AWS CloudFormation Resource Types: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
 
(46 intermediate revisions by the same user not shown)
Line 1: Line 1:
=External=
* https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
=Internal=
=Internal=


Line 5: Line 9:
=AWS::ApiGateway=
=AWS::ApiGateway=


==AWS::ApiGateway::RestApi==
{{Internal|Amazon_API_Gateway_Deployment_with_CloudFormation#Resource_Types|Amazon API Gateway Deployment with CloudFormation}}
 
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html AWS::ApiGateway::RestApi]}}
==AWS::ApiGateway::Deployment==
==AWS::ApiGateway::Stage==


=AWS::CloudFormation=
=AWS::CloudFormation=
Line 29: Line 29:
     Type: AWS::CodeBuild::Project
     Type: AWS::CodeBuild::Project
     Properties:
     Properties:
       Name: !Sub '${AWS::StackName}-build-project'
       Name: !Ref AWS::StackName


For an example of a CodeBuild build project that integrates with a CodePipeline see: {{Internal|AWS_CodePipeline-Driven_CodeBuild_Builds#Create_the_CodeBuild_Build_Project|CodePipeline-Driven CodeBuild Builds}}
For an example of a CodeBuild build project that integrates with a CodePipeline see: {{Internal|AWS_CodePipeline-Driven_CodeBuild_Builds#Create_the_CodeBuild_Build_Project|CodePipeline-Driven CodeBuild Builds}}
Line 48: Line 48:
     Type: AWS::CodePipeline::Pipeline
     Type: AWS::CodePipeline::Pipeline
     Properties:
     Properties:
       Name: !Sub '${AWS::StackName}-pipeline'
       Name: !Ref AWS::StackName
 
=AWS::DynamoDB=
 
{{Internal|Amazon DynamoDB Operations#CloudFormation_Support|Amazon DynamoDB Operations}}


=AWS::EC2=
=AWS::EC2=
==AWS::EC2::SecurityGroup==
==AWS::EC2::SecurityGroup==
{{Internal|AWS_Security_Operations#Create_a_Security_Group_with_CloudFormation|Create a Security Group with CloudFormation}}


Resources:
==AWS::EC2::VPC==
  ServiceSecurityGroup:
{{Internal|Amazon_VPC_Operations#Create_a_VPC_with_CloudFormation|Amazon VPC Operations}}
    Type: AWS::EC2::SecurityGroup
 
    Properties:
==AWS::EC2::Instance==
      GroupDescription: '...'
 
      VpcId:
{{Internal|Amazon_EC2_Operations#Create_an_EC2_Instance_with_CloudFormation|Create an EC2 Instance with CloudFormation}}
        Fn::ImportValue: !Join [':', [!Ref 'DeploymentStackName', 'VPCId']]
      GroupName: !Sub ${ECRRepository}-sg
      SecurityGroupIngress:
        - IpProtocol: -1
          CidrIp: 10.0.0.0/8


=AWS::ECR=
=AWS::ECR=


==AWS::ECR::Repository==
==AWS::ECR::Repository==
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html AWS::ECR::Repository]}}


  Resources:
  Resources:
Line 75: Line 77:
       RepositoryName: some-docker-repository-name
       RepositoryName: some-docker-repository-name


=AWS::ECS=
=<span id='#AWS::ECS::TaskDefinition'></span><span id='#AWS::ECS::Service'></span>AWS::ECS=
==AWS::ECS::TaskDefinition==
 
{{Internal|Amazon ECS Deployment with CloudFormation|Amazon ECS Deployment with CloudFormation}}


Resources:
=AWS::ElasticLoadBalancingV2=
  TaskDefinition:
{{Internal|AWS Elastic Load Balancing V2 Deployment with CloudFormation|AWS Elastic Load Balancing V2 Deployment with CloudFormation}}
    Type: AWS::ECS::TaskDefinition
    Properties:
      Family: 'some-family'
      RequiresCompatibilities: ["FARGATE"]
      NetworkMode: "awsvpc"
      Cpu: '2048'
      Memory: '4096'
      TaskRoleArn: !GetAtt TaskRole.Arn
      ExecutionRoleArn: !GetAtt TaskExecutionRole.Arn
      ContainerDefinitions:
      - Name: 'some-name'
        Cpu: '2048'
        Memory: '4096'
        Essential: 'true'
        Environment:
        - Name: SPRING_PROFILES_ACTIVE
          Value: 'something'
        Image: !Sub ${Image}:${Tag}
        PortMappings:
        - HostPort: 10002
          ContainerPort: 10002
        LogConfiguration:
          LogDriver: "awslogs"
          Options:
            awslogs-group: 'some-group'
            awslogs-region: !Sub ${AWS::Region}
            awslogs-stream-prefix: 'some-prefix'


