AWSTemplateFormatVersion: '2010-09-09' Description: 'AWS CloudFormation Sample Template AutoScalingMultiAZWithNotifications: Create a multi-az, load balanced and Auto Scaled sample web site running on an Apache Web Serever. The application is configured to span all Availability Zones in the region and is Auto-Scaled based on the CPU utilization of the web servers. Notifications will be sent to the operator email address on scaling events. The instances are load balanced with a simple health check against the default web page. **WARNING** This template creates one or more Amazon EC2 instances and an Elastic Load Balancer. You will be billed for the AWS resources used if you create a stack from this template.' Mappings: AWSInstanceType2Arch: c1.medium: Arch: PV64 c1.xlarge: Arch: PV64 c3.2xlarge: Arch: HVM64 c3.4xlarge: Arch: HVM64 c3.8xlarge: Arch: HVM64 c3.large: Arch: HVM64 c3.xlarge: Arch: HVM64 c4.2xlarge: Arch: HVM64 c4.4xlarge: Arch: HVM64 c4.8xlarge: Arch: HVM64 c4.large: Arch: HVM64 c4.xlarge: Arch: HVM64 cc2.8xlarge: Arch: HVM64 cr1.8xlarge: Arch: HVM64 d2.2xlarge: Arch: HVM64 d2.4xlarge: Arch: HVM64 d2.8xlarge: Arch: HVM64 d2.xlarge: Arch: HVM64 g2.2xlarge: Arch: HVMG2 g2.8xlarge: Arch: HVMG2 hi1.4xlarge: Arch: HVM64 hs1.8xlarge: Arch: HVM64 i2.2xlarge: Arch: HVM64 i2.4xlarge: Arch: HVM64 i2.8xlarge: Arch: HVM64 i2.xlarge: Arch: HVM64 m1.large: Arch: PV64 m1.medium: Arch: PV64 m1.small: Arch: PV64 m1.xlarge: Arch: PV64 m2.2xlarge: Arch: PV64 m2.4xlarge: Arch: PV64 m2.xlarge: Arch: PV64 m3.2xlarge: Arch: HVM64 m3.large: Arch: HVM64 m3.medium: Arch: HVM64 m3.xlarge: Arch: HVM64 m4.10xlarge: Arch: HVM64 m4.2xlarge: Arch: HVM64 m4.4xlarge: Arch: HVM64 m4.large: Arch: HVM64 m4.xlarge: Arch: HVM64 r3.2xlarge: Arch: HVM64 r3.4xlarge: Arch: HVM64 r3.8xlarge: Arch: HVM64 r3.large: Arch: HVM64 r3.xlarge: Arch: HVM64 t1.micro: Arch: PV64 t2.large: Arch: HVM64 t2.medium: Arch: HVM64 t2.micro: Arch: HVM64 t2.nano: Arch: HVM64 t2.small: Arch: HVM64 AWSRegionArch2AMI: ap-northeast-1: HVM64: ami-374db956 HVMG2: ami-4c78d52d PV64: ami-3e42b65f ap-northeast-2: HVM64: ami-2b408b45 HVMG2: NOT_SUPPORTED PV64: NOT_SUPPORTED ap-south-1: HVM64: ami-ffbdd790 HVMG2: ami-21a7d34e PV64: NOT_SUPPORTED ap-southeast-1: HVM64: ami-a59b49c6 HVMG2: ami-f3f95990 PV64: ami-df9e4cbc ap-southeast-2: HVM64: ami-dc361ebf HVMG2: ami-3a122e59 PV64: ami-63351d00 ca-central-1: HVM64: ami-730ebd17 HVMG2: NOT_SUPPORTED PV64: NOT_SUPPORTED cn-north-1: HVM64: ami-8e6aa0e3 HVMG2: NOT_SUPPORTED PV64: ami-77559f1a eu-central-1: HVM64: ami-ea26ce85 HVMG2: ami-d2ff04bd PV64: ami-6527cf0a eu-west-1: HVM64: ami-f9dd458a HVMG2: ami-e2f7bd91 PV64: ami-4cdd453f eu-west-2: HVM64: ami-886369ec HVMG2: NOT_SUPPORTED PV64: NOT_SUPPORTED sa-east-1: HVM64: ami-6dd04501 HVMG2: NOT_SUPPORTED PV64: ami-1ad34676 us-east-1: HVM64: ami-6869aa05 HVMG2: ami-a41a3fb3 PV64: ami-2a69aa47 us-east-2: HVM64: ami-f6035893 HVMG2: NOT_SUPPORTED PV64: NOT_SUPPORTED us-west-1: HVM64: