AWS CloudFormation Resource Types: Difference between revisions
(36 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=External= | |||
* https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html | |||
=Internal= | =Internal= | ||
Line 5: | Line 9: | ||
=AWS::ApiGateway= | =AWS::ApiGateway= | ||
{{Internal|Amazon_API_Gateway_Deployment_with_CloudFormation#Resource_Types|Amazon API Gateway Deployment with CloudFormation}} | |||
{{ | |||
=AWS::CloudFormation= | =AWS::CloudFormation= | ||
Line 49: | Line 49: | ||
Properties: | Properties: | ||
Name: !Ref AWS::StackName | Name: !Ref AWS::StackName | ||
=AWS::DynamoDB= | |||
{{Internal|Amazon DynamoDB Operations#CloudFormation_Support|Amazon DynamoDB Operations}} | |||
=AWS::EC2= | =AWS::EC2= | ||
==AWS::EC2::SecurityGroup== | ==AWS::EC2::SecurityGroup== | ||
{{Internal|AWS_Security_Operations#Create_a_Security_Group_with_CloudFormation|Create a Security Group with CloudFormation}} | |||
==AWS::EC2::VPC== | |||
{{Internal|Amazon_VPC_Operations#Create_a_VPC_with_CloudFormation|Amazon VPC Operations}} | |||
==AWS::EC2::Instance== | |||
{{Internal|Amazon_EC2_Operations#Create_an_EC2_Instance_with_CloudFormation|Create an EC2 Instance with CloudFormation}} | |||
=AWS::ECR= | =AWS::ECR= | ||
==AWS::ECR::Repository== | ==AWS::ECR::Repository== | ||
{{External|[https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html AWS::ECR::Repository]}} | |||
Resources: | Resources: | ||
Line 75: | Line 77: | ||
RepositoryName: some-docker-repository-name | RepositoryName: some-docker-repository-name | ||
=AWS::ECS= | =<span id='#AWS::ECS::TaskDefinition'></span><span id='#AWS::ECS::Service'></span>AWS::ECS= | ||
{{Internal|Amazon ECS Deployment with CloudFormation|Amazon ECS Deployment with CloudFormation}} | |||
=AWS::ElasticLoadBalancingV2= | =AWS::ElasticLoadBalancingV2= | ||
{{Internal|AWS Elastic Load Balancing V2 Deployment with CloudFormation|AWS Elastic Load Balancing V2 Deployment with CloudFormation}} | |||
=AWS::IAM= | =AWS::IAM= | ||
Line 177: | Line 89: | ||
{{External|[https://docs.aws.amazon.com/IAM/latest/APIReference/API_Role.html Role]}} | {{External|[https://docs.aws.amazon.com/IAM/latest/APIReference/API_Role.html Role]}} | ||
The following sequence creates an [[Amazon_AWS_Security_Concepts#IAM_Role|IAM Role]]: | |||
Resources: | Resources: | ||
Line 183: | Line 97: | ||
Properties: | Properties: | ||
RoleName: !Sub '${AWS::StackName}-codebuild-service-role' | RoleName: !Sub '${AWS::StackName}-codebuild-service-role' | ||
Description: A description of the role. | |||
Path: '/service-role/' | Path: '/service-role/' | ||
AssumeRolePolicyDocument: | AssumeRolePolicyDocument: | ||
Line 194: | Line 109: | ||
- "sts:AssumeRole" | - "sts:AssumeRole" | ||
Policies: | Policies: | ||
- PolicyName: ' | - PolicyName: 'aggregated-inline-policy' | ||
PolicyDocument: | PolicyDocument: | ||
Version: '2012-10-17' | Version: '2012-10-17' | ||
Line 204: | Line 119: | ||
- '*' | - '*' | ||
'''Naming'''. If this role is declared by | '''Naming'''. If this role is declared by a "thalarion" stack, then, after successful creation, the role's physical ID will be "thalarion-CodeBuildServiceRole-A479B6WNRHSSG". A custom name can be forced with the "RoleName", as shown above. | ||
=AWS::Kinesis= | |||
{{Internal|Amazon Kinesis Operations#CloudFormation_Support|Amazon Kinesis Operations}} | |||
=AWS::KMS= | |||
{{Internal|Amazon KMS Operations#CloudFormation|Amazon KMS Operations}} | |||
=AWS::Lambda= | |||
{{Internal|AWS Lambda Create a Lambda Function with CloudFromation|AWS Lambda Create a Lambda Function with CloudFromation}} | |||
=AWS::Logs= | =AWS::Logs= | ||
==AWS::Logs::LogGroup== | ==AWS::Logs::LogGroup== | ||
{{Internal|Amazon CloudWatch Operations|CloudWatch Operations}} | |||
=<span id='AWS::S3::Bucket'></span>AWS::S3= | |||
{{Internal|Amazon_S3_Operations#Create_an_S3_Bucket_With_CloudFormation|S3 Operations}} | |||
=AWS::Serverless= | |||
=AWS::ServiceDiscovery= | =AWS::ServiceDiscovery= | ||
==AWS::ServiceDiscovery::Service== | ==AWS::ServiceDiscovery::Service== |
Latest revision as of 21:10, 27 April 2019
External
Internal
AWS::ApiGateway
AWS::CloudFormation
AWS::CloudFormation::Stack
AWS::CloudFormation::Stack enables nesting another stack as a resource within a template.
AWS::CodeBuild
AWS::CodeBuild::Project
Note that if the "Name" property is used, the physical ID of the created CodeBuild project will use that value, otherwise the name will be generated with the pattern CodeBuildProjectLogicalID-apCFy5I1KyH8. Recommended name:
Resources: CodeBuildProject: Type: AWS::CodeBuild::Project Properties: Name: !Ref AWS::StackName
For an example of a CodeBuild build project that integrates with a CodePipeline see:
AWS::CodePipeline
AWS::CodePipeline::Pipeline
Creates a CodePipeline pipeline. Other pipeline examples:
Note that if the "Name" property is used, the physical ID of the created pipeline will use that value, otherwise the name will be generated with the pattern stack-name-Pipeline-24RCYXM52UE6A. Recommended name:
Resources: Pipeline: Type: AWS::CodePipeline::Pipeline Properties: Name: !Ref AWS::StackName
AWS::DynamoDB
AWS::EC2
AWS::EC2::SecurityGroup
AWS::EC2::VPC
AWS::EC2::Instance
AWS::ECR
AWS::ECR::Repository
Resources: Repository: Type: AWS::ECR::Repository Properties: RepositoryName: some-docker-repository-name
AWS::ECS
AWS::ElasticLoadBalancingV2
AWS::IAM
AWS::IAM::Role
The following sequence creates an IAM Role:
Resources: CodeBuildServiceRole: Type: AWS::IAM::Role Properties: RoleName: !Sub '${AWS::StackName}-codebuild-service-role' Description: A description of the role. Path: '/service-role/' AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: 'Allow' Principal: Service: - "codebuild.amazonaws.com" Action: - "sts:AssumeRole" Policies: - PolicyName: 'aggregated-inline-policy' PolicyDocument: Version: '2012-10-17' Statement: - Effect: 'Allow' Action: - 's3:ListBucket' Resource: - '*'
Naming. If this role is declared by a "thalarion" stack, then, after successful creation, the role's physical ID will be "thalarion-CodeBuildServiceRole-A479B6WNRHSSG". A custom name can be forced with the "RoleName", as shown above.