CloudFromation Rules - krdheeraj51/aws-labs GitHub Wiki

##Overview:

The Rules section in an AWS CloudFormation template allows you to validate parameter values before creating or updating resources. This ensures that the input parameters meet specific criteria, helping to prevent errors and misconfigurations.

Key Points:

Structure:

The Rules section is optional and is defined in the Rules section of a CloudFormation template. Each rule consists of a logical name, an optional RuleCondition, and one or more Assertions.

RuleCondition:

The RuleCondition property is optional and determines when a rule takes effect. If the condition evaluates to true, CloudFormation evaluates the assertions to verify parameter values. If the condition evaluates to false, CloudFormation does not check the parameter values and proceeds with the stack operation. Assertions:

The Assertions property is required and describes what values users can specify for a particular parameter. Each assertion includes an Assert property and an optional AssertDescription.

Intrinsic Functions:

Rule-specific intrinsic functions are used to define rule conditions and assertions. These functions include

  • Fn::And
  • Fn::Contains
  • Fn::EachMemberEquals
  • Fn::EachMemberIn
  • Fn::Equals
  • Fn::If
  • Fn::Not
  • Fn::Or
  • Fn::RefAll
  • Fn::ValueOf
  • Fn::ValueOfAll

Example of Rules in a CloudFormation Template:


Mappings:
  RegionMap:
    us-east-1:
      AMI: ami-0ff8a91507f77f867
    us-west-1:
      AMI: ami-0bdb828fd58c52235

Parameters:
  InstanceType:
    Type: String
    Default: t2.micro
    AllowedValues:
      - t2.micro
      - t2.small
      - t2.medium

Rules:
  InstanceTypeRule:
    RuleCondition: !Equals [ !Ref "AWS::Region", "us-east-1" ]
    Assertions:
      - Assert: !Contains [ [ "t2.micro", "t2.small" ], !Ref "InstanceType" ]
        AssertDescription: "Instance type must be t2.micro or t2.small in us-east-1 region."

In this example:

  • The InstanceTypeRule rule checks if the stack is being created in the us-east-1 region.
  • If the condition is true, it asserts that the InstanceType parameter must be either t2.micro or t2.small.
  • If the assertion fails, CloudFormation will not create or update the stack and will provide the AssertDescription as an error message.