Kategoriak: All - code - functions - resource

arabera christophe Mias 11 months ago

51

Fonctions Intrinsèques AWS (Intrinsic Fn)

AWS intrinsic functions, such as Fn::Join, are integral in creating and managing resources within CloudFormation templates. The Fn::Join function specifically allows for the concatenation of multiple values into a single string, which is useful for constructing resource names, policy documents, and other configuration elements.

Fonctions Intrinsèques AWS (Intrinsic Fn)

Fonctions Intrinsèques AWS (Intrinsic Fn)

some common ones, see AWS links for complete list

CheatSheet

Doc Officielle

!FindInMap

La fonction intrinsèque Fn::FindInMap renvoie la valeur correspondant aux clés dans un mappage à deux niveaux déclaré dans la section Mappings.


!Split & !Select

Fn::Split

{ "Fn::Split" : [ "delimiter", "source string" ] }

{
   "Fn::Split":[
      ":",
      {
         "Fn::GetAtt":[
            "OpenSearchDeliveryStreamLogGroup",
            "Arn"
         ]
      }
   ]
}

This function will split an input string by a defined delimiter. It is usually used together with Fn::Select and I have never used it standalone.


Fn::Select

{ "Fn::Select" : [ index, listOfObjects ] }

{
   "Fn::Select":[
      "6",
      {
         "Fn::Split":[
            ":",
            {
               "Fn::GetAtt":[
                  "OpenSearchDeliveryStreamLogGroup",
                  "Arn"
               ]
            }
         ]
      }
   ]
}

This function is returning a part of a string from a list of objects. It always starts with the index 0.

I often use it together with the Parameters attribute if I need to split an ARN and only return a certain part. In this example, it only returns the name of the log group of a provided CloudWatch LogGroup ARN.


!Ref

!Sub

Eq. to Substitute:


Fn::Sub

{ "Fn::Sub" : [ String, { Var1Name: Var1Value, Var2Name: Var2Value } ] }

{
   "Fn::Sub":"arn:aws:logs:${AWS::Region}:${AWS::AccountId}:*"
}

This function replaces parts of your input string with variables. The following predefined parameters are supported:

I usually use it to construct an ARN.

!Join

Fn::Join

{ "Fn::Join" : [ "delimiter", [ comma-delimited list of values ] ] }

{
   "Fn::Join":[
      "",
      [
         {
            "Fn::GetAtt":[
               "LogBackupS3Bucket",
               "Arn"
            ]
         },
         "/*"
      ]
   ]
}

This function appends several values to a single one. This is handy if you need to create resources for policies for example. We can use it together with other functions too.

ex: TemplateURL: !Join ["/", [!Ref S3BucketUrl, 'EU-WEST-1/05-APIGatewayNoPrivateLink.yaml']]

Fn::Join with lambda source code

{
   "Type":"AWS::Lambda::Function",
   "Properties":{
      "FunctionName":"CloudWatchTransformFunction",
      "Handler":"index.lambda_handler",
      "Code":{
         "ZipFile":{
            "Fn::Join":[
               "",
               [
                  "import boto3\n",
                  "import json\n",
                  "import re\n",
                  "s3Client = boto3.client('s3')\n",
                  "s3Resource = boto3.resource('s3')\n",
                  "def lambda_handler(event, context):\n",
                  "    for event in event['Records']:\n",
                  "        bucketName = event['s3']['bucket']['name']\n",
                  "        objectName = event['s3']['object']['key']\n",
                  "        fileName = event['s3']['object']['key'].split('/')[-1]\n",
               ]
            ]
         }
      },
      "Runtime":"python3.8",
      ...
}

One special use case for this function is to add source code to a lambda function. It is better readable than a single line of code.


!GetAtt

Fn::GetAtt

{ "Fn::GetAtt" : [ "logicalNameOfResource", "attributeName" ] }


{

  "Fn::GetAtt":[

   "OpenSearchDataStream",

   "Arn"

  ]

}


This function will get the ARN or other details from a created resource. Make sure the resource exists before you reference it. You can use the DependsOn attribute to ensure this.


ex (Yml): NetworkLoadBalancerTargetGroupArn: !GetAtt LoadBalancer.Outputs.NetworkLoadBalancerTargetGroupArn