ami-31490d51 HVMG2: ami-00347e60 PV64: ami-a2490dc2 us-west-2: HVM64: ami-7172b611 HVMG2: ami-caf253aa PV64: ami-7f77b31f Region2Examples: ap-northeast-1: Examples: https://s3-ap-northeast-1.amazonaws.com/cloudformation-examples-ap-northeast-1 ap-northeast-2: Examples: https://s3-ap-northeast-2.amazonaws.com/cloudformation-examples-ap-northeast-2 ap-south-1: Examples: https://s3-ap-south-1.amazonaws.com/cloudformation-examples-ap-south-1 ap-southeast-1: Examples: https://s3-ap-southeast-1.amazonaws.com/cloudformation-examples-ap-southeast-1 ap-southeast-2: Examples: https://s3-ap-southeast-2.amazonaws.com/cloudformation-examples-ap-southeast-2 ca-central-1: Examples: https://s3-ca-central-1.amazonaws.com/cloudformation-examples-ca-central-1 cn-north-1: Examples: https://s3.cn-north-1.amazonaws.com.cn/cloudformation-examples-cn-north-1 eu-central-1: Examples: https://s3-eu-central-1.amazonaws.com/cloudformation-examples-eu-central-1 eu-west-1: Examples: https://s3-eu-west-1.amazonaws.com/cloudformation-examples-eu-west-1 eu-west-2: Examples: https://s3-eu-west-2.amazonaws.com/cloudformation-examples-eu-west-2 sa-east-1: Examples: https://s3-sa-east-1.amazonaws.com/cloudformation-examples-sa-east-1 us-east-1: Examples: https://s3.amazonaws.com/cloudformation-examples-us-east-1 us-east-2: Examples: https://s3-us-east-2.amazonaws.com/cloudformation-examples-us-east-2 us-west-1: Examples: https://s3-us-west-1.amazonaws.com/cloudformation-examples-us-west-1 us-west-2: Examples: https://s3-us-west-2.amazonaws.com/cloudformation-examples-us-west-2 runtime: us-east-1: production: - CidrIp: 0.0.0.0/0 IpProtocol: tcp ToPort: 80 FromPort: 80 Outputs: URL: Description: The URL of the website Value: Fn::Join: - '' - - http:// - Fn::GetAtt: - ElasticLoadBalancer - DNSName Parameters: azList: Type: "AWS::SSM::Parameter::Value>" Description: "The list of AZs from Parameter Store" Default: '/regionSettings/azList' InstanceType: AllowedValues: - t1.micro - t2.nano - t2.micro - t2.small - t2.medium - t2.large - m1.small - m1.medium - m1.large - m1.xlarge - m2.xlarge - m2.2xlarge - m2.4xlarge - m3.medium - m3.large - m3.xlarge - m3.2xlarge - m4.large - m4.xlarge - m4.2xlarge - m4.4xlarge - m4.10xlarge - c1.medium - c1.xlarge - c3.large - c3.xlarge - c3.2xlarge - c3.4xlarge - c3.8xlarge - c4.large - c4.xlarge - c4.2xlarge - c4.4xlarge - c4.8xlarge - g2.2xlarge - g2.8xlarge - r3.large - r3.xlarge - r3.2xlarge - r3.4xlarge - r3.8xlarge - i2.xlarge - i2.2xlarge - i2.4xlarge - i2.8xlarge - d2.xlarge - d2.2xlarge - d2.4xlarge - d2.8xlarge - hi1.4xlarge - hs1.8xlarge - cr1.8xlarge - cc2.8xlarge - cg1.4xlarge ConstraintDescription: must be a valid EC2 instance type. Default: t2.small Description: WebServer EC2 instance type Type: String KeyName: ConstraintDescription: must be the name of an existing EC2 KeyPair. Description: The EC2 Key Pair to allow SSH access to the instances Type: AWS::EC2::KeyPair::KeyName OperatorEMail: AllowedPattern: ([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?) ConstraintDescription: must be a valid email address. Description: EMail address to notify if there are any scaling operations Type: String SSHLocation: AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. Default: 0.0.0.0/0 Description: The IP address range that can be used to SSH to the EC2 instances MaxLength: '18' MinLength: '9' Type: String ParamInstanceSecurityGroup: Type: List Aliases: Type: "CommaDelimitedList" Default: "foo.com, bar.com" Conditions: S3ReplicationEnabled: !Equals [!Ref 'AWS::Region', 'us-east'] HasSingleClusterInstance: !Equals [!Ref 'AWS::Region', 'us-east-1'] Conditions: ConditionTrue: Fn::Equals: - "" - "" Resources: CPUAlarmHigh: Properties: AlarmActions: - Ref: WebServerScaleUpPolicy AlarmDescription: Scale-up if CPU > 90% for 10 minutes ComparisonOperator: GreaterThanThreshold Dimensions: - Name: AutoScalingGroupName Value: Ref: WebServerGroup EvaluationPeriods: 2 MetricName: CPUUtilization Namespace: AWS/EC2 Period: 300 Statistic: Average Threshold: 90 Type: AWS::CloudWatch::Alarm CPUAlarmLow: Properties: AlarmActions: - Ref: WebServerScaleDownPolicy AlarmDescription: Scale-down if CPU < 70% for 10 minutes ComparisonOperator: LessThanThreshold Dimensions: - Name: AutoScalingGroupName Value: Ref: WebServerGroup EvaluationPeriods: 2 MetricName: CPUUtilization Namespace: AWS/EC2 Period: 300 Statistic: Average Threshold: 70 Type: AWS::CloudWatch::Alarm ElasticLoadBalancer: Properties: AvailabilityZones: Fn::GetAZs: '' CrossZone: True HealthCheck: HealthyThreshold: '3' Interval: '30' Target: HTTP:80/ Timeout: '5' UnhealthyThreshold: '5' Listeners: - InstancePort: '80' LoadBalancerPort: '80' Protocol: HTTP Type: AWS::ElasticLoadBalancing::LoadBalancer InstanceSecurityGroup: Properties: GroupDescription: Enable SSH access and HTTP from the load balancer only SecurityGroupIngress: - CidrIp: Ref: SSHLocation FromPort: 22 IpProtocol: tcp ToPort: 22 - FromPort: 80 IpProtocol: tcp SourceSecurityGroupName: Fn::GetAtt: - ElasticLoadBalancer - SourceSecurityGroup.GroupName SourceSecurityGroupOwnerId: Fn::GetAtt: - ElasticLoadBalancer - SourceSecurityGroup.OwnerAlias ToPort: 80 Type: AWS::EC2::SecurityGroup LaunchConfig: Metadata: AWS::CloudFormation::Init: config: files: /etc/cfn/cfn-hup.conf: content: Fn::Join: - '' - - '[main] ' - stack= - Ref: AWS::StackId - ' ' - region= - Ref: AWS::Region - ' ' group: root mode: '000400' owner: root /etc/cfn/hooks.d/cfn-auto-reloader.conf: content: Fn::Join: - '' - - '[cfn-auto-reloader-hook] ' - 'triggers=post.update ' - 'path=Resources.LaunchConfig.Metadata.AWS::CloudFormation::Init ' - 'action=/opt/aws/bin/cfn-init -v ' - ' --stack ' - Ref: AWS::StackName - ' --resource LaunchConfig ' - ' --region ' - Ref: AWS::Region - ' ' - 'runas=root ' /var/www/html/index.html: content: Fn::Join: - ' ' - - AWS CloudFormation Logo -

Congratulations, you have successfully launched the AWS CloudFormation sample.

