AWS CloudFormationUser GuideAPI Version 2010-05-15Amazon Web ServicesAWS CloudFormation User GuideAWS CloudFormation: User GuideAmazon Web ServicesCopyright 2014 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.The following are trademarks of Amazon Web Services, Inc.: Amazon, Amazon Web Services Design, AWS, Amazon CloudFront,Cloudfront, Amazon DevPay, DynamoDB, ElastiCache, Amazon EC2, Amazon Elastic Compute Cloud, Amazon Glacier, Kindle, KindleFire, AWS Marketplace Design, Mechanical Turk, Amazon Redshift, Amazon Route 53, Amazon S3, Amazon VPC. In addition,Amazon.com graphics, logos, page headers, button icons, scripts, and service names are trademarks, or trade dress of Amazon inthe U.S. and/or other countries. Amazon's trademarks and trade dress may not be used in connection with any product or service thatis not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discreditsAmazon.All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connectedto, or sponsored by Amazon.AWS CloudFormation User GuideWelcome ................................................................................................................................................. 1Introduction ............................................................................................................................................. 2Stacks ..................................................................................................................................................... 2Templates ............................................................................................................................................... 3Parameters ............................................................................................................................................. 5Mappings ................................................................................................................................................ 6Conditions ............................................................................................................................................... 7Pseudo Parameters ................................................................................................................................ 8Resources ............................................................................................................................................... 8Resource Properties ............................................................................................................................... 9References ........................................................................................................................................... 10Intrinsic Functions ................................................................................................................................. 10Outputs ................................................................................................................................................. 11Getting Started ..................................................................................................................................... 12Signing Up for an AWS Account ........................................................................................................... 12Get Started ........................................................................................................................................... 12Learn Template Basics ......................................................................................................................... 20Walkthrough: Updating a Stack ............................................................................................................. 30Walkthrough: Custom Resources ......................................................................................................... 48Using CloudFormer to Create Templates .............................................................................................. 54Controlling Access with IAM ................................................................................................................. 62Stack Updates ...................................................................................................................................... 67Modifying a Stack Template .................................................................................................................. 68Updating a Stack .................................................................................................................................. 70MonitoringProgress ............................................................................................................................. 72Canceling a Stack Update .................................................................................................................... 74Prevent Updates to Stack Resources ................................................................................................... 75Using the Console ................................................................................................................................ 85Logging In to the Console ..................................................................................................................... 85Creating a Stack ................................................................................................................................... 87Selecting a Stack Template ......................................................................................................... 88Specifying Stack Parameters ...................................................................................................... 88Setting Stack Options .................................................................................................................. 89Reviewing Your Stack and Estimating Stack Cost ....................................................................... 90Creating an EC2 Key Pair ..................................................................................................................... 90Estimating the Cost of Your Stack ......................................................................................................... 91Viewing Stack Data and Resources ..................................................................................................... 91Updating a Stack .................................................................................................................................. 92Selecting a Stack Template for Updating a Stack ........................................................................ 93Specifying Stack Parameters and Update Policy ........................................................................ 94Canceling a Stack Update ........................................................................................................... 94Deleting a Stack .................................................................................................................................... 95Viewing Deleted Stacks ........................................................................................................................ 96Using the AWS CLI ............................................................................................................................... 97Describing and Listing Your Stacks ....................................................................................................... 97Viewing Stack Event History ............................................................................................................... 100Listing Resources ............................................................................................................................... 102Retrieving a Template ......................................................................................................................... 103Validating a Template .......................................................................................................................... 104Working With Templates ..................................................................................................................... 106Template Anatomy .............................................................................................................................. 107Template Declaration ................................................................................................................. 107Template Format Version Declaration ........................................................................................ 108Template Description Declaration .............................................................................................. 108Parameters Declaration ............................................................................................................. 108Mappings Declaration ................................................................................................................ 111Conditions Declaration .............................................................................................................. 114Resources Declaration .............................................................................................................. 116API Version 2010-05-154AWS CloudFormation User GuideProperties Declaration ............................................................................................................... 116Function Declaration ................................................................................................................. 117Outputs Declaration ................................................................................................................... 117Example Templates ............................................................................................................................. 118Auto Scaling Group with LoadBalancer, Auto Scaling Policies, and CloudWatch Alarms ......... 118Amazon EC2 Running an Amazon Linux 32-bit AMI ................................................................. 124Create a Load-Balanced Apache Website ................................................................................ 126Auto-Scaled Worker that uses Spot Instances to Monitor Work in an SQS Queue ................... 129Template Snippets .............................................................................................................................. 136Auto Scaling Snippets ............................................................................................................... 136Amazon EC2 Snippets .............................................................................................................. 139AWS Elastic Beanstalk Snippets ............................................................................................... 152Elastic Load Balancing Snippets ............................................................................................... 153Identity and Access Management (IAM) Template Snippets ..................................................... 