The Complete CloudFormation Guide: Functions, Pseudo Parameters, & Conditions Part 2
Table of Contents
- Introduction
- What Are We Doing?
- The Video: Functions, Pseudo Parameters, & Conditions Part 2
- The Template So Far
- Next Steps
- The Complete CloudFormation Guide Index
Introduction
In the last post, we discussed our three big topics for this two-parter: Functions, Pseudo Parameters, and Conditions. We learned about a new intrinsic function (GetAtt) and how each of them works. So now, we're going to take this new knowledge and put it into practice.
This time around we're going to practice by adding the option of SSH access on our Security Group, starting with making a new Parameter. We'll also discuss two new condition functions - Fn::Equals and Fn::If.
In the end, our template will be set up to conditionally allow SSH access based on user input through our parameters. Next, we'll be moving onto a new topic: Mappings!
What Are We Doing?
In the part 2 video, we will seek to put our new knowledge of functions, pseudo parameters, and conditions (from the last post) into practice by modifying our AWS CloudFormation template to conditionally allow SSH access to our Security Group. We'll also add two new condition functions to our tool kit: Fn::Equals and Fn::If.
The Video: Functions, Pseudo Parameters, & Conditions Part 2
The Template So Far
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description": "A CFN template for learning",
"Metadata": {
"Author": { "Ref": "ParamAuthorName" }
},
"Parameters": {
"ParamAuthorName": {
"Type": "String",
"Description": "Owner of the CFN Template."
},
"ParamAllowSSHFromRange": {
"Type": "String",
"Description": "IP CidrBlock to allow SSH access. i.e. 100.100.100.100/32",
"Default": "0.0.0.0/0"
},
"ParamAllowSSHAccess": {
"Type": "String",
"Default": "true",
"AllowedValues": ["true", "false"],
"ConstraintDescription":"Whether to allow SSH access into the EC2 server"
}
},
"Conditions": {
"AllowSSHAccess": {
"Fn::Equals": [{ "Ref": "ParamAllowSSHAccess" }, "true"]
}
},
"Resources": {
"SecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Security group for SSH and HTTP access",
"SecurityGroupIngress": [
{
"IpProtocol":"tcp",
"FromPort":"80",
"ToPort":"80",
"CidrIp": "0.0.0.0/0"
},
{
"Fn::If": [
"AllowSSHAccess",
{
"IpProtocol":"tcp",
"FromPort":"22",
"ToPort":"22",
"CidrIp": { "Ref": "ParamAllowSSHFromRange" }
},
{
"Ref": "AWS::NoValue"
}
]
}
]
}
}
}
}
Next Steps
The Next Post - Mappings
The Previous Post - Functions, Pseudo Parameters, and Conditions Part 1
The Complete CloudFormation Guide Index
If you're enjoying this series and finding it useful, be sure to check out the rest of the blog posts in it! The links below will take you to the other posts in The Complete CloudFormation Guide here on Tech Guides and Thoughts so you can continue building your CloudFormation template along with me.
- The Complete CloudFormation Guide
- An Introduction to and History of CloudFormation
- The Main Concepts of CloudFormation
- How CloudFormation Does Updates and Deletes
- Our Project Setup
- Resources
- Parameters and Refs
- Our First Time Launch
- Functions, Pseudo Parameters, and Conditions Part 1
- Functions, Pseudo Parameters, and Conditions Part 2
- Mappings
- Transforms
- Outputs
- Relaunch!
- The Best Next Steps to Take from Here
Enjoy Posts Like These? Sign up to my mailing list!
J Cole Morrison
http://start.jcolemorrison.comDeveloper Advocate @HashiCorp, DevOps Enthusiast, Startup Lover, Teaching at awsdevops.io