrinsic function to retrieve values in a map.
You can use an input parameter with the Fn::FindInMap function to refer to a specific value in a map. For example, suppose you have a list of regions and environment types that map to a specific AMI ID. You can select the AMI ID that your stack uses by using an input parameter (EnvironmentType). To determine the region, use the AWS::Region pseudo parameter, which gets the AWS region in which you create the stack.
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Mappings" : {
"RegionMap" : {
"us-east-1" : { "32" : "ami-6411e20d", "64" : "ami-7a11e213" },
"us-west-1" : { "32" : "ami-c9c7978c", "64" : "ami-cfc7978a" },
"eu-west-1" : { "32" : "ami-37c2f643", "64" : "ami-31c2f645" },
"ap-southeast-1" : { "32" : "ami-66f28c34", "64" : "ami-60f28c32" },
"ap-northeast-1" : { "32" : "ami-9c03a89d", "64" : "ami-a003a8a1" }
}
},
"Resources" : {
"myEC2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "32"]},
"InstanceType" : "m1.small"
}
}
}
}
Intrinsic Function:
Fn::FindInMap
The intrinsic function Fn::FindInMap returns the value corresponding to keys in a two-level map that is declared in the Mappings section.
Declaration
"Fn::FindInMap" : [ "MapName", "TopLevelKey", "SecondLevelKey"]
Fn::Ref:
The intrinsic function Ref returns the value of the specified parameter or resource.
When you specify a parameter's logical name, it returns the value of the parameter.
When you specify a resource's logical name, it returns a value that you can typically use to refer to that resource, such as a physical ID.
Fn::GetAtt
The intrinsic function Fn::GetAtt returns the value of an attribute from a resource in the template.
Declaration
"Fn::GetAtt" : [ "logicalNameOfResource", "attributeName" ]
Fn::Join
The intrinsic function Fn::Join appends a set of values into a single value, separated by the specified delimiter. If a delimiter is the empty string, the set of values are concatenated with no delimiter.
Declaration
"Fn::Join" : [ "delimiter", [ comma-delimited list of values ] ]
Condition Functions
Associating a Condition
To conditionally create resources, resource properties, or outputs, you must associate a condition with them. Add the Condition: key and the logical ID of the condition
"NewVolume" : {
"Type" : "AWS::EC2::Volume",
"Condition" : "CreateProdResources",
"Properties" : {
"Size" : "100",
"AvailabilityZone" : { "Fn::GetAtt" : [ "EC2Instance", "AvailabilityZone" ]}
}
CloudFormation Resource Accepted Parameter Type
CloudFormation parameter type
To set parameter types in your template, add a Type element to your parameter:
"Parameters" : { "NameOfTheParameter" : { "Type" : "<Type Name>" }}
CloudFormation currently supports the following parameter types:
String – A literal string
Number – An integer or float
List<Number> – An array of integers or floats
CommaDelimitedList – An array of literal strings that are separated by commas
AWS::EC2::KeyPair::KeyName – An Amazon EC2 key pair name
AWS::EC2::SecurityGroup::Id – A security group ID
AWS::EC2::Subnet::Id – A subnet ID
AWS::EC2::VPC::Id – A VPC ID
List<AWS::EC2::VPC::Id> – An array of VPC IDs
List<AWS::EC2::SecurityGroup::Id> – An array of security group IDs
List<AWS::EC2::Subnet::Id> – An array of subnet IDs