group: root mode: '000644' owner: root packages: yum: httpd: [] services: sysvinit: cfn-hup: enabled: 'true' ensureRunning: 'true' files: - /etc/cfn/cfn-hup.conf - /etc/cfn/hooks.d/cfn-auto-reloader.conf httpd: enabled: 'true' ensureRunning: 'true' Comment: Install a simple application Properties: ImageId: Fn::FindInMap: - AWSRegionArch2AMI - Ref: AWS::Region - Fn::FindInMap: - AWSInstanceType2Arch - Ref: InstanceType - Arch InstanceType: Ref: InstanceType KeyName: Ref: KeyName SecurityGroups: !Ref ParamInstanceSecurityGroup UserData: Fn::Base64: Fn::Join: - '' - - '#!/bin/bash -xe ' - 'yum update -y aws-cfn-bootstrap ' - '/opt/aws/bin/cfn-init -v ' - ' --stack ' - Ref: AWS::StackName - ' --resource LaunchConfig ' - ' --region ' - Ref: AWS::Region - ' ' - '/opt/aws/bin/cfn-signal -e $? ' - ' --stack ' - Ref: AWS::StackName - ' --resource WebServerGroup ' - ' --region ' - Ref: AWS::Region - ' ' Type: AWS::AutoScaling::LaunchConfiguration NotificationTopic: Properties: Subscription: - Endpoint: Ref: OperatorEMail Protocol: email Type: AWS::SNS::Topic WebServerGroup: CreationPolicy: ResourceSignal: Count: '1' Timeout: PT15M Properties: AvailabilityZones: Fn::GetAZs: '' LaunchConfigurationName: Ref: LaunchConfig LoadBalancerNames: - Ref: ElasticLoadBalancer MaxSize: '3' MinSize: '1' NotificationConfigurations: - NotificationTypes: - autoscaling:EC2_INSTANCE_LAUNCH - autoscaling:EC2_INSTANCE_LAUNCH_ERROR - autoscaling:EC2_INSTANCE_TERMINATE - autoscaling:EC2_INSTANCE_TERMINATE_ERROR TopicARN: Ref: NotificationTopic Type: AWS::AutoScaling::AutoScalingGroup UpdatePolicy: AutoScalingRollingUpdate: MaxBatchSize: '1' MinInstancesInService: '1' PauseTime: PT15M WaitOnResourceSignals: 'true' WebServerScaleDownPolicy: Properties: AdjustmentType: ChangeInCapacity AutoScalingGroupName: Ref: WebServerGroup Cooldown: '60' ScalingAdjustment: -1 Type: AWS::AutoScaling::ScalingPolicy WebServerScaleUpPolicy: Properties: AdjustmentType: ChangeInCapacity AutoScalingGroupName: Ref: WebServerGroup Cooldown: '60' ScalingAdjustment: 1 Type: AWS::AutoScaling::ScalingPolicy RDSDBParameterGroup: Type: "AWS::RDS::DBParameterGroup" Properties: Description: "Transaction CloudFormation Aurora Parameter Group" Family: "aurora5.6" Parameters: sql_mode: "NO_AUTO_CREATE_USER" RDSDBParameterGroup1: Type: "AWS::RDS::DBParameterGroup" Properties: Description: "Transaction CloudFormation Aurora Parameter Group" Family: "aurora5.6" Parameters: sql_mode: "NO_AUTO_CREATE_USER" another_param: "ANOTHER_PARAMETER" ElasticsearchDomain: Type: 'AWS::Elasticsearch::Domain' Properties: VPCOptions: SubnetIds: !If [HasSingleClusterInstance, ['SubnetAPrivate'], ['SubnetAPrivate', 'SubnetBPrivate']] Table: Type: 'AWS::DynamoDB::Table' Properties: TableName: !If [HasTableName, !Ref TableName, !Ref 'AWS::NoValue'] AttributeDefinitions: !If - HasSortKey - - AttributeName: !Ref PartitionKeyName AttributeType: !Ref PartitionKeyType - AttributeName: !Ref SortKeyName AttributeType: !Ref SortKeyType - - AttributeName: !Ref PartitionKeyName AttributeType: !Ref PartitionKeyType KeySchema: !If - HasSortKey - - AttributeName: !Ref PartitionKeyName KeyType: HASH - AttributeName: !Ref SortKeyName KeyType: RANGE - !Ref AWS::NoValue CustomResource1: Type: 'AWS::CloudFormation::CustomResource' Properties: ServiceToken: arn StackName: StackName CustomResource2: Type: 'Custom::CustomResource' Properties: ServiceToken: arn StackName: StackName CustomResource3: Type: 'Custom::SpecifiedCustomResource' Properties: ServiceToken: arn