AWS CloudFormation Resource Types

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

Internal

AWS::ApiGateway

AWS::ApiGateway::RestApi

AWS::ApiGateway::RestApi

AWS::ApiGateway::Deployment

AWS::ApiGateway::Stage

AWS::CloudFormation

AWS::CloudFormation::Stack

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stack.html

AWS::CloudFormation::Stack enables nesting another stack as a resource within a template.

AWS::CodeBuild

AWS::CodeBuild::Project

Note that if the "Name" property is used, the physical ID of the created CodeBuild project will use that value, otherwise the name will be generated with the pattern CodeBuildProjectLogicalID-apCFy5I1KyH8. Recommended name:

Resources:
  CodeBuildProject:
    Type: AWS::CodeBuild::Project
    Properties:
      Name: !Sub '${AWS::StackName}-build-project'

For an example of a CodeBuild build project that integrates with a CodePipeline see:

CodePipeline-Driven CodeBuild Builds

AWS::CodePipeline

AWS::CodePipeline::Pipeline

Pipeline Structure

Creates a CodePipeline pipeline. Other pipeline examples:

Pipeline that Delegates the Build to the CodeBuild Build Project

AWS::EC2

AWS::EC2::SecurityGroup

Resources:
  ServiceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: '...'
      VpcId:
        Fn::ImportValue: !Join [':', [!Ref 'DeploymentStackName', 'VPCId']]
      GroupName: !Sub ${ECRRepository}-sg
      SecurityGroupIngress:
        - IpProtocol: -1
          CidrIp: 10.0.0.0/8

AWS::ECR

AWS::ECR::Repository

Resources:
  Repository:
    Type: AWS::ECR::Repository
    Properties:
      RepositoryName: some-docker-repository-name

AWS::ECS

AWS::ECS::TaskDefinition

Resources:
  TaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      Family: 'some-family'
      RequiresCompatibilities: ["FARGATE"]
      NetworkMode: "awsvpc"
      Cpu: '2048'
      Memory: '4096'
      TaskRoleArn: !GetAtt TaskRole.Arn
      ExecutionRoleArn: !GetAtt TaskExecutionRole.Arn
      ContainerDefinitions:
      - Name: 'some-name'
        Cpu: '2048'
        Memory: '4096'
        Essential: 'true'
        Environment:
        - Name: SPRING_PROFILES_ACTIVE
          Value: 'something'
        Image: !Sub ${Image}:${Tag}
        PortMappings:
        - HostPort: 10002
          ContainerPort: 10002
        LogConfiguration:
          LogDriver: "awslogs"
          Options:
            awslogs-group: 'some-group'
            awslogs-region: !Sub ${AWS::Region}
            awslogs-stream-prefix: 'some-prefix'

AWS::ECS::Service

Resources:
  ServiceDefinition:
    Type: AWS::ECS::Service
    DependsOn: LoadBalancerListener
    Properties:
      ServiceName: themyscira
      LaunchType: FARGATE
      Cluster: 'some-cluster'
      TaskDefinition: !Ref TaskDefinition
      DesiredCount: 1
      HealthCheckGracePeriodSeconds: 60
      NetworkConfiguration:
        AwsvpcConfiguration:
          AssignPublicIp: DISABLED
          SecurityGroups:
          - !Ref ServiceSecurityGroup
          Subnets:
            - 'blue-subnet'
            - 'green-subnet'
      ServiceRegistries:
      - RegistryArn: !GetAtt ServiceDiscovery.Arn
      LoadBalancers:
      - ContainerName: 'some-name'
        ContainerPort: 10002
        TargetGroupArn: !Ref TargetGroup

AWS::ElasticLoadBalancingV2

AWS::ElasticLoadBalancingV2::TargetGroup

Resources:
 TargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      HealthCheckIntervalSeconds: 60
      HealthCheckPath: '/myservice/actuator/health'
      HealthCheckProtocol: HTTP
      HealthCheckTimeoutSeconds: 5
      HealthyThresholdCount: 2
      TargetType: ip
      Name: myservice
      Port: 8086
      Protocol: HTTP
      UnhealthyThresholdCount: 10
      VpcId: !Ref MyVpcId

AWS::ElasticLoadBalancingV2::Listener

Resources:
  LoadBalancerListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    DependsOn:
      - TargetGroup
    Properties:
      DefaultActions:
        - TargetGroupArn: !Ref 'TargetGroup'
          Type: 'forward'
      LoadBalancerArn:
        Fn::ImportValue: !Join [':', [!Ref 'DeploymentStackName', 'ServiceALB']]
      Port: 10002
      Protocol: HTTP

AWS::IAM

AWS::IAM::Role

Resources:
  CodeBuildServiceRole:
    Type: AWS::IAM::Role
    Properties:
      ...

If this role is declared by an "example" stack, then, after successful creation, its ARN will be arn:aws:iam::AccountID:role/service-role/example-CodeBuildServiceRole-1V7H0HL94BUX6

AWS::Logs

AWS::Logs::LogGroup

Resources:
  ServiceLogGroup:
    Type: "AWS::Logs::LogGroup"
    Properties:
      LogGroupName: some-name
      RetentionInDays: 7

AWS::S3

AWS::S3::Bucket

Resources:
  BuildBucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: BucketOwnerFullControl

AWS::ServiceDiscovery

AWS::ServiceDiscovery::Service