https://www.udemy.com/aws-cloudformation-master-class/learn/v4/t/lecture/8151200?start=0
Section Menu
Parameters Overview
What are Parameters?
- Parameters are a way to provide inputs to your AWS CF template
- They are important to know about if:
- You want to reuse your templates across the company
- Some inputs cannot be determined ahead of time
- Instance Size
- Instance Name
- Parameters are extremely powerful, controlled and can prevent errors from happening in your templates thanks to types.
When should you use a parameter?
- Ask yourself this:
- Is my CF resource configuration likely to change in the future?
- YES!
- Is my CF resource configuration likely to change in the future?
- You won’t have to re-upload a template to change its content
- You only change the parameters
Theory & Hands On
https://www.udemy.com/aws-cloudformation-master-class/learn/v4/t/lecture/8161716?start=0
Parameters can be controlled by the following settings
- Type
- String
- Number
- CommaDelimitedList
- List<Type>
- Allows you to select multiple answers.
- AWS Parameter
- To help catch invalid values
- Match these against existing values in the AWS Account
- Description
- Constraints
- ContraintDescription (String)
- Min/MaxLength
- Min/MaxValue
- Defaults
- AllowedValues (array)
- AllowedPattern (regexp)
- No Echo (Boolean)
- Used with Passwords
Parameters:
SecurityGroupDescription:
Description: Security Group Description (Simple parameter)
Type: String
SecurityGroupPort:
Description: Simple Description of a Number Parameter, with MinValue and MaxValue
Type: Number
MinValue: 1150
MaxValue: 65535
InstanceType:
Description: WebServer EC2 instance type (has default, AllowedValues)
Type: String
Default: t2.small
AllowedValues:
- t1.micro
- t2.nano
- t2.micro
- t2.small
ConstraintDescription: must be a valid EC2 instance type.
DBPwd:
NoEcho: true
Description: The database admin account password (won't be echoed)
Type: String
KeyName:
Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. Linked to AWS Parameter
Type: AWS::EC2::KeyPair::KeyName
ConstraintDescription: must be the name of an existing EC2 KeyPair.
SecurityGroupIngressCIDR:
Description: The IP address range that can be used to communicate to the EC2 instances
Type: String
MinLength: '9'
MaxLength: '18'
Default: 0.0.0.0/0
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x.
MyVPC:
Description: VPC to operate in
Type: AWS::EC2::VPC::Id
MySubnetIDs:
Description: Subnet IDs that is a List of Subnet Id
Type: "List"
DbSubnetIpBlocks:
Description: "Comma-delimited list of three CIDR blocks"
Type: CommaDelimitedList
Default: "10.0.48.0/24, 10.0.112.0/24, 10.0.176.0/24"
Resources:
MyEC2Instance:
Type: "AWS::EC2::Instance"
Properties:
#we reference the InstanceType parameter
InstanceType: !Ref InstanceType
KeyName: !Ref KeyName
ImageId: "ami-a4c7edb2"
# here we reference an internal CloudFormation resource
SubnetId: !Ref DbSubnet1
MySecurityGroup:
Type: "AWS::EC2::SecurityGroup"
Properties:
GroupDescription: !Ref SecurityGroupDescription
SecurityGroupIngress:
- CidrIp: !Ref SecurityGroupIngressCIDR
FromPort: !Ref SecurityGroupPort
ToPort: !Ref SecurityGroupPort
IpProtocol: tcp
VpcId: !Ref MyVPC
DbSubnet1:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
# the select function allows us to select across a list
CidrBlock: !Select [0, !Ref DbSubnetIpBlocks]
DbSubnet2:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
# the select function allows us to select across a list
CidrBlock: !Select [1, !Ref DbSubnetIpBlocks]
DbSubnet3:
Type: AWS::EC2::Subnet
Properties:
VpcId: !Ref MyVPC
# the select function allows us to select across a list
CidrBlock: !Select [2, !Ref DbSubnetIpBlocks]
How to reference a Parameter
- Key: !Ref ParameterName
- FromPort: !Ref SecurityGroupPort
- You can use these for Resource Names as well!
How to create a Drop-Down list
CiderBlock: !Select [0, !Ref DbSubnetIpBlocks]
- !Select
- Create a drop-down
- [0,
- Zero is the first index in the CommaDelimitedList array
- !Ref DbSubnetIpBlocks]
- Iis a CommaDelimitedList in the Parameters section
How to Reference a Parameter
- Fn::Ref in JSON
- !Ref in YAML
- You can also reference other elements within the template
- Parameters
- Resource Names
Quiz
When should you use Parameters
- Some inputs cannot be determined ahead of time
- You want to re-use your templates
- You want to prevent errors by restricting values to only valid values using types
- All of the above
What option for Parameter is useful if you pass in a sensitive value like a password
- Constraint
- NoEcho
- Type
What is NOT an advantage of using Typed Parameters
- It performs valixation to ensure the parameter’s values are valid
- It gives helpers and displays default values to the user when using the console.
- It ensures your CloudFormation template will not fail.
Even if all the parameters are valid, your CF may still fail. Maybe the combination of paramters is not valid (subnets no belonging to the selected VPC for example). You cannot have constraints or sub parameters (yet). All in all, CloudFormation templates can fail even if using typed Parameters. The just greatly reduce the risk of errors.