Ref Intrinsic Function and Resources in AWS CloudFormation
learn more about Resources and the Ref Intrinsic Function
Intrinsic Functions
It's important to understand Intrinsic Functions before we delve into the different sub-sections of an AWS CloudFormation template. Intrinsic functions are termed by AWS as 'built-in functions*that help you manage your stacks. Use intrinsic functions in your templates toassign values to propertiesthat are not available*until runtime*.*'
Intrinsic functions allow to perform actions such as:
Referencing resource attributes: Suppose you want to deploy an EC2 instance and attach an elastic IP address onto it, first, you will create an instance and an elastic IP address, then reference (using the Ref intrinsic function - denoted as !Ref) the instance to the elastic IP address
- !Ref intrinsic function
This intrinsic function returns the value of a specified resource. the Ref function is used to refer to resources you've defined elsewhere in your template. This is helpful when you have a resource that depends on another for it to created.
From the code snippet below, the elastic IP address (MyElasticIP) is attached to the instance (MyEC2Instance) by using the !Ref intrinsic function.
The Ref function is currently used in resource properties, conditions, outputs and metadata attributes
MyEC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-04e5276ebb8451442
InstanceType: t2.micro
Tags:
- Key: Name
Value: DevInstance
UserData:
Fn::Base64: |
#!/bin/bash -xe
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo '<html><h1>Hello From Your Web Server!</h1></html>' > /var/www/html/index.html
MyElasticIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref MyEC2Instance
We will cover other intrinsic functions as we proceed.
Resources
We'll now dissect the code snippet above since the instance and the elastic IP addresses are placed under Resources.
To begin with, a CloudFormation template includes six top-level sections:
Parameters
Mappings
Metadata
Conditions
Resources
Outputs
The Resources section contains the AWS Resources that you want in your stack. This could be Instances, security groups, elastic IPs, elastic load balancers etc.
From the previous blogpost, I talked about the Resource and Property Reference documentation that acts as a guidebook for users. It provides information such as the purpose of the resource, configuration options, resource dependencies and the overall syntax that should be followed.
AWSTemplateFormatVersion: 2010-09-09
Description: Creating an ec2 instance
Resources:
HTTpSShSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow HTTP and SSH traffic
GroupName: DemoSecurityGroup
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 80
ToPort: 80
CidrIp: 0.0.0.0/0
- IpProtocol: tcp
FromPort: 22
ToPort: 22
CidrIp: 0.0.0.0/0
MyEC2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-04e5276ebb8451442 #check the ami id from the console
InstanceType: t2.micro
Tags:
- Key: Name
Value: DevInstance
UserData:
Fn::Base64: |
#!/bin/bash -xe
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo '<html><h1>Hello From Your Restart Web Server!</h1></html>' > /var/www/html/index.html
SecurityGroups:
- !Ref HTTpSShSecurityGroup
MyElasticIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref MyEC2Instance
The Properties section represents the configurable attributes for the EC2 Instance I want to deploy and with the help of the resource and property reference, I am able to configure the required attributes.
This is the Resource and Property Reference guide for the EC2 instance. You get an error if you do not follow the correct syntax.
You are required to start with the line that specifies the Version of the AWS CloudFormation template format that you are using alongside the Description for your template detailing the purpose of the template
AWSTemplateFormatVersion: 2010-09-09
Description: Creating an ec2 instance and attaching an elastic IP to it
HTTpSShSecurityGroup
This is the logical name for the resource we want to create. It represents the security group we want to deploy and in its properties, we have attributes that contain configurations for the security group we intend to create (GroupDescription, GroupName, SecurityGroupIngress). Note that this configurations are located in the Resource and Property Reference guide.
This Resource called HTTpSShSecurityGroup defines a security group named "DemoSecurityGroup" (from the 'Properties' attribute called GroupName) that allows HTTP and SSH traffic. It specifies the ingress rules for the security group, allowing TCP traffic on ports 80 (HTTP) and 22 (SSH) from any IP address (0.0.0.0/0).
If you wish to add more security groups to the instance(assuming you have created an extra security group in your template), then you can define them as a list.
SecurityGroups: - !Ref HTTpSShSecurityGroup - !Ref MYSQLSecurityGroup
MyEC2Instance
This resource defines an EC2 instance called "DevInstance" (derived from the 'Properties' attribute called Tags) . It specifies the configuration you wish to place in the instance, including the Amazon Machine Image (AMI) ID, instance type (t2.micro), tags, user data (startup script), and references the newly created security group using !Ref HTTpSShSecurityGroup
MyEC2Instance: Type: AWS::EC2::Instance Properties: ImageId: ami-04e5276ebb8451442 InstanceType: t2.micro Tags: - Key: Name Value: DevInstance UserData: Fn::Base64: | #!/bin/bash -xe yum update -y yum install -y httpd systemctl start httpd systemctl enable httpd echo '<html><h1>Hello From Your Web Server!</h1></html>' > /var/www/html/index.html SecurityGroups: - !Ref HTTpSShSecurityGroup
MyElasticIP:
This resource defines an Elastic IP (EIP) resource. It associates the Elastic IP address with the EC2 instance you created earlier (referenced using !Ref MyEC2Instance.
Elastic IPs are static IP addresses that can be associated with EC2 instances to provide a static and persistent public IP address.
MyElasticIP: Type: AWS::EC2::EIP Properties: InstanceId: !Ref MyEC2Instance