Get started with Conditionals in AWS CloudFormation

In AWS CloudFormation, conditionals allow you to define logical conditions that determine whether certain resources or properties should be created or updated during the stack deployment process. Conditionals enable you to add flexibility and dynamic behavior to your CloudFormation templates.

Conditionals in CloudFormation templates are implemented using the Conditions section. The Conditions section allows you to define conditions using intrinsic functions and operators. You can then reference these conditions in resource or property definitions to control their creation or configuration.

Here's an example of how conditionals are used in a CloudFormation template:

Resources:
  MyEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.micro
      ImageId: ami-12345678
      KeyName: MyKey
      SecurityGroupIds:
        - !If
          - CreateSecurityGroup
          - !Ref ExistingSecurityGroup
          - !Ref NewSecurityGroup

Conditions:
  CreateSecurityGroup: !Equals [!Ref CreateNewSecurityGroup, "true"]

In this example, we have a condition called CreateSecurityGroup which is defined using the Equals intrinsic function. It checks whether the CreateNewSecurityGroup parameter is set to "true". If it is, the condition evaluates to true, and the existing security group referenced by ExistingSecurityGroup is used. Otherwise, if the CreateNewSecurityGroup parameter is set to any other value, the condition evaluates to false, and the new security group referenced by NewSecurityGroup is used.

The !If intrinsic function is used to reference the condition and provide the corresponding values based on its evaluation. It takes three arguments: the condition, the value if the condition is true, and the value if the condition is false.

By using conditionals, you can make your CloudFormation templates more flexible and adapt them to different deployment scenarios based on the provided input parameters or other factors.

Syntax

The Conditions section consists of the key name Conditions. Each condition declaration includes a logical ID and intrinsic functions that are evaluated when you create or update a stack. The following pseudo template outlines the Conditions section:

JSON

"Conditions" : {

  "Logical ID" : {Intrinsic function}
}

YAML

Conditions:
  Logical ID:
    Intrinsic function

Condition intrinsic functions

You can use the following intrinsic functions to define conditions:

  • Fn::And

  • Fn::Equals

  • Fn::If

  • Fn::Not

  • Fn::Or

For the syntax and information about each function, see Condition functions.

Fn::If is only supported in the metadata attribute, update policy attribute, and property values in the Resources section and Outputs sections of a template.

Hands-on Lab "Simple condition"

The following sample template includes an EnvType input parameter, where you can specify prod to create a stack for production or test to create a stack for testing. For a production environment, AWS CloudFormation creates an Amazon EC2 instance and attaches a volume to the instance. For a test environment, AWS CloudFormation creates only the Amazon EC2 instance.

The CreateProdResources condition evaluates to true if the EnvType parameter is equal to prod. In the sample template, the NewVolume and MountPoint resources are associated with the CreateProdResources condition. Therefore, the resources are created only if the EnvType parameter is equal to prod.

YAML

AWSTemplateFormatVersion: 2010-09-09
Parameters:
  EnvType:
    Description: Environment type.
    Default: test
    Type: String
    AllowedValues:
      - prod
      - test
    ConstraintDescription: must specify prod or test.
Conditions:
  CreateProdResources: !Equals 
    - !Ref EnvType
    - prod
Resources:
  EC2Instance:
    Type: 'AWS::EC2::Instance'
    Properties:
      ImageId: ami-0ff8a91507f77f867
  MountPoint:
    Type: 'AWS::EC2::VolumeAttachment'
    Condition: CreateProdResources
    Properties:
      InstanceId: !Ref EC2Instance
      VolumeId: !Ref NewVolume
      Device: /dev/sdh
  NewVolume:
    Type: 'AWS::EC2::Volume'
    Condition: CreateProdResources
    Properties:
      Size: 100
      AvailabilityZone: !GetAtt 
        - EC2Instance
        - AvailabilityZone

To deploy the template you can use the following command:

aws cloudformation deploy --template-file template.yaml --stack-name MyStack --region <your-region>

References:

  1. Conditions

  2. Pseudo parameters reference

  3. Condition functions