In AWS CloudFormation, conditionals allow you to define logical conditions that determine whether certain resources or properties should be created or updated during the stack deployment process. Conditionals enable you to add flexibility and dynamic behavior to your CloudFormation templates.
Conditionals in CloudFormation templates are implemented using the Conditions
section. The Conditions
section allows you to define conditions using intrinsic functions and operators. You can then reference these conditions in resource or property definitions to control their creation or configuration.
Here's an example of how conditionals are used in a CloudFormation template:
Resources:
MyEC2Instance:
Type: AWS::EC2::Instance
Properties:
InstanceType: t2.micro
ImageId: ami-12345678
KeyName: MyKey
SecurityGroupIds:
- !If
- CreateSecurityGroup
- !Ref ExistingSecurityGroup
- !Ref NewSecurityGroup
Conditions:
CreateSecurityGroup: !Equals [!Ref CreateNewSecurityGroup, "true"]
In this example, we have a condition called CreateSecurityGroup
which is defined using the Equals
intrinsic function. It checks whether the CreateNewSecurityGroup
parameter is set to "true". If it is, the condition evaluates to true
, and the existing security group referenced by ExistingSecurityGroup
is used. Otherwise, if the CreateNewSecurityGroup
parameter is set to any other value, the condition evaluates to false
, and the new security group referenced by NewSecurityGroup
is used.
The !If
intrinsic function is used to reference the condition and provide the corresponding values based on its evaluation. It takes three arguments: the condition, the value if the condition is true, and the value if the condition is false.
By using conditionals, you can make your CloudFormation templates more flexible and adapt them to different deployment scenarios based on the provided input parameters or other factors.
Syntax
The Conditions
section consists of the key name Conditions
. Each condition declaration includes a logical ID and intrinsic functions that are evaluated when you create or update a stack. The following pseudo template outlines the Conditions
section:
JSON
"Conditions" : {
"Logical ID" : {Intrinsic function}
}
YAML
Conditions:
Logical ID:
Intrinsic function
Condition intrinsic functions
You can use the following intrinsic functions to define conditions:
Fn::And
Fn::Equals
Fn::If
Fn::Not
Fn::Or
For the syntax and information about each function, see Condition functions.
Fn::If
is only supported in the metadata attribute, update policy attribute, and property values in the Resources
section and Outputs
sections of a template.
Hands-on Lab "Simple condition"
The following sample template includes an EnvType
input parameter, where you can specify prod
to create a stack for production or test
to create a stack for testing. For a production environment, AWS CloudFormation creates an Amazon EC2 instance and attaches a volume to the instance. For a test environment, AWS CloudFormation creates only the Amazon EC2 instance.
The CreateProdResources
condition evaluates to true
if the EnvType
parameter is equal to prod
. In the sample template, the NewVolume
and MountPoint
resources are associated with the CreateProdResources
condition. Therefore, the resources are created only if the EnvType
parameter is equal to prod
.
YAML
AWSTemplateFormatVersion: 2010-09-09
Parameters:
EnvType:
Description: Environment type.
Default: test
Type: String
AllowedValues:
- prod
- test
ConstraintDescription: must specify prod or test.
Conditions:
CreateProdResources: !Equals
- !Ref EnvType
- prod
Resources:
EC2Instance:
Type: 'AWS::EC2::Instance'
Properties:
ImageId: ami-0ff8a91507f77f867
MountPoint:
Type: 'AWS::EC2::VolumeAttachment'
Condition: CreateProdResources
Properties:
InstanceId: !Ref EC2Instance
VolumeId: !Ref NewVolume
Device: /dev/sdh
NewVolume:
Type: 'AWS::EC2::Volume'
Condition: CreateProdResources
Properties:
Size: 100
AvailabilityZone: !GetAtt
- EC2Instance
- AvailabilityZone
To deploy the template you can use the following command:
aws cloudformation deploy --template-file template.yaml --stack-name MyStack --region <your-region>