aws-cloudformation-templates
aws-cloudformation-templates copied to clipboard
aws-cloudformation
Reference generated explode macro resources
This issue is a question on how to use the cloudformation count or explode macro. We are using the explode macro to generate multiple security groups and we want to apply those generated security groups to an EC2 instance in our cloudformation template. Is there a way to get a reference to the generated (or exploded) resources so that we can apply them as a dependency to another resource?
Here's an example:
AWSTemplateFormatVersion: "2010-09-09"
Transform: Explode
Mappings:
SecurityGroupMap:
Web:
Port: "80"
SSH:
Port: "22"
Resources:
MySecurityGroup:
ExplodeMap: SecurityGroupMap
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: "Instance security group"
SecurityGroupIngress:
- CidrIp: "0.0.0.0/0"
FromPort: "!Explode Port"
ToPort: "!Explode Port"
IpProtocol: tcp
MyEc2:
Type: AWS::EC2::Instance
Properties:
ImageId: "ami-00068cd7555f543d5"
InstanceType: "t3.nano"
SecurityGroups:
- <Reference to the generated MySecurityGroup Web Port resource name or ID>
- <Reference to the generated MySecurityGroup SSH Port resource name or ID>
If referencing the generated resource names is not possible then are there any alternatives to solving this use case?
Hi @zaro0508
The names of the Exploded resource are made by taking the name of the "template" resource (MySecurityGroup) and appending the keys from mapping entry (Web and SSH) so you will get MySecurityGroupWeb and MySecurityGroupSSH in your example template. You can use these as Refs.
AWSTemplateFormatVersion: "2010-09-09"
Transform: Explode
Mappings:
SecurityGroupMap:
Web:
Port: "80"
SSH:
Port: "22"
Resources:
MySecurityGroup:
ExplodeMap: SecurityGroupMap
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: "Instance security group"
SecurityGroupIngress:
- CidrIp: "0.0.0.0/0"
FromPort: "!Explode Port"
ToPort: "!Explode Port"
IpProtocol: tcp
MyEc2:
Type: AWS::EC2::Instance
Properties:
ImageId: "ami-00068cd7555f543d5"
InstanceType: "t3.nano"
SecurityGroups:
- Ref: MySecurityGroupWeb
- Ref: MySecurityGroupSSH
which Explodes to:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Transform": "Explode",
"Mappings": {
"SecurityGroupMap": {
"Web": {
"Port": "80"
},
"SSH": {
"Port": "22"
}
}
},
"Resources": {
"MySecurityGroupWeb": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Instance security group",
"SecurityGroupIngress": [
{
"CidrIp": "0.0.0.0/0",
"FromPort": "80",
"ToPort": "80",
"IpProtocol": "tcp"
}
]
}
},
"MySecurityGroupSSH": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Instance security group",
"SecurityGroupIngress": [
{
"CidrIp": "0.0.0.0/0",
"FromPort": "22",
"ToPort": "22",
"IpProtocol": "tcp"
}
]
}
},
"MyEc2": {
"Type": "AWS::EC2::Instance",
"Properties": {
"ImageId": "ami-00068cd7555f543d5",
"InstanceType": "t3.nano",
"SecurityGroups": [
{
"Ref": "MySecurityGroupWeb"
},
{
"Ref": "MySecurityGroupSSH"
}
]
}
}
}
}
You can also force the Explode macro to use a name of your choice by including ResourceName inside each map:
Mappings:
SecurityGroupMap:
Web:
Port: "80"
ResourceName: SG1
SSH:
Port: "22"
ResourceName: SG2
which would give:
"SG1": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Instance security group",
"SecurityGroupIngress": [
{
"CidrIp": "0.0.0.0/0",
"FromPort": "80",
"ToPort": "80",
"IpProtocol": "tcp"
}
]
}
},
"SG2": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Instance security group",
"SecurityGroupIngress": [
{
"CidrIp": "0.0.0.0/0",
"FromPort": "22",
"ToPort": "22",
"IpProtocol": "tcp"
}
]
}
},
so you could use those names in the Refs instead. Hope that helps!
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}