💾 Archived View for cfdocs.wetterberg.nu › quickref-general.gemini captured on 2021-12-04 at 18:04:22. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
The following examples show different AWS CloudFormation template features that aren't specific to an AWS service.
This example shows the assembly of a UserData property using the Fn::Base64 and Fn::Join functions. The references `MyValue` and `MyName` are parameters that must be defined in the Parameters section of the template. The literal string `Hello World` is just another value this example passes in as part of the `UserData`.
1. "UserData" : {
2. "Fn::Base64" : {
3. "Fn::Join" : [ ",", [
4. { "Ref" : "MyValue" },
5. { "Ref" : "MyName" },
6. "Hello World" ] ]
7. }
8. }
1. UserData: 2. Fn::Base64: !Sub | 3. Ref: MyValue 4. Ref: MyName 5. Hello World
This example shows the assembly of a UserData property using the Fn::Base64 and Fn::Join functions. It includes the `AccessKey` and `SecretKey` information. The references `AccessKey` and `SecretKey` are parameters that must be defined in the Parameters section of the template.
1. "UserData" : {
2. "Fn::Base64" : {
3. "Fn::Join" : [ "", [
4. "ACCESS_KEY=", { "Ref" : "AccessKey" },
5. "SECRET_KEY=", { "Ref" : "SecretKey" } ]
6. ]
7. }
8. }
1. UserData:
2. Fn::Base64: !Sub |
3. ACCESS_KEY=${AccessKey}
4. SECRET_KEY=${SecretKey}
The following example depicts a valid Parameters section declaration in which a single `String` type parameter is declared.
1. "Parameters" : {
2. "UserName" : {
3. "Type" : "String",
4. "Default" : "nonadmin",
5. "Description" : "Assume a vanilla user if no command-line spec provided"
6. }
7. }
1. Parameters: 2. UserName: 3. Type: String 4. Default: nonadmin 5. Description: Assume a vanilla user if no command-line spec provided
The following example depicts a valid Parameters section declaration in which a single `String` type parameter is declared. The AdminUserAccount parameter has a default of admin. The parameter value must have a minimum length of 1, a maximum length of 16, and contains alphabetic characters and numbers but must begin with an alphabetic character.
1. "Parameters" : {
2. "AdminUserAccount": {
3. "Default": "admin",
4. "NoEcho": "true",
5. "Description" : "The admin account user name",
6. "Type": "String",
7. "MinLength": "1",
8. "MaxLength": "16",
9. "AllowedPattern" : "[a-zA-Z][a-zA-Z0-9]*"
10. }
11. }
1. Parameters: 2. AdminUserAccount: 3. Default: admin 4. NoEcho: true 5. Description: The admin account user name 6. Type: String 7. MinLength: 1 8. MaxLength: 16 9. AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
The following example depicts a valid Parameters section declaration in which a single `Number` type parameter is declared. The WebServerPort parameter has a default of 80 and a minimum value 1 and maximum value 65535.
1. "Parameters" : {
2. "WebServerPort": {
3. "Default": "80",
4. "Description" : "TCP/IP port for the web server",
5. "Type": "Number",
6. "MinValue": "1",
7. "MaxValue": "65535"
8. }
9. }
1. Parameters: 2. WebServerPort: 3. Default: 80 4. Description: TCP/IP port for the web server 5. Type: Number 6. MinValue: 1 7. MaxValue: 65535
The following example depicts a valid Parameters section declaration in which a single `Number` type parameter is declared. The WebServerPort parameter has a default of 80 and allows only values of 80 and 8888.
1. "Parameters" : {
2. "WebServerPortLimited": {
3. "Default": "80",
4. "Description" : "TCP/IP port for the web server",
5. "Type": "Number",
6. "AllowedValues" : ["80", "8888"]
7. }
8. }
1. Parameters: 2. WebServerPortLimited: 3. Default: 80 4. Description: TCP/IP port for the web server 5. Type: Number 6. AllowedValues: 7. - 80 8. - 8888
The following example depicts a valid Parameters section declaration in which a single `CommaDelimitedList` type parameter is declared. The NoEcho property is set to `TRUE`, which will mask its value with asterisks (*****) in the `aws cloudformation describe-stacks` output, except for information stored in the locations specified below.
Using the `NoEcho` attribute does not mask any information stored in the following:
The `Metadata` template section. CloudFormation does not transform, modify, or redact any information you include in the `Metadata` section. For more information, see Metadata.
The `Outputs` template section. For more information, see Outputs.
The `Metadata` attribute of a resource definition. For more information, Metadata attribute.
We strongly recommend you do not use these mechanisms to include sensitive information, such as passwords or secrets.
Rather than embedding sensitive information directly in your AWS CloudFormation templates, we recommend you use dynamic parameters in the stack template to reference sensitive information that is stored and managed outside of CloudFormation, such as in the AWS Systems Manager Parameter Store or AWS Secrets Manager.