==AWS::ECS::Service==
=AWS::IAM=


Resources:
==AWS::IAM::Role==
  ServiceDefinition:
    Type: AWS::ECS::Service
    DependsOn: LoadBalancerListener
    Properties:
      ServiceName: themyscira
      LaunchType: FARGATE
      Cluster: 'some-cluster'
      TaskDefinition: !Ref TaskDefinition
      DesiredCount: 1
      HealthCheckGracePeriodSeconds: 60
      NetworkConfiguration:
        AwsvpcConfiguration:
          AssignPublicIp: DISABLED
          SecurityGroups:
          - !Ref ServiceSecurityGroup
          Subnets:
            - 'blue-subnet'
            - 'green-subnet'
      ServiceRegistries:
      - RegistryArn: !GetAtt ServiceDiscovery.Arn
      LoadBalancers:
      - ContainerName: 'some-name'
        ContainerPort: 10002
        TargetGroupArn: !Ref TargetGroup


=AWS::ElasticLoadBalancingV2=
{{External|[https://docs.aws.amazon.com/IAM/latest/APIReference/API_Role.html Role]}}


==AWS::ElasticLoadBalancingV2::TargetGroup==
The following sequence creates an [[Amazon_AWS_Security_Concepts#IAM_Role|IAM Role]]:


  Resources:
  Resources:
  TargetGroup:
  CodeBuildServiceRole:
     Type: AWS::ElasticLoadBalancingV2::TargetGroup
     Type: AWS::IAM::Role
     Properties:
     Properties:
       HealthCheckIntervalSeconds: 60
       RoleName: !Sub '${AWS::StackName}-codebuild-service-role'
       HealthCheckPath: '/myservice/actuator/health'
       Description: A description of the role.
       HealthCheckProtocol: HTTP
      Path: '/service-role/'
      HealthCheckTimeoutSeconds: 5
       AssumeRolePolicyDocument:
      HealthyThresholdCount: 2
        Version: '2012-10-17'
      TargetType: ip
        Statement:
       Name: myservice
          - Effect: 'Allow'
      Port: 8086
            Principal:
      Protocol: HTTP
              Service:
      UnhealthyThresholdCount: 10
                - "codebuild.amazonaws.com"
      VpcId: !Ref MyVpcId
            Action:
              - "sts:AssumeRole"
       Policies:
        - PolicyName: 'aggregated-inline-policy'
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: 'Allow'
                Action:
                  - 's3:ListBucket'
                Resource:
                  - '*'


==AWS::ElasticLoadBalancingV2::Listener==
'''Naming'''. If this role is declared by a "thalarion" stack, then, after successful creation, the role's physical ID will be "thalarion-CodeBuildServiceRole-A479B6WNRHSSG". A custom name can be forced with the "RoleName", as shown above.


Resources:
=AWS::Kinesis=
  LoadBalancerListener:
{{Internal|Amazon Kinesis Operations#CloudFormation_Support|Amazon Kinesis Operations}}
    Type: AWS::ElasticLoadBalancingV2::Listener
    DependsOn:
      - TargetGroup
    Properties:
      DefaultActions:
        - TargetGroupArn: !Ref 'TargetGroup'
          Type: 'forward'
      LoadBalancerArn:
        Fn::ImportValue: !Join [':', [!Ref 'DeploymentStackName', 'ServiceALB']]
      Port: 10002
      Protocol: HTTP


=AWS::IAM=
=AWS::KMS=
{{Internal|Amazon KMS Operations#CloudFormation|Amazon KMS Operations}}


==AWS::IAM::Role==
=AWS::Lambda=


Resources:
{{Internal|AWS Lambda Create a Lambda Function with CloudFromation|AWS Lambda Create a Lambda Function with CloudFromation}}
  CodeBuildServiceRole:
    Type: AWS::IAM::Role
    Properties:
      ...
 
