--- AWSTemplateFormatVersion: "2010-09-09" Parameters: ProjectS3Root: Type: String SSMMasterDBUsernameKeyFullName: Type: String SSMMasterDBPasswordKeyFullName: Type: String SSMLambdaARN: Type: String SSMModifiedAt: Type: String SSMLookup: Type: String Default: true PGMasterUser: Type: String Default: NONE PGMasterPassword: Type: String Default: NONE Conditions: UseSSM: !Equals [ !Ref SSMLookup, true ] Resources: myElasticSearch: Type: AWS::Elasticsearch::Domain Properties: {} RDSCredentials: Condition: UseSSM Type: AWS::CloudFormation::CustomResource Version: 1.0 Properties: ServiceToken: !Ref SSMLambdaARN SSMKeyList: !Sub ${SSMMasterDBUsernameKeyFullName},${SSMMasterDBPasswordKeyFullName} SSMModifiedAt: !Ref SSMModifiedAt ############################## Setup Backends ############################## Postgres: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Join [ "/", [ !Ref ProjectS3Root, "templates/backends/rds.yaml" ] ] Parameters: EnvironmentName: !Ref AWS::StackName # Shouldn't raise an error when using a Ref for the attribute RdsMasterUsername: !If [ UseSSM, "Fn::GetAtt": [ RDSCredentials, !Ref SSMMasterDBUsernameKeyFullName ], !Ref PGMasterUser ] RdsMasterPassword: !If [ UseSSM, "Fn::GetAtt": [ RDSCredentials, !Ref SSMMasterDBPasswordKeyFullName ], !Ref PGMasterPassword ] myCluster: Type: "AWS::Redshift::Cluster" Properties: DBName: "mydb" MasterUsername: "master" MasterUserPassword: Ref: "PGMasterPassword" NodeType: "ds2.xlarge" ClusterType: "single-node" Tags: - Key: foo Value: bar MyStack: Type: AWS::CloudFormation::Stack Properties: ProductName: example ProvisioningArtifactName: v1 Outputs: ElasticSearchHostname: Value: Fn::GetAtt: myElasticSearch.DomainEndpoint RedshiftClusterEndpointAddress: Description: Endpoint address for Redshift cluster. Value: Fn::GetAtt: myCluster.Endpoint.Address OutputValue: Value: !GetAtt MyStack.Outputs.Example