154AWS OpsWorks Snippets .......................................................................................................... 166Amazon Redshift Snippets ........................................................................................................ 169Amazon RDS Template Snippets .............................................................................................. 173Amazon SimpleDB Snippets ..................................................................................................... 176Amazon SNS Snippets .............................................................................................................. 176Amazon SQS Queue Snippet .................................................................................................... 176Amazon CloudFront Template Snippets .................................................................................... 177Amazon Route 53 Template Snippets ....................................................................................... 180Amazon S3 Template Snippets ................................................................................................. 182Stack Resource Snippets .......................................................................................................... 183Wait Condition Template Snippets ............................................................................................. 184AWS CloudFormation Template Snippets ................................................................................. 186Modifying Templates ........................................................................................................................... 191Adding Input Parameters ........................................................................................................... 191Use Parameters and Mappings to Specify Values in Your Template .......................................... 193Conditionally Creating Resources ............................................................................................. 195Tagging Your Resources ............................................................................................................ 195Specifying Return Values with Outputs ..................................................................................... 196Creating Wait Conditions ........................................................................................................... 196AWS CloudFormation Endpoints ........................................................................................................ 200Using Regular Expressions ................................................................................................................ 201Automating Application Installation Using Cloud-Init .......................................................................... 201DeployingApplications ....................................................................................................................... 207Working with Windows Stacks ............................................................................................................ 218Windows AMIs and Templates ............................................................................................................ 218Bootstrapping Windows Stacks .......................................................................................................... 219Accessing Windows Instances ............................................................................................................ 223Template Reference ............................................................................................................................ 226AWS Resource Types ......................................................................................................................... 226AWS::AutoScaling::AutoScalingGroup ...................................................................................... 228AWS::AutoScaling::LaunchConfiguration .................................................................................. 233AWS::AutoScaling::ScalingPolicy .............................................................................................. 239AWS::AutoScaling::ScheduledAction ........................................................................................ 241AWS::CloudFormation::Authentication ...................................................................................... 243AWS::CloudFormation::CustomResource ................................................................................. 247AWS::CloudFormation::Init ........................................................................................................ 250AWS::CloudFormation::Stack .................................................................................................... 260AWS::CloudFormation::WaitCondition ...................................................................................... 262AWS::CloudFormation::WaitConditionHandle ........................................................................... 265AWS::CloudFront::Distribution ................................................................................................... 266AWS::CloudWatch::Alarm ......................................................................................................... 267AWS::DynamoDB::Table ........................................................................................................... 270AWS::EC2::CustomerGateway .................................................................................................. 274AWS::EC2::DHCPOptions ......................................................................................................... 276API Version 2010-05-155AWS CloudFormation User GuideAWS::EC2::EIP .......................................................................................................................... 279AWS::EC2::EIPAssociation ........................................................................................................ 280AWS::EC2::Instance .................................................................................................................. 281AWS::EC2::InternetGateway ..................................................................................................... 288AWS::EC2::NetworkAcl ............................................................................................................. 289AWS::EC2::NetworkAclEntry ..................................................................................................... 290AWS::EC2::NetworkInterface .................................................................................................... 292AWS::EC2::NetworkInterfaceAttachment .................................................................................. 296AWS::EC2::Route ...................................................................................................................... 297AWS::EC2::RouteTable ............................................................................................................. 300AWS::EC2::SecurityGroup ........................................................................................................ 301AWS::EC2::SecurityGroupEgress ............................................................................................. 303AWS::EC2::SecurityGroupIngress ............................................................................................. 306AWS::EC2::Subnet .................................................................................................................... 309AWS::EC2::SubnetNetworkAclAssociation ............................................................................... 312AWS::EC2::SubnetRouteTableAssociation ............................................................................... 313AWS::EC2::Volume ................................................................................................................... 314AWS::EC2::VolumeAttachment ................................................................................................. 317AWS::EC2::VPC ........................................................................................................................ 319AWS::EC2::VPCDHCPOptionsAssociation ............................................................................... 320AWS::EC2::VPCGatewayAttachment ........................................................................................ 322AWS::EC2::VPNConnection ...................................................................................................... 323AWS::EC2::VPNConnectionRoute ............................................................................................ 325AWS::EC2::VPNGateway .......................................................................................................... 326AWS::EC2::VPNGatewayRoutePropagation ............................................................................. 327AWS::ElastiCache::CacheCluster ............................................................................................. 328AWS::ElastiCache::ParameterGroup ......................................................................................... 333AWS::ElastiCache::SecurityGroup ............................................................................................ 335AWS::ElastiCache::SecurityGroupIngress ................................................................................ 335AWS::ElastiCache::SubnetGroup............................................................................................. 336AWS::ElasticBeanstalk::Application .......................................................................................... 337AWS::ElasticBeanstalk::ApplicationVersion .............................................................................. 338AWS::ElasticBeanstalk::ConfigurationTemplate ........................................................................ 340AWS::ElasticBeanstalk::Environment ........................................................................................ 342AWS::ElasticLoadBalancing::LoadBalancer .............................................................................. 345AWS::IAM::AccessKey .............................................................................................................. 352AWS::IAM::Group ...................................................................................................................... 353AWS::IAM::InstanceProfile ........................................................................................................ 354AWS::IAM::Policy ...................................................................................................................... 356AWS::IAM::Role ......................................................................................................................... 359AWS::IAM::User ........................................................................................................................ 363AWS::IAM::UserToGroupAddition .............................................................................................. 