If this role is declared by an "example" stack, then, after successful creation, its ARN will be arn:aws:iam::''AccountID'':role/service-role/example-CodeBuildServiceRole-1V7H0HL94BUX6


=AWS::Logs=
=AWS::Logs=
==AWS::Logs::LogGroup==
==AWS::Logs::LogGroup==


Resources:
{{Internal|Amazon CloudWatch Operations|CloudWatch Operations}}
  ServiceLogGroup:
    Type: "AWS::Logs::LogGroup"
    Properties:
      LogGroupName: some-name
      RetentionInDays: 7


=AWS::S3=
=<span id='AWS::S3::Bucket'></span>AWS::S3=


==AWS::S3::Bucket==
{{Internal|Amazon_S3_Operations#Create_an_S3_Bucket_With_CloudFormation|S3 Operations}}


Resources:
=AWS::Serverless=
  BuildBucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: BucketOwnerFullControl


=AWS::ServiceDiscovery=
=AWS::ServiceDiscovery=
==AWS::ServiceDiscovery::Service==
==AWS::ServiceDiscovery::Service==

Latest revision as of 21:10, 27 April 2019

External

Internal

AWS::ApiGateway

Amazon API Gateway Deployment with CloudFormation

AWS::CloudFormation

AWS::CloudFormation::Stack

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stack.html

AWS::CloudFormation::Stack enables nesting another stack as a resource within a template.

AWS::CodeBuild

AWS::CodeBuild::Project

Note that if the "Name" property is used, the physical ID of the created CodeBuild project will use that value, otherwise the name will be generated with the pattern CodeBuildProjectLogicalID-apCFy5I1KyH8. Recommended name: 

Resources:
  CodeBuildProject:
    Type: AWS::CodeBuild::Project
    Properties:
      Name: !Ref AWS::StackName

For an example of a CodeBuild build project that integrates with a CodePipeline see:

CodePipeline-Driven CodeBuild Builds

AWS::CodePipeline

AWS::CodePipeline::Pipeline

Pipeline Structure

Creates a CodePipeline pipeline. Other pipeline examples:

Pipeline that Delegates the Build to the CodeBuild Build Project

Note that if the "Name" property is used, the physical ID of the created pipeline will use that value, otherwise the name will be generated with the pattern stack-name-Pipeline-24RCYXM52UE6A. Recommended name: 

Resources:
  Pipeline:
    Type: AWS::CodePipeline::Pipeline
    Properties:
      Name: !Ref AWS::StackName

AWS::DynamoDB

Amazon DynamoDB Operations

AWS::EC2

AWS::EC2::SecurityGroup

Create a Security Group with CloudFormation

AWS::EC2::VPC

Amazon VPC Operations

AWS::EC2::Instance

Create an EC2 Instance with CloudFormation

AWS::ECR

AWS::ECR::Repository

AWS::ECR::Repository
Resources:
  Repository:
    Type: AWS::ECR::Repository
    Properties:
      RepositoryName: some-docker-repository-name

AWS::ECS

Amazon ECS Deployment with CloudFormation

AWS::ElasticLoadBalancingV2

AWS Elastic Load Balancing V2 Deployment with CloudFormation

AWS::IAM

AWS::IAM::Role

Role

The following sequence creates an IAM Role: 

Resources:
  CodeBuildServiceRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub '${AWS::StackName}-codebuild-service-role'
      Description: A description of the role.
      Path: '/service-role/'
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: 'Allow'
            Principal:
              Service:
                - "codebuild.amazonaws.com"
            Action:
              - "sts:AssumeRole"
      Policies:
        - PolicyName: 'aggregated-inline-policy'
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: 'Allow'
                Action:
                  - 's3:ListBucket'
                Resource:
                  - '*'

Naming. If this role is declared by a "thalarion" stack, then, after successful creation, the role's physical ID will be "thalarion-CodeBuildServiceRole-A479B6WNRHSSG". A custom name can be forced with the "RoleName", as shown above.

AWS::Kinesis

Amazon Kinesis Operations

AWS::KMS

Amazon KMS Operations

AWS::Lambda

AWS Lambda Create a Lambda Function with CloudFromation

AWS::Logs

AWS::Logs::LogGroup

CloudWatch Operations

AWS::S3

S3 Operations

AWS::Serverless

AWS::ServiceDiscovery

AWS::ServiceDiscovery::Service

Retrieved from "https://kb.novaordis.com/index.php?title=AWS_CloudFormation_Resource_Types&oldid=58418"