AWS CloudFormation (ResourceTypes)

Resource Types

• AWS concepts
  • AutoScaling (AutoScalingGroup, LaunchConfiguration, Lifecycle Hook, Scaling Policy, Schedule Policy)
  • CloudFront (Distribution)
  • CloudTrail (Trail)
  • ...

Custom Resource

• Extensibility point for CF
• ServiceToken
  • ARN target where CF sends notifications 
    
    • SNS Topic
    • Lambda Function
      • e.g. look-up AMI-ids
  • Same region as stack
  • Custom Resource Provider tells you what it is (i.e. "how you can call me")
• Custom Resource Request Object
  • Request Type (Create/Update/Delete)
  • Response Url 
    • pre-signed S3 url
    • where to send responses (callback mechanism)
  • LogicalResourceId 
  • ResourceProperties
  • OldResourceProperties - used for updates
  • ResourceType:  AWS::CloudFormation::CustomResource or Custom::String
• Custom Resource Response Object
  • CF waits for it before it can continue (callback)
  • Status: SUCCESS or FAILED 
  • Reason
  • Data (key-value pairs)
    • Can be accessed with Fn::GetAtt
  • LogicalResourceId (copied verbatim)
• Actors
  
  • Template Developer
  • Custom Resource Provider
    • Specifies ServiceToken and input data
    • Owns custom resource and decides how to respond to CF actions
    • Decides ResourceType
    • Meaning of LogicalResourceId and PhysicalResourceId
  • CloudFormation
    • Sends a request to ServiceToken and awaits the response on pre-signed S3 url (callback)
    • Use cases
      • Handling resources not supported natively by CF 
      • Bridge
        • Protocol converter
          • e.g. Lambda-backed custom resources
      • Other Lambda use cases
        • Look-up AMI-ids, VPC-ids, cross stack references

CloudFormation::WaitCondition

• Coordinate resource creation with external events
  • Generalized CreationPolicy
  • Do not use WaitCondition if CreatePolicy available for resource type
• Track status of a configuration process
• Created just like any other resource
  • CREATE_IN_PROGRESS (waits for signals)
    • ->CREATE_COMPLETE 
    • ->CREATE_FAILED (rollback stack)
• Use DependsOn attribute
  • e.g. WaitCondition DependsOn Instance = wait after Instance created
• Signaling
  • Pre-signed S3 url
•  Properties
  • Count (default 1)
  • Timeout (minimum bound)
  • Handle
    • reference to the CloudFormation::WaitConditionHandle
    • must be specified
• Can associate CreatePolicy
  • No need to associate WaitConditionHandle or any other properties

CloudFormation::WaitConditionHandle

• Required for WaitCondition to work
• No parameters
• AWS creates unique pre-signed S3 url for it

  • "UserData" : {
       "Fn::Base64" : {
           "Fn::Join" : [ "", ["SignalURL=", { "Ref" : "myWaitHandle" } ] ]
       }
    }

• Signal
  
  • Send HTTP PUT request to pre-signed url
    • Content-Type empty
    • E.g. use "curl"
  • JSON format
    • Status: SUCCESS or FAILURE
    • UniqueId: unique identfier (especially when Count > 1)
    • Data: any information send back with the signal
      • E.g. {"Signal1":"Application has completed configuration."}
    • Reason: any string

CloudFormation::Stack

• Used to nest other stack (template)
• Has separate StackId
• Output values may be retrieved from top-level stack (Fn::GetAtt)
• When top-level is updated, nested stack is also updated
  • only modified resources are updated
• Security
  • Must have "CancelUpdateStack permission" in case of rollback
• Parameters
  • NotificationARNs (SNS stack events)
  • Parameters 
  • TemplateUrl (s3 path)
  • TimeoutInMinutes (default = None)