364AWS::Kinesis::Stream ............................................................................................................... 365AWS::OpsWorks::App ............................................................................................................... 366AWS::OpsWorks::ElasticLoadBalancerAttachment ................................................................... 368AWS::OpsWorks::Instance ........................................................................................................ 369AWS::OpsWorks::Layer ............................................................................................................. 372AWS::OpsWorks::Stack ............................................................................................................. 376AWS::Redshift::Cluster .............................................................................................................. 379AWS::Redshift::ClusterParameterGroup ................................................................................... 384AWS::Redshift::ClusterSecurityGroup ....................................................................................... 386AWS::Redshift::ClusterSecurityGroupIngress ........................................................................... 387AWS::Redshift::ClusterSubnetGroup ........................................................................................ 388AWS::RDS::DBInstance ............................................................................................................ 389AWS::RDS::DBParameterGroup ............................................................................................... 397AWS::RDS::DBSubnetGroup .................................................................................................... 399AWS::RDS::DBSecurityGroup ................................................................................................... 400AWS::RDS::DBSecurityGroupIngress ....................................................................................... 402API Version 2010-05-156AWS CloudFormation User GuideAWS::Route53::RecordSet ........................................................................................................ 404AWS::Route53::RecordSetGroup .............................................................................................. 408AWS::S3::Bucket ....................................................................................................................... 410AWS::S3::BucketPolicy .............................................................................................................. 417AWS::SDB::Domain ................................................................................................................... 419AWS::SNS::Topic ....................................................................................................................... 419AWS::SNS::TopicPolicy ............................................................................................................. 421AWS::SQS::Queue .................................................................................................................... 421AWS::SQS::QueuePolicy .......................................................................................................... 426Resource Property Types ................................................................................................................... 426AutoScaling Block Device Mapping ........................................................................................... 428AutoScaling EBS Block Device ................................................................................................. 429Auto Scaling MetricsCollection .................................................................................................. 430Auto Scaling NotificationConfiguration ...................................................................................... 431Auto Scaling Tags ...................................................................................................................... 431CloudFormation Stack Parameters ........................................................................................... 432CloudFront CacheBehavior ....................................................................................................... 433CloudFront ForwardedValues .................................................................................................... 435CloudFront CustomOrigin .......................................................................................................... 435CloudFront DefaultCacheBehavior ............................................................................................ 436CloudFront DistributionConfig ................................................................................................... 437CloudFront Logging ................................................................................................................... 438CloudFront Origin ...................................................................................................................... 439CloudFront S3Origin .................................................................................................................. 440CloudWatch Metric Dimension .................................................................................................. 441DynamoDB Attribute Definitions ................................................................................................ 442DynamoDB Global Secondary Indexes ..................................................................................... 443DynamoDB Key Schema ........................................................................................................... 444DynamoDB Local Secondary Indexes ....................................................................................... 445DynamoDB Projection Object .................................................................................................... 445DynamoDB Provisioned Throughput ......................................................................................... 446Amazon EC2 Block Device Mapping Property .......................................................................... 447Amazon Elastic Block Store Block Device Property .................................................................. 449EC2 ICMP ................................................................................................................................. 450EC2 MountPoint ........................................................................................................................ 450EC2 Network Interface .............................................................................................................. 452EC2 Network Interface Association ........................................................................................... 454EC2 Network Interface Attachment ........................................................................................... 454EC2 Network Interface Group Item ........................................................................................... 455EC2 Network Interface Private IP Specification ........................................................................ 455EC2 PortRange ......................................................................................................................... 456EC2 Security Group Rule .......................................................................................................... 456EC2 Tag ..................................................................................................................................... 460AWS Elastic Beanstalk Environment Tier .................................................................................. 460AWS Elastic Beanstalk OptionSettings Property Type .............................................................. 461AWS Elastic Beanstalk SourceBundle Property Type ............................................................... 463AWS Elastic Beanstalk SourceConfiguration Property Type ..................................................... 463Elastic Load Balancing AccessLoggingPolicy ........................................................................... 464AppCookieStickinessPolicy ....................................................................................................... 465Elastic Load Balancing ConnectionDrainingPolicy .................................................................... 465ElasticLoadBalancingHealthCheck .......................................................................................... 466LBCookieStickinessPolicy ......................................................................................................... 467ElasticLoadBalancing Listener .................................................................................................. 468ElasticLoadBalancing Policy ...................................................................................................... 469Name Type ................................................................................................................................ 471AWS OpsWorks Recipes Type .................................................................................................. 472AWS OpsWorks Source Type .................................................................................................... 473AWS OpsWorks SslConfiguration Type ..................................................................................... 474API Version 2010-05-157AWS CloudFormation User GuideAWS OpsWorks StackConfigurationManager Type ................................................................... 475AWS OpsWorks VolumeConfiguration Type .............................................................................. 475Amazon Redshift Parameter Type ............................................................................................. 476AWS CloudFormation Resource Tags ....................................................................................... 477RDS Security Group Rule ......................................................................................................... 478Route 53 AliasTarget Property .................................................................................................. 479Amazon S3 Cors Configuration ................................................................................................. 479Amazon S3 Cors Configuration Rule ........................................................................................ 480Amazon S3 Lifecycle Configuration ........................................................................................... 481Amazon S3 Lifecycle Rule ........................................................................................................ 481Amazon S3 Lifecycle Rule Transition ........................................................................................ 