This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html).
# Transform reference
Transforms are macros hosted by CloudFormation. Unlike custom macros, a transform doesn't require any special permissions to use it because it is hosted by CloudFormation. Transforms can be used in templates in any account within CloudFormation. Also, there is no charge incurred when using transforms. CloudFormation treats a transform the same as any other macro in terms of evaluation order and scope.
For more information about how macros work, see [Using CloudFormation macros to perform custom processing on templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html) in the *AWS CloudFormation User Guide*.
You can use the following transforms in your CloudFormation templates.
**Topics**
+ [`AWS::CodeDeployBlueGreen` transform](transform-aws-codedeploybluegreen.md)
+ [`AWS::Include` transform](transform-aws-include.md)
+ [`AWS::LanguageExtensions` transform](transform-aws-languageextensions.md)
+ [`AWS::SecretsManager` transform](transform-aws-secretsmanager.md)
+ [`AWS::Serverless` transform](transform-aws-serverless.md)
+ [`AWS::ServiceCatalog` transform](transform-aws-servicecatalog.md)
# `AWS::CodeDeployBlueGreen` transform
This topic describes how to use the `AWS::CodeDeployBlueGreen` transform to enable ECS blue/green deployments through CodeDeploy on your stack.
For more information, see [Perform ECS blue/green deployments through CodeDeploy using CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/blue-green.html) in the *AWS CloudFormation User Guide*.
## Usage
To use the `AWS::CodeDeployBlueGreen` transform, you must declare it at the top level of your CloudFormation template. You can't use `AWS::CodeDeployBlueGreen` as a transform embedded in any other template section.
The value for the transform declaration must be a literal string. You can't use a parameter or function to specify a transform value.
### Syntax
To declare this transform in your CloudFormation template, use the following syntax:
#### JSON
```
{
"Transform":[
"AWS::CodeDeployBlueGreen"
],
"Resources":{
...
}
}
```
#### YAML
```
Transform:
- 'AWS::CodeDeployBlueGreen'
Resources:
...
```
The `AWS::CodeDeployBlueGreen` transform is a standalone declaration with no additional parameters.
## Related resources
For complete CloudFormation template examples that you can use to enable ECS blue/green deployments on your stack, see [Blue/green deployment template example](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/blue-green-template-example.html) in the *AWS CloudFormation User Guide*.
For general information about using macros, see [Perform custom processing on CloudFormation templates with template macros](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html) in the *AWS CloudFormation User Guide*.
# `AWS::Include` transform
This topic describes how to use the `AWS::Include` transform to insert boilerplate content into your CloudFormation templates.
The `AWS::Include` is a CloudFormation macro that, when referenced in your stack template, inserts the contents of the specified file at the location of the transform in the template when you create or update a stack using a change set. The `AWS::Include` function behaves similarly to an `include`, `copy`, or `import` directive in programming languages.
## Usage
You can use the `AWS::Include` transform anywhere within the CloudFormation template except in the template parameters section or the template version. For example, you can use `AWS::Include` in the mappings section.
### Syntax at the top level of a template
To declare this transform at the top level of your CloudFormation template, as the `Transform` section, use the following syntax:
#### JSON
```
{
"Transform":{
"Name":"AWS::Include",
"Parameters":{
"Location":"s3://amzn-s3-demo-bucket/MyFileName.json"
}
},
"Resources":{
...
}
}
```
#### YAML
```
Transform:
Name: AWS::Include
Parameters:
Location: 's3://amzn-s3-demo-bucket/MyFileName.yaml'
Resources:
...
```
### Syntax when the transform is embedded within a section of a template
To declare this transform within a section of your CloudFormation template, use the `Fn::Transform` intrinsic function and the following syntax:
#### JSON
```
{
"Fn::Transform":{
"Name":"AWS::Include",
"Parameters":{
"Location":"s3://amzn-s3-demo-bucket/MyFileName.json"
}
}
}
```
#### YAML
```
Fn::Transform:
Name: AWS::Include
Parameters:
Location: s3://amzn-s3-demo-bucket/MyFileName.yaml
```
For more information, see [`Fn::Transform`](intrinsic-function-reference-transform.md).
### Parameters
`Location`
The location is an Amazon S3 URI, with a specific file name in an S3 bucket. For example, `s3://amzn-s3-demo-bucket/MyFile.yaml`.
## Considerations
When using `AWS::Include`, keep the following considerations in mind. For more considerations about using macros, see [Macros considerations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros-overview.html#template-macros-considerations) in the *AWS CloudFormation User Guide*.
+ We currently support Amazon S3 URI, but no other Amazon S3 format (such as Amazon S3 ARN). It must be an Amazon S3 bucket, as opposed to something like a GitHub repository.
+ Anyone with access to the Amazon S3 URL can include the snippet in their template.
+ Your template snippets must be valid JSON.
+ Your template snippets must be valid key-value objects, for example, `"KeyName": "keyValue"`.
+ You can't use `AWS::Include` to reference a template snippet that also uses `AWS::Include`.
