AWS CloudFormation Resource Types
Internal
AWS::ApiGateway
AWS::ApiGateway::RestApi
AWS::ApiGateway::Deployment
AWS::ApiGateway::Stage
AWS::CloudFormation
AWS::CloudFormation::Stack
AWS::CloudFormation::Stack enables nesting another stack as a resource within a template.
AWS::CodeBuild
AWS::CodeBuild::Project
Note that if the "Name" property is used, the physical ID of the created CodeBuild project will use that value, otherwise the name will be generated with the pattern CodeBuildProjectLogicalID-apCFy5I1KyH8. Recommended name:
Resources: CodeBuildProject: Type: AWS::CodeBuild::Project Properties: Name: !Sub '${AWS::StackName}-build-project'
For an example of a CodeBuild build project that integrates with a CodePipeline see:
AWS::CodePipeline
AWS::CodePipeline::Pipeline
Creates a CodePipeline pipeline. Other pipeline examples:
Note that if the "Name" property is used, the physical ID of the created pipeline will use that value, otherwise the name will be generated with the pattern stack-name-Pipeline-24RCYXM52UE6A. Recommended name:
Resources: Pipeline: Type: AWS::CodePipeline::Pipeline Properties: Name: !Sub '${AWS::StackName}-pipeline'
AWS::EC2
AWS::EC2::SecurityGroup
Resources: ServiceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: '...' VpcId: Fn::ImportValue: !Join [':', [!Ref 'DeploymentStackName', 'VPCId']] GroupName: !Sub ${ECRRepository}-sg SecurityGroupIngress: - IpProtocol: -1 CidrIp: 10.0.0.0/8
AWS::ECR
AWS::ECR::Repository
Resources: Repository: Type: AWS::ECR::Repository Properties: RepositoryName: some-docker-repository-name
AWS::ECS
AWS::ECS::TaskDefinition
Resources: TaskDefinition: Type: AWS::ECS::TaskDefinition Properties: Family: 'some-family' RequiresCompatibilities: ["FARGATE"] NetworkMode: "awsvpc" Cpu: '2048' Memory: '4096' TaskRoleArn: !GetAtt TaskRole.Arn ExecutionRoleArn: !GetAtt TaskExecutionRole.Arn ContainerDefinitions: - Name: 'some-name' Cpu: '2048' Memory: '4096' Essential: 'true' Environment: - Name: SPRING_PROFILES_ACTIVE Value: 'something' Image: !Sub ${Image}:${Tag} PortMappings: - HostPort: 10002 ContainerPort: 10002 LogConfiguration: LogDriver: "awslogs" Options: awslogs-group: 'some-group' awslogs-region: !Sub ${AWS::Region} awslogs-stream-prefix: 'some-prefix'
AWS::ECS::Service
Resources: ServiceDefinition: Type: AWS::ECS::Service DependsOn: LoadBalancerListener Properties: ServiceName: themyscira LaunchType: FARGATE Cluster: 'some-cluster' TaskDefinition: !Ref TaskDefinition DesiredCount: 1 HealthCheckGracePeriodSeconds: 60 NetworkConfiguration: AwsvpcConfiguration: AssignPublicIp: DISABLED SecurityGroups: - !Ref ServiceSecurityGroup Subnets: - 'blue-subnet' - 'green-subnet' ServiceRegistries: - RegistryArn: !GetAtt ServiceDiscovery.Arn LoadBalancers: - ContainerName: 'some-name' ContainerPort: 10002 TargetGroupArn: !Ref TargetGroup
AWS::ElasticLoadBalancingV2
AWS::ElasticLoadBalancingV2::TargetGroup
Resources: TargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: HealthCheckIntervalSeconds: 60 HealthCheckPath: '/myservice/actuator/health' HealthCheckProtocol: HTTP HealthCheckTimeoutSeconds: 5 HealthyThresholdCount: 2 TargetType: ip Name: myservice Port: 8086 Protocol: HTTP UnhealthyThresholdCount: 10 VpcId: !Ref MyVpcId
AWS::ElasticLoadBalancingV2::Listener
Resources: LoadBalancerListener: Type: AWS::ElasticLoadBalancingV2::Listener DependsOn: - TargetGroup Properties: DefaultActions: - TargetGroupArn: !Ref 'TargetGroup' Type: 'forward' LoadBalancerArn: Fn::ImportValue: !Join [':', [!Ref 'DeploymentStackName', 'ServiceALB']] Port: 10002 Protocol: HTTP
AWS::IAM
AWS::IAM::Role
Resources: CodeBuildServiceRole: Type: AWS::IAM::Role Properties: ...
If this role is declared by an "example" stack, then, after successful creation, its ARN will be arn:aws:iam::AccountID:role/service-role/example-CodeBuildServiceRole-1V7H0HL94BUX6
AWS::Logs
AWS::Logs::LogGroup
Resources: ServiceLogGroup: Type: "AWS::Logs::LogGroup" Properties: LogGroupName: some-name RetentionInDays: 7
AWS::S3
AWS::S3::Bucket
Resources: BuildBucket: Type: AWS::S3::Bucket Properties: AccessControl: BucketOwnerFullControl