482Amazon S3 Logging Configuration ............................................................................................ 483Amazon S3 Notification Configuration ....................................................................................... 484Amazon S3 Notification Topic Configurations ............................................................................ 484Amazon S3 Versioning Configuration ........................................................................................ 485Amazon S3 Website Configuration Property ............................................................................. 485Amazon S3 Website Configuration Redirect All Requests To Property ..................................... 486Amazon S3 Website Configuration Routing Rules Property ..................................................... 487Amazon S3 Website Configuration Routing Rules Redirect Rule Property ............................... 487Amazon S3 Website Configuration Routing Rules Routing Rule Condition Property ............... 488SNS Subscription ...................................................................................................................... 489Amazon SQS RedrivePolicy ...................................................................................................... 489Resource Attributes ............................................................................................................................ 490DeletionPolicy ............................................................................................................................ 490DependsOn ............................................................................................................................... 491Metadata ................................................................................................................................... 493UpdatePolicy ............................................................................................................................. 494Intrinsic Functions ............................................................................................................................... 495Fn::Base64 ................................................................................................................................ 495Condition Functions ................................................................................................................... 496Sample Templates ............................................................................................................ 501Fn::FindInMap ........................................................................................................................... 506Fn::GetAtt .................................................................................................................................. 507Fn::GetAZs ................................................................................................................................ 511Fn::Join ...................................................................................................................................... 511Fn::Select .................................................................................................................................. 512Ref ............................................................................................................................................. 513Pseudo Parameters ............................................................................................................................ 516CloudFormation Helper Scripts .......................................................................................................... 518cfn-init ........................................................................................................................................ 519cfn-signal ................................................................................................................................... 521cfn-get-metadata ....................................................................................................................... 524cfn-hup ...................................................................................................................................... 525AWS CLI Reference ............................................................................................................................ 529AWS CloudFormation Limits ............................................................................................................... 530Custom Resource Reference ............................................................................................................. 533Request Objects ................................................................................................................................. 533Response Objects .............................................................................................................................. 535Request Types .................................................................................................................................... 536Create ........................................................................................................................................ 536Delete ........................................................................................................................................ 538Update ....................................................................................................................................... 541Logging API Calls ............................................................................................................................... 544Document History ............................................................................................................................... 549AWS Glossary .................................................................................................................................... 559API Version 2010-05-158AWS CloudFormation User GuideWelcomeThe AWS CloudFormation User Guide explains how to use the AWS CloudFormation service.AWS CloudFormation enables you to create and provision AWS infrastructure deployments predictablyand repeatedly. It helps you leverage AWS products such as Amazon Elastic Compute Cloud, AmazonElastic Block Store, Amazon Simple Notification Service, Elastic Load Balancing and Auto Scaling tobuild highly reliable, highly scalable, cost-effective applications without worrying about creating andconfiguring the underlying AWS infrastructure. AWS CloudFormation enables you to use a template fileto create and delete a collection of resources together as a single unit (a stack).How Do I...?Relevant Sections How do I...?http://aws.amazon.com/cloudformation/ Decide if AWS CloudFormation is rightfor my needs?AWS CloudFormation Getting Started Guide Get started with AWS CloudFormationquickly?Modifying AWS CloudFormation Templates (p. 191) Find how to do specific tasks?Introduction (p. 2) Learn how AWS CloudFormation works?Working with AWS CloudFormation Templates (p. 106) Learn about AWS CloudFormationtemplates?Template Snippets (p. 136) Get starter-template fragments that I canuse in my own templates?Example Templates (p. 118) See example templates?Working with AWS CloudFormation Templates (p. 106) Learn about using and modifyingtemplates?AWS Command Line Interface Reference (p. 529) Learn the details of the AWSCloudFormation tools?Template Anatomy (p. 107) and Template Reference (p. 226) Learn the details of the AWSCloudFormation sample templates?API Version 2010-05-151AWS CloudFormation User GuideHow Do I...?IntroductionAWS CloudFormation enables you to create and delete related AWS resources together as a unit calleda stack. You define the characteristics of a stack parameters, mappings, resource properties, and outputvalues using a template (a JSON-compliant text file). You can write your template from scratch, or startwith one of the example templates we provide. You can use a number of AWS products with AWSCloudFormation, such as Amazon EC2, AWS Elastic Beanstalk, and Amazon RDS (for a complete list,see Resource Property Types Reference (p. 426)).Topics Stacks (p. 2) Templates (p. 3) Parameters (p. 5) Mappings (p. 6) Conditions (p. 7) Pseudo Parameters (p. 8) Resources (p. 8) Resource Properties (p. 9) References (p. 10) Intrinsic Functions (p. 10) Outputs (p. 11)StacksA stack is a collection of AWS resources. With AWS CloudFormation you can do the following with yourstacks: Create an AWS CloudFormation stack using aws cloudformation create-stack, providing aname, and specifying a template that defines the stack. Track the progress of the create operation using aws cloudformation describe-stack-events.AWS CloudFormation optimizes the order of member resource creation during stack creation, takinginto account resource dependencies, so it's not possible to predict the order in which each resourcewill be created. The aws cloudformation describe-stack-events command enables you tomonitor the progress. List your running stacks using aws cloudformation describe-stacks or aws cloudformationlist-stacks, filtering by a specific stack name or stack status. Only running stacks and stacks in theAPI Version 2010-05-152AWS CloudFormation User GuideStacksprocess of being created or deleted are listed with aws cloudformation describe-stacks. Youcan use aws cloudformation list-stacks to list stacks that have any status (even if they havebeen deleted within the past 90 days), filtering on the status if you need to. Itemize the contents of a stack using aws cloudformation describe-stack-resources. Youcan do this even when a stack is being created or deleted, enabling you to see the state of individualmember resources. View the history of the events produced by a stack using aws cloudformationdescribe-stack-events, optionally filtering by a specific stack name. You can see events for adeleted stack for up to 90 days. Delete a stack using aws cloudformation delete-stack. When you delete a stack, each of itsmember resources is deleted as well. As with the stack creation, AWS CloudFormation optimizes thedeletion sequence, so the order isn't predictable. You can track the progress of the deletion using awscloudformation describe-stack-events and list deleted stacks using aws cloudformationlist-stacks.AWS CloudFormation makes sure all member resources are created or deleted as appropriate. BecauseAWS CloudFormation treats the members of a stack as a single unit, they must all be created successfullyfor the stack to be created. If for any reason a member resource cannot be created, AWS CloudFormationrolls the stack back and automatically deletes the member resources that were created.NoteYou are charged for the stack resources for the time they were operating (even if you deletedthe stack right away).For more information, see Modifying AWS CloudFormation Templates (p. 191).TemplatesYou describe your AWS infrastructure requirements in a template. A template is a text file whose formatcomplies with the JSON standard. Because they are just text files, you can edit and manage them in yoursource control system with the rest of your source code. For more information about the JSON format,see http://www.json.org.In the template, you can declare several main objects: the template's format version (p. 4), itsdescription (p. 4), and the parameters (p. 5), mappings (p. 6), conditions (p. 4), resources (p. 5),and outputs (p. 5) you need to create your stack. The format version, descriptions, parameters, mappingsand outputs are optional. You only need to declare one resource. The following depicts a valid template,which declares just a single resource with no properties.