How to?

How to pass output from a CloudFormation stack

In this example we will create a security group in one CloudFormation stack, output its Id and use it for a parameter in an RDS CloudFormation stack.

If you want to use the output from one CloudFormation stack as a parameter to another CloudFormation stack the code could look something like this:

security-group-cfn-template.yaml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
AWSTemplateFormatVersion: "2010-09-09"

Resources:
  SecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Example SecurityGroup

Outputs:
  GroupId:
    Value: !GetAtt SecurityGroup.GroupId

Line 10: The output name is what will be used to reference the parameter in the deployment plan.

deployment-plan.yaml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
AWSTemplateFormatVersion: "2010-09-09"
Transform:
  - AttiniDeploymentPlan
  - AWS::Serverless-2016-10-31

Parameters:
  AttiniEnvironmentName:
    Type: String

Resources:
  ExampleDeploymentPlan:
    Type: Attini::Deploy::DeploymentPlan
    Properties:
      DeploymentPlan:
        StartAt: SecurityGroup
        States:

          SecurityGroup:
            Type: AttiniCfn
            Properties:
              Template: /security-group-cfn-template.yaml
              StackName: !Sub ${AttiniEnvironmentName}-security-group
            Next: Rds

          Rds:
            Type: AttiniCfn
            Properties:
              Template: /rds-cfn-template.yaml
              StackName: !Sub ${AttiniEnvironmentName}-rds
              Parameters:
                SecurityGroup.$: $.output.SecurityGroup.GroupId
            End: True

Line 31: We use the Deployment Plan payload to get the output. We can combine CloudFormation functions like “Fn::Sub” and the Amazon States Language for configuration. CloudFormation functions will resolve when the deployment plan is created, and Amazon States Language will resolve at runtime.

rds-cfn-template.yaml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
AWSTemplateFormatVersion: "2010-09-09"

Parameters:
  SecurityGroup:
    Type: String

Resources:
  Type: AWS::RDS::DBInstance
  Properties:
    DBInstanceClass: db.m4.large
    DBSecurityGroups:
      - !Ref SecurityGroup

How to pass output from a CloudFormation stack in a different region or AWS Account

If you use the ExecutionRoleArn or the Region configuration option to deploy a CloudFormation stack in a different AWS account or region the outputs will appear under the “cfnGlobalOutput” section in the Deployment Plan payload.

This example assumes that there is a template called acm_certificate.yaml in your distribution with an output called CertificateArn and one template called cloud-front.yaml with a parameter called CertificateArn.

deployment-plan.yaml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
AWSTemplateFormatVersion: "2010-09-09"
Transform:
  - AttiniDeploymentPlan
  - AWS::Serverless-2016-10-31

Parameters:
  AttiniEnvironmentName:
    Type: String

Resources:
  ExampleDeploymentPlan:
    Type: Attini::Deploy::DeploymentPlan
    Properties:
      DeploymentPlan:
        StartAt: Certificate
        States:

          Certificate:
            Type: AttiniCfn
            Properties:
              Template: /acm-certificate.yaml
              StackName: !Sub ${AttiniEnvironmentName}-certificate
              Region: us-west-1
            Next: CloudFront

          CloudFront:
            Type: AttiniCfn
            Properties:
              Template: /cloud-front.yaml
              StackName: !Sub ${AttiniEnvironmentName}-cloud-front
              Parameters:
                CertificateArn.$: !Sub $.cfnGlobalOutput.${AWS::Account}.us-west-1.${AttiniEnvironmentName}-certificate.CertificateArn
            End: True

Line 23: Note that we set a different regions for the CloudFormation stack.

Line 32: Note how to reference the cfnGlobalOutput namespace that contains the AWS account and region.

Find more information about cross account deployments here.

What more examples?

If you have feedback or want to request more code examples please send an email to support@attini.io.