Attini setup

For the Attini framework to function you need to deploy the framework in your AWS Regions, this is done by creating a CloudFormation stack called attini-setup.

The underlying infrastructure for the Attini framework is essentially free if its not used so you can onboard AWS Accounts and Regions without being concerned about cost.


Using the CLI

  1. Install the CLI

  2. Now run the CLI command attini setup

  3. Optional: Update the attini-setup CloudFormation stack in you AWS console with your required configuration.

Using the AWS console

  1. Create a CloudFormation stack using the template: https://attini-artifacts-{Region}.s3.{Region} Replace {Region} with your current region.

  2. The CloudFormation stack have to be named attini-setup

  3. Optional: Change the default configuration.



If you are unsure of the configuration you need, you can always update this later by updating the attini-setup stack.


The CloudFormation stack role used for init deploy. The default will always work and are therefore easy to use but it breaks the principle of least privilege.

Default: AttiniDefaultRole


If you do not configure this parameter, the init stacks will not get a stack role at all. Instead the init stack will be created with the origin deploy lambda permission, which in this scenario will be AdministratorAccess therefore breaking the principle of least privilege.

If you do configure this parameter the Init Deploy Stack will get this as its CloudFormation Stack role.

For highly secure environments we recommend you to create a CloudFormation service role for the init deploy so that you can control what is being deployed.


Should Attini give the Attini Deployment Plan AdministratorAccess?

If this parameter is false each AttiniCfn step in the deployment plan will need to have either StackRoleArn or ExecutionRoleArn configured.


If you make this true, the CloudFormation stacks deployed by the deployment plan will not get a stack role, instead we will deploy the CloudFormation stacks using AdministratorAccess. This will always work but it breaks the principle of least privilege.

For highly secured environments we recommend you to set this parameter to false.


The Attini framework can auto configure certain CloudFormation parameters. If you want the Attini framework to automatically configure a CloudFormation parameter called ex “env”, “Environment” or “EnvironmentName” instead of “AttiniEnvironmentName”, you can change that here.

Default: AttiniEnvironmentName


Log level for all Attini lambdas, INFO is recommend. A higher LogLevel (ex WARN) will save CloudWatch cost. A lower LogLevel (ex DEBUG) might help to trouble shoot but will incur extra CloudWatch cost.

Default: INFO


If you require the Attini lambda functions to be executed in any specific VPC, please fill it here. This also requires SubnetsIds to be configured.


If you require the Attini lambda functions to be executed in any specific subnets, please fill it here. This also requires VpcId to be configured.


Should Attini framework auto update? If yes, enter a cron or rate expressions for when it should be done. If you don’t want in to auto update, leave this field empty. More info about cron or rate expressions


(Optional) This email is only used to send operational information when needed, no marketing information will be sent here.

Deleting/Clean up the Attini framework


All deployment history and Attini features will be lost if you do this.

If you no longer want to use the Attini framework you can delete it from you AWS region using these steps:

  1. Empty the s3 bucket attini-deployment-origin-${Region}-${AccountId}

  2. Empty the s3 bucket attini-artifact-store-${Region}-${AccountId}

  3. Delete the CloudFormation stack attini-setup

If you change your mind about using Attini, the framework can easily be installed again.