{"Resources" : {"MyQueue" : {"Type" : "AWS::SQS::Queue","Properties" : {}}}}A resource typically has a Properties section that contains the values needed to create that resource. Ifa resource does not require any properties to be declared, you can omit the Properties section of thatresource.API Version 2010-05-153AWS CloudFormation User GuideTemplatesTo check your template file for syntax errors, you can use the aws cloudformationvalidate-template command.NoteThe aws cloudformation validate-template command is designed to check only thesyntax of your template. It does not ensure that the property values you have specified for aresource are valid for that resource. Nor does it determine the number of resources that will existwhen the stack is created.To check the operational validity, you need to attempt to create the stack. There is no sandbox or testarea for AWS CloudFormation stacks, so you are charged for the resources you create during testing.Format VersionThe template format version specifies the AWS CloudFormation template version against which thetemplate was written.ImportantThe template format version is not the same as the API or WSDL version. The template formatversion can change independently of the API and WSDL versions.Optional DescriptionThe optional Description property enables you to associate a free valid JSON text string with a template.Descriptions enable you to document a template.Optional ParametersOptional parameters are listed in the Parameters section. Parameters enable you to pass values to yourtemplate at runtime, and can be dereferenced in the Resources and Outputs sections of the template.Most of the sample templates declare a Parameters section (see Example Templates (p. 118)). Parametersare described more fully in Parameters (p. 5). Also, for technical details about the Parameters sectionformat, see Parameters Declaration (p. 108).Optional MappingsThe optional Mappings section enables you to declare conditional values. Mappings can be dereferencedin the Resources and Outputs section using the intrinsic function Fn::FindInMap (p. 506).Two of sample templates declare a Mappings section (see Example Templates (p. 118)). Mappings aredescribed more fully in Mappings (p. 6). Also, for technical details about the Mappings section format,see Mappings Declaration (p. 111).Optional ConditionsThe optional Conditions section is where you define conditions that control whether certain resources arecreated or whether certain resource properties are assigned a value during stack creation or update. Forexample, you could conditionally create a resource depending on whether the stack is for a productionor test environment.For more information about defining conditions, see Conditions (p. 7).API Version 2010-05-154AWS CloudFormation User GuideFormat VersionResourcesThe stack's member resources are listed in the Resources section. Each resource is listed separately,and specifies the resource properties necessary for creating that particular resource. Resources can bedereferenced in the Resources and Outputs sections. Their properties can be based on literals, resources,parameters, pseudo parameters, and intrinsic functions. For more information, see ResourceProperties (p. 5).All of the sample templates declare a Resources section (see Example Templates (p. 118)). Resourcesare described more fully in Resources (p. 8). For technical details about the Resources section format,see Resources Declaration (p. 116).Resource PropertiesIf a resource does not require any properties to be declared, you can omit the Properties section of thatresource. Resource properties can be based on literals, resources, parameters, pseudo parameters, andintrinsic functions.Most of the sample templates declare resources that have one or more properties (see ExampleTemplates (p. 118)). Resource properties are described more fully in Resource Properties (p. 9). Also,for technical details about the Properties section format, see Properties Declaration (p. 116).Optional OutputsIn the Outputs section, you can optionally define custom values that are returned in response to the awscloudformation describe-stacks command. These output values can include information basedon literals, resources, parameters, pseudo parameters, and intrinsic functions.All the sample templates declare an Outputs section (see Example Templates (p. 118)). Outputs aredescribed more fully in Outputs (p. 11). Also, for technical details about the Outputs section format, seeOutputs Declaration (p. 117).ParametersAWS CloudFormation parameters are values that you define in the template Parameters section. Aparameter can have a default value. The default value is overridden if you specify a value for the parameteras part of the aws cloudformation create-stack --parameters option. Parameter values youoverride at runtime are returned as part of the aws cloudformation describe-stacks command,unless you suppress that in the parameter declaration by including the NoEcho property with a value oftrue. If you provide the NoEcho property, the parameter value is displayed as asterisks (*****). (Parametervalues you do not override are not displayed.)A parameter can be declared as one of following types: String, Number, or CommaDelimitedList.For a parameter that has a String or Number type, you can define constraints that AWS CloudFormationuses to validate the value of the parameter.For the String type, you can define the following constraints: MinLength, MaxLength, Default,AllowedValues, and AllowedPattern.For the Number type, you can define the following constraints: MinValue, MaxValue, Default, andAllowedValues. A number can be an integer or a float value.For more information about parameter constraints, see Parameters Declaration (p. 108).API Version 2010-05-155AWS CloudFormation User GuideResourcesNote that all parameter values are specified as strings in the template JSON. This means Numberparameter values must also be surrounded by quotes. For example, the Default value for MyNumberspecifies a number and it is surrounded by quotes."Parameters" : {"MyNumber" : {"Type" : "Number","Default" : "10","MinValue" : "1"}}Parameters can be dereferenced in the Resources and Outputs section, so you can use any parameteryou declare as a value for a resource, resource property, reference, function, or output value.The following example shows the declaration of the InstanceType parameter, a String type that allowsonly the enumerated values t1.micro, m1.small, and m1.large with a default of m1.small."Parameters" : {"InstanceType" : {"Type" : "String","Default" : "t1.micro","AllowedValues" : ["t1.micro", "m1.small", "m1.large"],"Description" : "Enter t1.micro, m1.small, or m1.large. Default is t1.micro."}}If you wanted to override this value at the command line, your command might resemble the following:aws cloudformation create-stack --stack-name TestStack --template-body file:///home/local/MyTemplate.template --parameters ParameterKey=Instance Type,ParameterValue=m1.largeIf you have more than one parameter, separate the param-value pairs with a space. For example, theassume the MyTemplate.template requires two parameters. You could create a stack based on thattemplate using a command similar to the following:aws cloudformation create-stack --stack-name TestStack --template-body file:///home/local/MyTemplate.template --parameters ParameterKey=MyName,Paramet erValue=Joe ParameterKey=MyValue,ParameterValue=10Note that in this case if you mistype the parameter name, AWS CloudFormation will not create the stack.It will report that the template doesn't contain the parameter.Most of the sample templates declare a Parameters section (see Example Templates (p. 118)). Also, fortechnical details about the Parameters section format, see Parameters Declaration (p. 108).MappingsMappings enable you to specify conditional parameter values in your template. When used with theintrinsic function Fn::FindInMap (p. 506), it works like a Case statement or lookup table.API Version 2010-05-156AWS CloudFormation User GuideMappingsIn the optional Mappings section, you define one or more mappings. Each mapping has a logical nameunique within the template, and defines one or more key-attribute pairs. Each attribute must be a literalstring or list of literal strings. You cannot base a mapping on a parameter, pseudo parameter, or intrinsicfunction. Along with declaring as many conditional mapping keys as you need, you can declare whichmapping key is the default. The following example shows a Mappings section that declares a map withfour selections, in which a region name is mapped to a specific Amazon Machine Image (AMI) name:"Mappings" : {"RegionMap" : {"us-east-1" : {"AMI" : "ami-76f0061f"},"us-west-1" : {"AMI" : "ami-655a0a20"},"eu-west-1" : {"AMI" : "ami-7fd4e10b"},"ap-southeast-1" : {"AMI" : "ami-72621c20"}}}When you want to assign a mapping attribute value to a resource property or output, you use theFn::FindInMap function, passing it the logical name of the mapping, the mapping key name, and themapping attribute name you want to retrieve. Specifying a parameter or pseudo parameter as the mappingkey name you pass to Fn::FindInMap enables you to retrieve the right attribute value for use at runtime.Two of the sample templates declare a Mappings section (see Example Templates (p. 118)). Also, fortechnical details about the Mappings section format, see Mappings Declaration (p. 111).ConditionsAll conditions are defined in the Conditions section of a template. You use intrinsic functions to define acondition, as shown in the following sample:"Parameters" : {"EnvType" : {"Description" : "Environment type.","Default" : "test","Type" : "String","AllowedValues" : ["prod", "test"]}},"Conditions" : {"CreateProdInstance" : {"Fn::Equals" : [{"Ref" : "EnvType"}, "prod"]}}The CreateProdInstance condition evaluates to true if the EnvType parameter is equal to prod. TheEnvType parameter is an input parameter that you specify when you create or update a stack.API Version 2010-05-157AWS CloudFormation User GuideConditionsNoteIn the Conditions section, you can only reference other conditions and values from the Parametersand Mappings sections of a template. For example, you cannot reference the logical ID of aresource in a condition, but you can reference a value from an input parameter.To use the condition, you reference it in the Resources section of a template, associating it with a specificresource. After you do, the resource will be created whenever the condition evaluates to true, as shownin the following