[AWS] Cloudformation Study

AWS內部函數參考
以下皆採用YAML的格式

Ref

cloudformation 自己的函數, 用來回傳指定的”Parameters”或”Resources”的值

縮寫

    !Ref 自定義邏輯名稱

更多詳細資料
ex:

Parameters:
  KeyName:
    Description: The EC2 Key Pair to allow SSH access to the instance
    Type: 'AWS::EC2::KeyPair::KeyName'
Resources:
  Ec2Instance:
    Type: 'AWS::EC2::Instance'
    Properties:
      SecurityGroups:
        - !Ref InstanceSecurityGroup
        - MyExistingSecurityGroup
      KeyName: !Ref KeyName
      ImageId: ami-7a11e213
  InstanceSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Enable SSH access via port 22
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '22'
          ToPort: '22'
          CidrIp: 0.0.0.0/0

像上面這個例子, Ec2Instance > Properties > SecurityGroups 底下有個
!Ref InstanceSecurityGroup
!Ref 就是去搜尋在Resources/Parameters中的邏輯名稱為 InstanceSecurityGroup 的
上面的例子就會找到在Resources中的InstanceSecurityGroup

InstanceSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: Enable SSH access via port 22
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '22'
          ToPort: '22'
          CidrIp: 0.0.0.0/0

---

Fn::FindInMap

回傳與Mappings中對應到的值

用法

!FindInMap [ MapName, TopLevelKey, SecondLevelKey ]

• MapName
  
  • Mappings 部分中所宣告的邏輯名稱，包含Key和Value
• TopLevelKey
  
  • 最上層的Key名稱。Value為一個Key/Value Pair列表
• SecondLevelKey
  
  • 第二層Key的名稱，為分配给 TopLevelKey 的列表中的其中一個key

ex:

Mappings: 
  RegionMap: 
    us-east-1: 
      32: "ami-6411e20d"
      64: "ami-7a11e213"
    us-west-1: 
      32: "ami-c9c7978c"
      64: "ami-cfc7978a"
    eu-west-1: 
      32: "ami-37c2f643"
      64: "ami-31c2f645"
    ap-southeast-1: 
      32: "ami-66f28c34"
      64: "ami-60f28c32"
    ap-northeast-1: 
      32: "ami-9c03a89d"
      64: "ami-a003a8a1"
Resources: 
  myEC2Instance: 
    Type: "AWS::EC2::Instance"
    Properties: 
      ImageId: !FindInMap [ RegionMap, !Ref "AWS::Region", 32 ]
      InstanceType: m1.small

RegionMap 為 MapName
AWS::Region比較特別, 是會回傳你的Region
假如我在新加坡, 那AWS::Region會是ap-southeast-1
32就是 ap-southeast-1 底下那個32
更多關於Fn::FindInMap

---

Fn::GetAtt

回傳 YAML/JSON 中 Resources 的 Property 值

用法

!GetAtt logicalNameOfResource.attributeName

• logicalNameOfResource
  
  • 定義在Resources中的邏輯名稱
• attributeName
  
  • 資源特定的屬性名稱

ex:

AWSTemplateFormatVersion: 2010-09-09
Resources:
  myELB:
    Type: 'AWS::ElasticLoadBalancing::LoadBalancer'
    Properties:
      AvailabilityZones:
        - eu-west-1a
      Listeners:
        - LoadBalancerPort: '80'
          InstancePort: '80'
          Protocol: HTTP
  myELBIngressGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: ELB ingress group
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '80'
          ToPort: '80'
          SourceSecurityGroupOwnerId: !GetAtt myELB.SourceSecurityGroup.OwnerAlias
          SourceSecurityGroupName: !GetAtt myELB.SourceSecurityGroup.GroupName

更多可以取回的資料

---