💾 Archived View for cfdocs.wetterberg.nu › registry.gemini captured on 2024-03-21 at 15:25:37. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-12-03)

-=-=-=-=-=-=-

Using the AWS CloudFormation registry

Search

The CloudFormation registry lists the extensions, both private and public (AWS), that are available for use in your CloudFormation account. An extension is an artifact, registered in the CloudFormation Registry, which augments the functionality of CloudFormation in a native manner. Extensions can be written by Amazon, APN partners, Marketplace sellers, and the developer community. Extensions include CloudFormation items such as resource types and modules.

Private and public extensions

CloudFormation CLI

CloudFormation Command Line Interface User Guide

Using private *resource* types, a specific kind of extension, in your CloudFormation stacks incurs charges to your account. This is because private resource types implement custom logic that runs during resource create, read, update, list, and delete operations. This is in addition to any charges incurred for the resources created. For more information, see AWS CloudFormation pricing.

AWS CloudFormation pricing

Registering extensions in CloudFormation

To use private extensions--either ones you develop yourself, or types shared with you--you must first register them with CloudFormation, in the accounts and regions in which you want to use them. Once you're registered an extension, it will appear in the CloudFormation registry for that account and region, and you can use it in your stack templates.

You can register an extension using the register\-type command of the AWS CLI, or using the `[submit](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-cli-submit.html)` command of the CloudFormation CLI. To register an extension using the CloudFormation CLI, see Registering extensions in the *CloudFormation CLI User Guide*.

register-type

Registering extensions

IAM permissions for registering a resource type

As part of registering a resource type, you specify an S3 bucket which contains the schema handler package. This package contains the schema, event handlers, and associated files for the resource type you want to register. The user registering the resource type must be able to access the the schema handler package in that S3 bucket. That is, the user needs to have GetObject permissions for the schema handler package.

GetObject

This is true whether you're either using the register\-type command of the AWS CLI, or the `[submit](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-cli-submit.html)` command of the CloudFormation CLI.

register-type

For more information, see Actions, Resources, and Condition Keys for Amazon S3 in the *AWS Identity and Access Management User Guide*.

Actions, Resources, and Condition Keys for Amazon S3

register-type

Specifying which version of an extension to use

Over time, you may register multiple versions of the same extension. You can specify which version of the extension you want to use for CloudFormation operations.

Viewing registered extensions in CloudFormation

Once you've registered an extension in an account, you can view the details of that extension in the CloudFormation console. Private extensions are displayed in the *Private* section of the CloudFormation registry.

AWS CloudFormation console

Record resource types in AWS Config

You can specify that AWS Config automatically track your private resource types and record changes to those resources as *configuration items*. This enables you to view configuration history for these private resource types, as well as write Config rules to verify configuration best practices.

To have AWS Config automatically track your private resource types:

PutResourceConfig

DeleteResourceConfig

Record configurations for third-party resources

DescribeType

For more information on configuration items, see Configuration items in the *AWS Config Developer Guide*.

Configuration items

Preventing sensitive properties being recorded in a configuration item

Your resource type may contain properties that you consider sensitive information, such as passwords, secrets, or other sensitive data, that you don't want recorded as part of the configuration item. To prevent a property from being recorded in the configuration item, you can include that property in the `writeOnlyproperties` list in your resource type schema. Resource properties listed as `writeOnlyproperties` can be specified by the user, but will not be returned by a `read` or `list` request.

For more information, see Resource Provider Schema in the *CloudFormation Command Line Interface User Guide*.

Resource Provider Schema