example:"ProductionInstance" : {"Type" : "AWS::EC2::Instance","Condition" : "CreateProdInstance","Properties" : {"InstanceType" : "c1.xlarge","SecurityGroups" : [ { "Ref" : "ProdSecurityGroup" } ],"KeyName" : { "Ref" : "ProdKeyName" },"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]}}}Only when the CreateProdInstance condition evaluates to true is the ProductionInstance resourcecreated.For more information about conditions, see Conditions Declaration (p. 114) and Condition Functions (p. 496).Pseudo ParametersPseudo parameters are parameters AWS CloudFormation declares for you. You can use them withouthaving to declare them in your template. AWS CloudFormation declares several pseudo parameters thatyou can use anywhere you might use a parameter name or logical resource name.For information about pseudo parameters, see Pseudo Parameters Reference (p. 516).ResourcesIn the Resources sections of a template, you declare the AWS resources that you want AWSCloudFormation to manage, such as an Amazon EC2 instance or an Amazon S3 bucket. All templatesmust declare a Resources section with at least one resource.You must declare each resource separately;however, you can specify multiple resources of the same type.Each resource declaration includes three parts: A logical name that is unique within the template A resource type Properties for that resourceYou use the logical name to reference the resource in other parts of the template. For example, if youwant to map an Amazon Elastic Block Store to an Amazon EC2 instance, you reference the logical IDsof both the block stores and the instance to specify the mapping. Logical names must be alphanumeric(A-Za-z0-9). For a list of all the resource types, see AWS Resource Types Reference (p. 226).API Version 2010-05-158AWS CloudFormation User GuidePseudo ParametersIn addition to the logical ID, certain resources also have a physical ID, which is the actual assigned namefor that resource, such as an Amazon EC2 instance ID or an Amazon S3 bucket name. You use thephysical IDs to identify resources outside of AWS CloudFormation templates, but only after the resourceshave been created. For example, you might give an Amazon EC2 instance resource a logical ID ofMyEC2Instance; but when AWS CloudFormation creates the instance, AWS CloudFormation automaticallygenerates and assigns a physical ID (such as i-28f9ba55) to the instance. You can use this physicalID to identify the instance and view its properties (such as the DNS name) by using the Amazon EC2console. For resources that support custom names, you can assign your own names (physical IDs) tohelp you quickly identify resources. For example, you can name an Amazon S3 bucket that stores logsas MyPerformanceLogs. For more information, see Name Type (p. 471).Resource properties are additional options that you can specify on a resource. For example, you canspecify the DB snapshot property for an Amazon RDS DB instance in order to create a DB instance froma snapshot. The following example declares an Amazon EC2 image with an ID ofmyLinuxBundle-2011-12-30:"Resources" :{"MySimpleImage" : {"Type" : "AWS::EC2::Image","Properties" : {"ImageId" : "myLinuxBundle-2011-12-30",}}} For more information about resource properties, see Resource Properties (p. 9).For technical details about the Resources section format, see Resources Declaration (p. 116).Resource PropertiesMost resources require you to set resource-specific property values before they can be created. If aresource does not require any properties to be declared, you can omit the Properties section of thatresource.The properties declared in a resource's Properties section are specific to the type of resource beingcreated, and are declared according to the owning resource (see AWS Resource Types Reference (p. 226)).The following example shows the declaration of a resource named "MyVolume", which declares threeproperties:Resources : {"MyVolume" : {"Type" : "AWS::EC2::Volume","Properties" : {"Size" : "4","SnapshotId" : "snap234","AvailabilityZone" : "us-east-1a"}} }Resource properties can base their value on literals, parameter references, pseudo parameters, andintrinsic functions.API Version 2010-05-159AWS CloudFormation User GuideResource PropertiesMost of the sample templates declare resources that have one or more properties (see ExampleTemplates (p. 118)). Also, for technical details about the Properties section format, see PropertiesDeclaration (p. 116).ReferencesWith the Ref (p. 513) function, you specify the logical name of any resource to dereference a value foranother resource, output, parameter, or intrinsic function.For example, in the Resources section, you might declare a security group resource with the logical name"HighRestriction". Elsewhere in another resource declaration, you can use "Ref" : "HighRestriction"as the value for another resource's property.In the following example, the parameter "MyURL" is declared with a default String value of"http://aws.amazon.com". Later in the Outputs section, that value is dereferenced as "Ref" : "MyURL"."Parameters" : {"MyURL" : {"Type" : "String","Default" : "http://aws.amazon.com"},..."Outputs" : {"URL" : {"Value" : { "Ref" : "MyURL" }}}The value that AWS CloudFormation returns for the dereferenced object depends on the resource type.See Resource Property Types Reference (p. 426) for details about the specific return values for eachsupported type.Most of the sample templates make use of the Ref function (see Example Templates (p. 118)). Also, fortechnical details about the Ref function, see Ref (p. 513).Intrinsic FunctionsAWS CloudFormation provides functions that you can use to pass values that are not available untilruntime. You specify a function inline with "Fn::function-name" supplying whatever arguments it needsinline. The arguments can be literal strings or lists of strings, a parameter reference, a pseudo parameter,or the value returned from another function.In the following example, the value for the URL output is provided at stack creation time by the Fn::GetAttfunction, based on the value for DNSName assigned to the MyLoadBalancer load balancer:"Outputs" : {"URL" : {"Value" : { "Fn::GetAtt" : [ "MyLoadBalancer", "DNSName" ] }}}API Version 2010-05-1510AWS CloudFormation User GuideReferencesCurrently, AWS CloudFormation supports the following functions:Purpose NameThe base64 encoding of the argument. Fn::Base64 (p. 495)Returns the value of a key from the specified Mapping. Fn::FindInMap (p. 506)Returns the attribute value of the specified resource. Fn::GetAtt (p. 507)Get the Availability Zones where you can create AWS CloudFormation stacks. Fn::GetAZs (p. 511)Concatenation of the elements of the second argument, separated by thefirst.Fn::Join (p. 511)Return a resource or value based on a logical name or parameter. Ref (p. 513)Many of the sample templates make use of intrinsic functions (see Example Templates (p. 118)). Also, fortechnical details about the format of intrinsic functions, see Function Declaration (p. 117).OutputsYou can use the template Outputs section to declare information to be passed back to the template user.The outputs are returned by the aws cloudformation describe-stacks command.You can use literal values or AWS CloudFormation functions to declare output information.The information in the Outputs section is returned only by aws cloudformation describe-stacksfor an existing stack. When the stack fails to create, or when you delete a stack, the values declared inthe Outputs section are not returned.In the following example, the output named URL returns the literal valuehttp://aws.amazon.com/cloudformation."Outputs" : {"URL" : {"Value" : "http://aws.amazon.com/cloudformation"}}Most of the sample templates declare an Outputs section (see Example Templates (p. 118)). Also, fortechnical details about the format of outputs, see Outputs Declaration (p. 117).API Version 2010-05-1511AWS CloudFormation User GuideOutputsGetting Started with AWSCloudFormationIf you're new to AWS CloudFormation, the guides in this section will help get you started quickly, provideyou with fundamental information about using CloudFormation from the AWS Console, and guide youthrough using the AWS command line interface (CLI) so that you can manage your CloudFormationstacks from your system's command prompt.Topics Signing Up for an AWS Account (p. 12) Get Started (p. 12) Learn Template Basics (p. 20) Walkthrough: Updating a Stack (p. 30) AWS CloudFormation Custom Resource Walkthrough (p. 48) Using CloudFormer to Create AWS CloudFormation Templates from Existing AWS Resources (p. 54)Signing Up for an AWS AccountBefore you can use AWS CloudFormation or any Amazon Web Services, you must first sign up for anAWS account.To sign up for an AWS account1. Go to http://aws.amazon.com, and then click Sign Up.2. Follow the on-screen instructions.Part of the sign-up procedure involves receiving a phone call and entering a PIN using the phonekeypad.Get StartedWith the right template, you can deploy at once all the AWS resources you need for an application. Inthis section, you'll examine a template that declares the resources for a WordPress blog, creates aAPI Version 2010-05-1512AWS CloudFormation User GuideSigning Up for an AWS AccountWordPress blog as a stack, monitors the stack creation process, examines the resources on the stack,and then deletes the stack. You use the AWS Management Console to complete these tasks.Step 1: Sign up for the ServiceSigning up for AWS CloudFormation also automatically signs you up for other AWS products you need,such as Amazon Elastic Compute Cloud, Amazon Relational Database Service and Amazon SimpleNotification Service. You're not charged for any services unless you use them.NoteAWS CloudFormation is a free service; however, you are charged for the AWS resources youinclude in your stacks at the current rates for each. For more information about AWS pricing, goto the detail page for each product on http://aws.amazon.com.To sign up for AWS CloudFormation1. Go to http://aws.amazon.com/cloudformation, and then click Sign Up for AWS CloudFormation.2. Follow the on-screen instructions.If you don't already have an AWS account, you'll be prompted to create one when you sign up for AWSCloudFormation.Part of the sign-up procedure involves receiving a phone call and entering a PIN using the phone keypad.Step 2: Pick a templateNext, you'll need a template that specifies the resources you want in your stack. For this step, you use asample template that is already prepared. The sample template creates a basic WordPress blog using asingle Amazon EC2 instance and an Amazon RDS DB Instance. The template also creates an AmazonEC2 and Amazon RDS security group to control firewall settings for the Amazon EC2 instance and theDB Instance.ImportantAWS CloudFormation is free, but the AWS resources that AWS CloudFormation creates will belive (and not running in a sandbox). You will incur the standard usage fees for these resourcesuntil you terminate them in the last task in this tutorial. The total charges will be minimal. Forinformation about how you might minimize any charges, go to http://aws.amazon.com/free/.To view the template You can download or view the WordPress sample template fromhttps://s3.amazonaws.com/cloudformation-templates-us-east-1/WordPress_Single_Instance_With_RDS.template.You don't need to download it unless you want to inspect it. You will use the template URL later inthis guide.A template is a JavaScript Object Notation (JSON) text file containing the configuration information aboutthe AWS resources you want to create in the stack. If you look through the example WordPress template,you will see six top-level objects: AWSTemplateFormatVersion, Description, Parameters, Mappings,Resources, and Outputs; however, only the Resources object is required.The Resources object contains the definitions of the AWS resources you want to create with the template.Each resource is listed separately and specifies the properties necessary for creating that particularresource. The following resource declaration in the template contains the configuration for the AmazonRDS DB Instance, which in this example has the logical name DBInstance:API Version 2010-05-1513AWS CloudFormation User GuideStep 1: Sign up for the Service"Resources" : {..."DBInstance" : {"Type": "AWS::RDS::DBInstance","Properties": {"DBName": { "Ref" : "DBName" },"Engine": "MySQL","MasterUsername": { "Ref" : "DBUsername" },"DBInstanceClass" : { "Ref" : "DBClass" },"DBSecurityGroups": [{ "Ref" : "DBSecurityGroup" }],"AllocatedStorage": { "Ref" : "DBAllocatedStorage" },"MasterUserPassword": { "Ref" : "DBPassword" }}},"DBSecurityGroup": {"Type": "AWS::RDS::DBSecurityGroup","Properties": {"DBSecurityGroupIngress": { "EC2SecurityGroupName": { "Ref": "WebServer SecurityGroup"} },"GroupDescription": "Frontend Access"}},...