For more information, see the Do not embed credentials in your templates best practice.
Do not embed credentials in your templates
1. "Parameters" : {
2. "UserRoles" : {
3. "Type" : "CommaDelimitedList",
4. "Default" : "guest,newhire",
5. "NoEcho" : "TRUE"
6. }
7. }
1. Parameters: 2. UserRoles: 3. Type: CommaDelimitedList 4. Default: "guest,newhire" 5. NoEcho: true
The following example shows commands in the EC2 user data that use the pseudo parameters `AWS::StackName` and `AWS::Region`. For more information about pseudo parameters, see Pseudo parameters reference.
1. "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
2. "#!/bin/bash -xe\n",
3. "yum install -y aws-cfn-bootstrap\n",
4.
5. "/opt/aws/bin/cfn-init -v ",
6. " --stack ", { "Ref" : "AWS::StackName" },
7. " --resource LaunchConfig ",
8. " --region ", { "Ref" : "AWS::Region" }, "\n",
9.
10. "/opt/aws/bin/cfn-signal -e $? ",
11. " --stack ", { "Ref" : "AWS::StackName" },
12. " --resource WebServerGroup ",
13. " --region ", { "Ref" : "AWS::Region" }, "\n"
14. ]]}}
15. }
1. UserData:
2. Fn::Base64: !Sub |
3. #!/bin/bash -xe
4. yum update -y aws-cfn-bootstrap
5. /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfig --region ${AWS::Region}
6. /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WebServerGroup --region ${AWS::Region}
The following example depicts a valid Mapping section declaration that contains three mappings. The map, when matched with a mapping key of `Stop`, `SlowDown`, or `Go`, provides the RGB values assigned to the corresponding `RGBColor` attribute.
1. "Mappings" : {
2. "LightColor" : {
3. "Stop" : {
4. "Description" : "red",
5. "RGBColor" : "RED 255 GREEN 0 BLUE 0"
6. },
7. "SlowDown" : {
8. "Description" : "yellow",
9. "RGBColor" : "RED 255 GREEN 255 BLUE 0"
10. },
11. "Go" : {
12. "Description" : "green",
13. "RGBColor" : "RED 0 GREEN 128 BLUE 0"
14. }
15. }
16. }
1. Mappings: 2. LightColor: 3. Stop: 4. Description: red 5. RGBColor: "RED 255 GREEN 0 BLUE 0" 6. SlowDown: 7. Description: yellow 8. RGBColor: "RED 255 GREEN 255 BLUE 0" 9. Go: 10. Description: green 11. RGBColor: "RED 0 GREEN 128 BLUE 0"
The following example depicts a valid Description section declaration where the value is based on a literal string. This snippet can be for templates, parameters, resources, properties, or outputs.
1. "Description" : "Replace this value"
1. Description: "Replace this value"
This example shows a output assignment based on a literal string.
1. "Outputs" : {
2. "MyPhone" : {
3. "Value" : "Please call 555-5555",
4. "Description" : "A random message for aws cloudformation describe-stacks"
5. }
6. }
1. Outputs: 2. MyPhone: 3. Value: Please call 555-5555 4. Description: A random message for aws cloudformation describe-stacks
This example shows an Outputs section with two output assignments. One is based on a resource, and the other is based on a pseudo reference.
1. "Outputs" : {
2. "SNSTopic" : { "Value" : { "Ref" : "MyNotificationTopic" } },
3. "StackName" : { "Value" : { "Ref" : "AWS::StackName" } }
4. }
1. Outputs: 2. SNSTopic: 3. Value: !Ref MyNotificationTopic 4. StackName: 5. Value: !Ref AWS::StackName
This example shows an Outputs section with one output assignment. The Join function is used to concatenate the value, using a percent sign as the delimiter.
1. "Outputs" : {
2. "MyOutput" : {
3. "Value" : { "Fn::Join" :
4. [ "%", [ "A-string", {"Ref" : "AWS::StackName" } ] ]
5. }
6. }
7. }
1. Outputs: 2. MyOutput: 3. Value: !Join [ %, [ 'A-string', !Ref 'AWS::StackName' ]]
The following snippet depicts a valid Template Format Version section declaration.
1. "AWSTemplateFormatVersion" : "2010-09-09"
1. AWSTemplateFormatVersion: '2010-09-09'
This example shows an AWS Tag property. You would specify this property within the Properties section of a resource. When the resource is created, it will be tagged with the tags you declare.
1. "Tags" : [
2. {
3. "Key" : "keyname1",
4. "Value" : "value1"
5. },
6. {
7. "Key" : "keyname2",
8. "Value" : "value2"
9. }
10. ]
1. Tags: 2. - 3. Key: "keyname1" 4. Value: "value1" 5. - 6. Key: "keyname2" 7. Value: "value2"