RequiredString: present OptionalBoolean: true Distribution: Type: "AWS::CloudFront::Distribution" Properties: DistributionConfig: Aliases: !Ref Aliases Enabled: True cacheForumRedisV1: Type: AWS::ElastiCache::CacheCluster Properties: PreferredAvailabilityZones: !Ref azList CacheNodeType: String Engine: String NumCacheNodes: 1 ### Testing relationships for lists to Custom and Maps Custom: Type: AWS::CloudFormation::CustomResource Properties: ServiceToken: arn.example Helper: Type: 'AWS::Lambda::Function' Properties: Handler: 'helper.lambda_handler' Role: arn:aws:iam::123456789012:role/role-name-with-path Code: !GetAtt Custom.Code LB1: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: SecurityGroups: !GetAtt Custom.ExampleListOfStrings # LoadBalancerAttributes: {Type: List, ItemType: LoadBalancerAttribute} # should be allowed as the custom resource can return a list of objects LoadBalancerAttributes: !GetAtt Custom.ExampleListOfKeyValuePairs LB2: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: SecurityGroups: !GetAtt Custom.ExampleListOfStrings # LoadBalancerAttributes: {Type: List, ItemType: LoadBalancerAttribute} # Should be allowed because mappings can have a list of objects # This mapping isn't correct but validation of the actually mapping is more difficult LoadBalancerAttributes: !FindInMap [ AWSInstanceType2Arch, c1.medium, Arch ] # Don't fail when we have used a possible map lambdaMap1: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: test SecurityGroupIngress: - Fn::Select: - 0 - Fn::FindInMap: [ runtime, us-east-1, production ] # Don't fail when we use the entire list from a map lambdaMap2: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: test SecurityGroupIngress: Fn::FindInMap: [ runtime, us-east-1, production ] MyCustomEnvironmentVariables: Type: Custom::EnvironmentVariables Properties: ServiceToken: Fn::ImportValue: "MyServiceToken" String: "envvar1=1, envvar2=2" ### Test AWS::NotificationARNs Psuedo Parameter SubStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: https://example.com NotificationARNs: !Ref AWS::NotificationARNs ProjectBuild: Type: AWS::CodeBuild::Project Properties: Name: "My Project" Description: "My Description" Artifacts: Type: CODEPIPELINE ServiceRole: Fn::ImportValue: "ServiceRole" Environment: ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/python:3.7.1 Type: LINUX_CONTAINER EnvironmentVariables: Fn::If: - ConditionTrue - Fn::GetAtt: [MyCustomEnvironmentVariables, Variables] - Ref: AWS::NoValue Source: BuildSpec: buildspec.yaml Type: CODEPIPELINE CodeBuildProject: Type: AWS::CodeBuild::Project Properties: ServiceRole: Arn Artifacts: Type: CODEPIPELINE Environment: Type: LINUX_CONTAINER Image: String ComputeType: BUILD_GENERAL1_LARGE Source: Type: S3 Triggers: Webhook: true FilterGroups: - - Type: EVENT Pattern: PULL_REQUEST_CREATED,PULL_REQUEST_UPDATED,PULL_REQUEST_REOPENED - Type: BASE_REF Pattern: ^refs/heads/main$ ExcludeMatchedPattern: false CloudAvailS3Bucket: Type: AWS::S3::Bucket Properties: ReplicationConfiguration: !If - S3ReplicationEnabled - - Role: !GetAtt CloudAvailReplicationRole.Arn Rules: - Destination: Bucket: arn:aws:s3:::cloudavail.replication.bucket Status: Enabled - - !Ref "AWS::NoValue" SSMParameterJsonList: Type: AWS::SSM::Parameter Properties: Description: Human Readable Description Name: /path/of/param Tags: - {Key: ENVIRONMENT, Value: test} - {Key: RESOURCE_NAME, Value: broker_dns_addresses} - {Key: STACK_NAME, Value: example-service} Type: StringList Value: ValueOfParam