},If you have created DB Instances before, you'll recognize properties, such as Engine, DBInstanceClass,and AllocatedStorage, that determine the configuration of the DB Instance. Resource declarations arean efficient way to specify all these configuration settings at once. When you put resource declarationsin a template, you can create and configure all the declared resources easily by using the template tocreate a stack. To launch the same configuration of resources, all you have to do is use the same templateto create a new stack.The resource declaration begins with a string that specifies the logical name for the resource. As you'llsee, the logical name can be used to refer to resources within the template.You use the Parameters object to declare values that can be passed to the template when you createthe stack. A parameter is an effective way to specify sensitive information, such as user names andpasswords, that you don't want to store in the template itself. It is also a way to specify information thatmay be unique to the specific application or configuration you are deploying, for example, a domain nameor instance type. When you create the WordPress stack later in this section, you'll see the set of parametersdeclared in the template appear on the Specify Parameters page of the Create Stack wizard, where youcan specify the parameters just before creating the stack.The following parameters are used in the template to specify values used in properties in the AmazonRDS DB Instance resource:"Parameters" : {..."DBName" : {"Default": "wordpress","Description" : "The WordPress database name","Type": "String","MinLength": "1",API Version 2010-05-1514AWS CloudFormation User GuideStep 2: Pick a template"MaxLength": "64","AllowedPattern" : "[a-zA-Z][a-zA-Z0-9]*","ConstraintDescription" : "must begin with a letter and contain only alpha numeric characters."},"DBUsername" : {"Default": "admin","NoEcho": "true","Description" : "The WordPress database admin account user name","Type": "String","MinLength": "1","MaxLength": "16","AllowedPattern" : "[a-zA-Z][a-zA-Z0-9]*","ConstraintDescription" : "must begin with a letter and contain only alpha numeric characters."},"DBPassword" : {"Default": "admin","NoEcho": "true","Description" : "The WordPress database admin account password","Type": "String","MinLength": "1","MaxLength": "41","AllowedPattern" : "[a-zA-Z0-9]*","ConstraintDescription" : "must contain only alphanumeric characters."},"DBAllocatedStorage" : {"Default": "5","Description" : "The size of the database (Gb)","Type": "Number","MinValue": "5","MaxValue": "1024","ConstraintDescription" : "must be between 5 and 1024Gb."},...},In the DBInstance resource declaration, you see the DBName property specified with the DBNameparameter:"DBInstance" : {"Type": "AWS::RDS::DBInstance","Properties": {"DBName" : { "Ref" : "DBName" },...}},The braces contain a call to the Ref (p. 513) function with DBName as its input. The Ref function returnsthe value of the object it refers to. In this case, it's the WordPressDBName parameter, and the Ref functionsets the DBName property to the value that was specified for DBName when the stack was created.API Version 2010-05-1515AWS CloudFormation User GuideStep 2: Pick a templateThe Ref function can also set a resource's property to the value of another resource. For example, theresource declaration DBInstance contains the following property declaration:"DBInstance" : {"Type": "AWS::RDS::DBInstance","Properties": {..."DBSecurityGroups": [{ "Ref" : "DBSecurityGroup" }],...}},The DBSecurityGroups property takes a list of Amazon RDS DB Security Groups. The Ref function hasan input of DBSecurityGroup, which is the logical name of a DB security group in the template, and addsthe name of DBSecurityGroup to the DBSecurityGroups property.In the template, you'll also find a Mappings object. You use mappings to declare conditional values thatare evaluated in a similar manner as a switch statement. The template uses mappings to select the correctAmazon machine image (AMI) for the region and the architecture type for the instance type. Outputsdefine custom values that are returned by the aws cloudformation describe-stacks commandand in the AWS Management Console's Outputs tab after the stack is created. You can use output valuesto return information from the resources in the stack, such as the URL for a website created in the template.We'll cover mappings, outputs, and other things about templates in more detail in Learn TemplateBasics (p. 20).That's enough about templates for now. Let's start creating a stack.Step 3: Make sure you have prepared any requireditems for the stackBefore you create a stack from a template, you must ensure that all dependent resources that the templaterequires are available. A template can use or refer to both existing AWS resources and resources declaredin the template itself. AWS CloudFormation takes care of checking references to resources in the templateand also checks references to existing resources to ensure that they exist in the region where you arecreating the stack. If your template refers to a dependent resource that does not exist, stack creation willfail.The example WordPress template contains an input parameter, KeyName, that specifies the key pairused for the EC2 instance that is declared in the template. The template depends on the user who createsa stack from the template to supply a valid key pair for the KeyName parameter. If you supply a valid keypair name, the stack will be created. If you don't supply a valid key pair name, the stack will be rolledback.Make sure you have a valid EC2 key pair, and make note of the Key Pair Name, before you create thestack.To see your key pairs, open the Amazon EC2 console, then click Key Pairs in the navigation pane.NoteIf you don't have an EC2 key pair to use, you must create the key pair in the same region whereyou are creating the stack. For information about creating a key pair, see Getting an SSH KeyPair in the Amazon Elastic Compute Cloud User Guide.Now that you have a valid key pair, let's use the WordPress template to create a stack.API Version 2010-05-1516AWS CloudFormation User GuideStep 3: Make sure you have prepared any required itemsfor the stackStep 4: Create the stackYou will create your stack based on the WordPress-1.0.0 file discussed earlier. The template containsseveral AWS resources including an Amazon Relational Database Service DB Instance and a web server.To create the WordPress stack1. Sign in to the AWS Management Console and open the AWS CloudFormation console athttps://console.aws.amazon.com/cloudformation/.2. If this is a new AWS CloudFormation account, click Create New Stack. Otherwise, click CreateStack.3. In the Stack Name box, type a stack name. For this example, use MyWPTestStack. The stack namemust not contain spaces.4. Select Provide an S3 URL to template. In the box below, type or paste the URL for the sampleWordPress template, and then click Continue:https://s3.amazonaws.com/cloudformation-templates-us-east-1/WordPress_Single_Instance_With_RDS.templateNoteAWS CloudFormation templates that are stored in an Amazon S3 bucket must be accessibleto the user who is creating the stack, and must exist in the same region as the stack beingcreated. Therefore, if the Amazon S3 bucket exists in the us-east-1 region, the stack mustalso be created in us-east-1.5. In the KeyName box, enter the name of a valid Amazon EC2 key pair in the same region you arecreating the stack.NoteOn the Specify Parameters page, you'll recognize the parameters from the Parametersobject of the template.6. Click Next Step.7. In this scenario, we won't add any tags. Click Next Step. Tags, which are key-value pairs, can helpyou identify your stacks. For more information, seeAdding Tags to Your AWS CloudFormationStack.8. Review the information for the stack. When you're satisfied with the settings, click Create.Your stack might take several minutes to createbut you probably don't want to just sit around waiting.If you're like us, you'll want to know how the stack creation is going.Step 5: Monitor the progress of stack creationAfter you complete the Create Stack wizard, AWS CloudFormation begins creating the resources specifiedin the template. Your new stack, MyWPTestStack, appears in the list at the top portion of theCloudFormation console. Its status should be CREATE_IN_PROGRESS. You can see detailed statusfor a stack by viewing its events.To view the events for the stack1. On the AWS CloudFormation console, select the stack MyWPTestStack in the list.2. In the pane below the list, click the Events tab.The console automatically refreshes the event list with the most recent events every 60 seconds.The Events tab displays each major step in the creation of the stack sorted by the time of each event,with latest events on top.API Version 2010-05-1517AWS CloudFormation User GuideStep 4: Create the stackThe first event (at the bottom of the event list) is the start of the stack creation process:MyWPTestStack AWS::CloudFormation::Stack CREATE_IN_PROGRESSNext are events that mark the beginning and completion of the creation of each resource. For example,creation of the DBSecurityGroup security group results in the following entries:2013-04-24 18:59 UTC-7 | PDT AWS::RDS::DBSecurityGroup ... CREATE_COMPLETE2013-04-24 18:54 UTC-7 | PDT AWS::RDS::DBSecurityGroup ... CREATE_IN_PROGRESSThe CREATE_IN_PROGRESS event is logged when AWS CloudFormation reports that it has begun tocreate the resource. The