Skip to main content

AWS CloudFormation - Parameters

Greetings!

In my previous post, I talked about creating a EC2 instance using CloudFormation. However, it is not that reusable because values are hard coded. Better way to do that is by using Parameters.

Parameters is an optional section in the template that enable us to get user input custom values for our template.

Let's define a Parameter

Parameters section has following form.
Parameters:
  ParameterLogicalID:
    Type: DataType
    ParameterProperty: value
For an example we can get our security group description as an use input.
Parameters:
  EC2SecurityGroupDescription:
    Type: String
    Description: Allow SSH access to the EC2 instance.

How to Reference a Parameter

The Fn::Ref function can be leveraged to reference parameters. The shorthand for this in YAML is !Ref.
!Ref EC2SecurityGroupDescription

Parameter Type

Parameter types are String, Number, CommaDelimetedList, List, AWS specific parameter like "AWS::EC2::VPC::Id", List, SSM parameter

EC2 with Parameters

This is the complete example to create EC2 instance with a security group that take user inputs as custom values. It is very simple and self-explanatory.

When we upload this template, we will be presented with a page to input values.
AWSTemplateFormatVersion: 2010-09-09

Parameters:
  EC2InstanceType:
    Description: EC2 instance type.
    Type: String
    Default: t2.micro
    AllowedValues:
      - t1.micro
      - t2.nano
      - t2.micro
      - t2.small
    ConstraintDescription: Must be a valid EC2 instance type.

  EC2ImageId:
    Description: AMI
    Type: String
    Default: ami-0742b4e673072066f

  EC2KeyName:
    Description: Name of an existing EC2 KeyPair to enable SSH access to the instances.
    Type: AWS::EC2::KeyPair::KeyName
    Default: MyKeyPair
    ConstraintDescription: Must be the name of an existing EC2 KeyPair.

  EC2SecurityGroupDescription:
    Description: Allow SSH access to the EC2 instance.
    Type: String

  EC2SecurityGroupPort:
    Description: Number Parameter, with MinValue and MaxValue.
    Type: Number
    Default: 22
    MinValue: 8
    MaxValue: 65535

  EC2SecurityGroupIngressCIDR:
    Description: The IP address range that can be used to communicate to the EC2 instances.
    Type: String
    MinLength: 9
    MaxLength: 18
    Default: 0.0.0.0/0
    AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
    ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x.

  EC2VPC:
    Description: VPC to operate in.
    Type: AWS::EC2::VPC::Id

  EC2SubnetIDs:
    Description: Subnet Ids.
    Type: List<AWS::EC2::Subnet::Id>

Resources:
  MyEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: !Ref EC2InstanceType
      ImageId: !Ref EC2ImageId
      KeyName: !Ref EC2KeyName
      SecurityGroups:
      - !Ref MyInstanceSecurityGroup

  MyInstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: !Ref EC2SecurityGroupDescription
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: !Ref EC2SecurityGroupPort
          ToPort: !Ref EC2SecurityGroupPort
          CidrIp: !Ref EC2SecurityGroupIngressCIDR

References

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html

Comments