CREATE_COMPLETE event is logged when the resource is successfully created.When AWS CloudFormation has successfully created the stack, you will see the following event at thetop of the Events tab:MyWPTestStack AWS::CloudFormation::Stack CREATE_COMPLETEIf AWS CloudFormation cannot create a resource, it reports a CREATE_FAILED event and, by default,rolls back the stack. The Reason column displays the issue that caused the failure. For example, if youspecified an invalid DB password, you would see something like the following event for theAWS::RDS::DBInstance resource:2013-04-24 19:01 UTC-7 | AWS::RDS::DBInstance | ... CREATE_FAILED | The parameterMasterUserPassword is not a valid password because it is shorter than 8characters.Step 6: Use your stack resourcesWhen the stack MyWPTestStack has a status of CREATE_COMPLETE, AWS CloudFormation hasfinished creating the stack, and you can start using its resources.The sample WordPress stack creates a WordPress website. You can continue with the WordPress setupby running the WordPress installation script.To complete the WordPress installation1. On the Outputs tab, in the InstallURL row, click the link in the Value column.The InstallURL output value is the URL of the installation script for the WordPress website that youcreated with the stack.2. On the web page for the WordPress installation, follow the on-screen instructions to complete theWordPress installation. For more information about installing WordPress, seehttp://codex.wordpress.org/Installing_WordPress.API Version 2010-05-1518AWS CloudFormation User GuideStep 6: Use your stack resources3. Return to the AWS Management Console. On the Outputs tab, in the WebsiteURL row, in the Valuecolumn, click the link.If the web page for the WordPress blog that you created with this stack appears, you have successfullycreated a WordPress blog using a AWS CloudFormation template.Step 8: Clean UpYou have completed the AWS CloudFormation getting started tasks. To make sure you are not chargedfor any unwanted services, you can clean up by deleting the stack and its resources.To delete the stack and its resources1. On the AWS CloudFormation console, select the MyWPTestStack stack.2. Click Delete Stack.3. In the confirmation message that appears, click Yes, Delete.API Version 2010-05-1519AWS CloudFormation User GuideStep 8: Clean UpThe status for MyWPTestStack changes to DELETE_IN_PROGRESS. In the same way you monitoredthe creation of the stack, you can monitor its deletion using the Event tab. When AWS CloudFormationcompletes the deletion of the stack, it removes the stack from the list.Congratulations! You successfully picked a template, created a stack, viewed and used its resources,and deleted the stack and its resources. Not only that, you were able to set up a WordPress blog usinga AWS CloudFormation template. You can find other templates in the AWS CloudFormation SampleTemplate Library.Now it's time to learn more about templates so that you can easily modify existing templates or createyour own: Learn Template Basics (p. 20).Learn Template BasicsTopics What is an AWS CloudFormation Template? (p. 20) Resources: Hello Bucket! (p. 20) Resource Properties and Using Resources Together (p. 21) Receiving User Input Using Input Parameters (p. 25) Specifying Conditional Values Using Mappings (p. 26) Constructed Values and Output Values (p. 27) Next Steps (p. 29)In Get Started (p. 12), you learned how to use a template to create a stack. You took a brief walk throughthe resources declared in a template and saw how they map to resources in the stack. We also touchedon input parameters and how they enable you to pass in specific values when you create a stack from atemplate. In this section, we'll go deeper into resources and parameters. We'll also cover the othercomponents of templates so that you'll know how to use these components together to create templatesthat produce the AWS resources you want.What is an AWS CloudFormation Template?Before we go any further, we should cover the basics of what a template is. A template is a declarationof the AWS resources that make up a stack. The template is stored as a text file whose format complieswith the JavaScript Object Notation (JSON) standard. Because they are just text files, you can createand edit them in any text editor and manage them in your source control system with the rest of yoursource code. For more information about the JSON format, see http://www.json.org.In the template, you use a JSON structure AWS CloudFormation can interpret to declare the AWSresources you want to create and configure. In the JSON format, an object is declared as a name-valuepair or a pairing of a name with a set of child objects enclosed within braces. Multiple sibling objects areseparated by commas. An AWS CloudFormation template begins with an open brace and ends with aclose brace. Within those braces, you can declare six top level JSON objects:AWSTemplateFormatVersion (p. 4), Description (p. 4), Parameters (p. 5), Mappings (p. 6),Resources (p. 5), and Outputs (p. 5). The only required top-level object is the Resources object, whichmust declare at least one resource. Let's start with the most basic template containing only a Resourcesobject, which contains a single resource declaration.Resources: Hello Bucket!The Resources object contains a list of resource objects contained within braces. A resource declarationcontains the resource's attributes, which are themselves declared as child objects. A resource must haveAPI Version 2010-05-1520AWS CloudFormation User GuideLearn Template Basicsa Type attribute, which defines the kind of AWS resource you want to create. The Type attribute has aspecial format:AWS::ProductIdentifier::ResourceTypeFor example, the resource type for an Amazon S3 bucket is AWS::S3::Bucket (p. 410). For a full list ofresource types, see Template Reference (p. 226).Let's take a look at a very basic template. The following template declares a single resource of typeAWS::S3::Bucket: with the name HelloBucket.{"Resources" : {"HelloBucket" : {"Type" : "AWS::S3::Bucket"}}}The syntactic elements are quoted strings. If you use this template to create a stack, AWS CloudFormationwill create an Amazon S3 bucket. Creating a bucket is simple, because AWS CloudFormation can createa bucket with default settings. For other resources, such as an Auto Scaling group or EC2 instance, AWSCloudFormation requires more information. Resource declarations use a Properties attribute to specifythe information used to create a resource.Depending on the resource type, some properties are required, such as the ImageId property for anAWS::EC2::Instance (p. 281) resource, and others are optional. Some properties have default values,such as the AccessControl property of the AWS::S3::Bucket resource, so specifying a value for thoseproperties is optional. Other properties are not required but may add functionality that you want, such asthe WebsiteConfiguration property of the AWS::S3::Bucket resource. Specifying a value for such propertiesis entirely optional and based on your needs. In the example above, because the AWS::S3::Bucketresource has only optional properties and we didn't need any of the optional features, we could acceptthe defaults and omit the Properties attribute.To view the properties for each resource type, see the topics in Resource Property Types Reference (p. 426).Resource Properties and Using ResourcesTogetherUsually, a property for a resource is simply a string value. For example, the following template specifiesa canned ACL (PublicRead) for the AccessControl property of the bucket.{"Resources" : {"HelloBucket" : {"Type" : "AWS::S3::Bucket","Properties" : { "AccessControl" : "PublicRead" }}}}API Version 2010-05-1521AWS CloudFormation User GuideResource Properties and Using Resources TogetherSome resources can have multiple properties, and some properties can have one or more subproperties.For example, the AWS::S3::Bucket (p. 410) resource has two properties, AccessControl andWebsiteConfiguration. The WebsiteConfiguration property has two subproperties, IndexDocument andErrorDocument. The following template shows our original bucket resource with the additional properties.{"Resources" : {"HelloBucket" : {"Type" : "AWS::S3::Bucket","Properties" : { "AccessControl" : "PublicRead", "WebsiteConfiguration" : {"IndexDocument" : "index.html","ErrorDocument" : "error.html" } }}}}Note how the sibling propertiesAccessControl and WebsiteConfiguration, and IndexDocument andErrorDocumentare separated with commas. One of the most common syntax errors in a template is amissing comma between sibling property declarations and between resources.One of the greatest benefits of templates and AWS CloudFormation is the ability to create a set ofresources that work together to create an application or solution. The name used for a resource withinthe template is a logical name. When AWS CloudFormation creates the resource, it generates a physicalname that is based on the combination of the logical name, the stack name, and a unique ID.You're probably wondering how you set properties on one resource based on the name or property ofanother resource. For example, you can create a CloudFront distribution backed by an S3 bucket oranEC2 instance that uses EC2 security groups, and all of these resources can be created in the sametemplate. AWS CloudFormation has a number of intrinsic functions that you can use to refer to otherresources and their properties. You can use the Ref function (p. 513) to refer to an identifying property ofa resource. Frequently, this is the physical name of the resource; however, sometimes it can be anidentifier, such as the IP address for an AWS::EC2::EIP (p. 279) resource or an Amazon Resource Name(ARN) for an Amazon SNS topic. For a list of values returned by the Ref function, see Ref function (p. 513).The following template contains an AWS::EC2::Instance (p. 281) resource. The resource's SecurityGroupsproperty calls the Ref function to refer to the AWS::EC2::SecurityGroup resource InstanceSecurityGroup.{"Resources" : {"Ec2Instance" : {"Type" : "AWS::EC2::Instance","Properties" : {"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],"KeyName" : "mykey","ImageId" : ""}},"InstanceSecurityGroup" : {"Type" : "AWS::EC2::SecurityGroup","Properties" : {"GroupDescription" : "Enable SSH access via port 22","SecurityGroupIngress" : [ {"IpProtocol" : "tcp",API Version 2010-05-1522AWS CloudFormation User GuideResource Properties and Using Resources Together"FromPort" : "22","ToPort" : "22","CidrIp" : "0.0.0.0/0"} ]}}}}You probably noticed that the Ref function call is expressed like other JSON objects, as a name-valuepair separated by a colon and surrounded by braces. The function name is the name, and the inputparameter for the function is the value. You'll also notice that the function call is also surrounded bybrackets. In JSON, lists are surrounded by brackets. The SecurityGroups property is a list of securitygroups, and in this example we have only one item in the list. The following template has an additionalitem in the property list of the SecurityGroup.{"Resources" : {"Ec2Instance" : {"Type" : "AWS::EC2