+ If your snippets change, your stack doesn't automatically pick up those changes. To get those changes, you must update the stack with the updated snippets. If you update your stack, make sure your included snippets haven't changed without your knowledge. To verify before updating the stack, check the change set.
+ When creating templates and snippets, you can mix YAML and JSON template languages.
+ We don't currently support using shorthand notations for YAML snippets.
+ You can provide a cross-region replication Amazon S3 URI with `AWS::Include`. Make sure you check Amazon S3 bucket names when accessing cross-region replication objects. For more information, see [Replicating objects within and across Regions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html) in the *Amazon S3 User Guide*.
## Examples
The following examples show how to use the `AWS::Include` transform to execute a wait condition handle. Replace *amzn-s3-demo-bucket* with your actual bucket name.
First, save a YAML file named `single_wait_condition.yaml` in your S3 bucket with the following contents:
```
MyWaitCondition:
Type: AWS::CloudFormation::WaitCondition
Properties:
Handle: !Ref MyWaitHandle
Timeout: '4500'
```
You can then reference this file using either JSON or YAML format.
### JSON
```
{
"Resources": {
"MyWaitHandle": {
"Type": "AWS::CloudFormation::WaitConditionHandle"
},
"Fn::Transform": {
"Name": "AWS::Include",
"Parameters": {
"Location": "s3://amzn-s3-demo-bucket/single_wait_condition.yaml"
}
}
}
}
```
### YAML
```
Resources:
MyWaitHandle:
Type: AWS::CloudFormation::WaitConditionHandle
Fn::Transform:
Name: AWS::Include
Parameters:
Location: "s3://amzn-s3-demo-bucket/single_wait_condition.yaml"
```
For more information, see [Create wait conditions in a CloudFormation template](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-waitcondition.html) in the *AWS CloudFormation User Guide*.
# `AWS::LanguageExtensions` transform
This topic describes how to use the `AWS::LanguageExtensions` transform to enable additional functions and capabilities that are not available by default.
The `AWS::LanguageExtensions` is a CloudFormation macro that, when referenced in your stack template, updates any intrinsic function defined by the transform to its resolved value within the template when you create or update a stack using a change set.
By including this transform in your CloudFormation template, you can access additional features, such as `Fn::ForEach`, which allows for more advanced operations like iteration. You can also use intrinsic functions in places where they're typically not allowed, such as in `Ref` and `Fn::GetAtt` functions.
## Usage
To use the `AWS::LanguageExtensions` transform, you must declare it at the top level of your CloudFormation template. You can't use `AWS::LanguageExtensions` as a transform embedded in any other template section.
The declaration must use the literal string `AWS::LanguageExtensions` as its value. You can't use a parameter or function to specify a transform value.
### Syntax
To declare this transform in your CloudFormation template, use the following syntax:
### JSON
```
{
"Transform":"AWS::LanguageExtensions",
"Resources":{
...
}
}
```
### YAML
```
Transform: AWS::LanguageExtensions
Resources:
...
```
The `AWS::LanguageExtensions` transform is a standalone declaration with no additional parameters.
## Support for additional functions
The `AWS::LanguageExtensions` transform supports the following additional functions:
+ [`Fn::ForEach`](intrinsic-function-reference-foreach.md)
+ [`Fn::Length`](intrinsic-function-reference-length.md)
+ [`Fn::ToJsonString`](intrinsic-function-reference-ToJsonString.md)
## Considerations
When using the `AWS::LanguageExtensions` transform, keep the following considerations in mind:
+ When you update a stack that uses the `AWS::LanguageExtensions` transform, we recommend that you don't use the **Use existing template** option in the CloudFormation console, or the equivalent command line option `--use-previous-template`. The `AWS::LanguageExtensions` transform resolves parameters to literal values during processing. When you use `--use-previous-template`, CloudFormation uses this processed template with the old literal values, preventing new parameter values and Systems Manager parameter updates from being applied. Instead, provide the original template to ensure parameters are re-resolved with current values.
+ Short-form YAML syntax isn't supported within a template for intrinsic functions that are only available in the `AWS::LanguageExtensions` transform. Use explicit references to these functions. For example, use `Fn::Length` instead of `!Length`.
+ The AWS SAM CLI currently doesn't support the `Fn::ForEach` intrinsic function of the `AWS::LanguageExtensions` transform.
+ If you're using multiple transforms, use a list format. If you're using custom macros, place AWS-provided transforms after your custom macros. If you're using both the `AWS::LanguageExtensions` and `AWS::Serverless` transforms, the `AWS::LanguageExtensions` transform must come before the `AWS::Serverless` transform in the list.
+ Functions and attributes provided by the `AWS::LanguageExtensions` transform are only supported in the `Resources`, `Conditions`, and `Outputs` sections of your template.
## Examples
The following examples show how to use the `AWS::LanguageExtensions` transform to use the `Fn::Length` intrinsic function, defined by the transform.
### JSON
```
{
"AWSTemplateFormatVersion": "2010-09-09",
"Transform": "AWS::LanguageExtensions",
"Parameters": {
"QueueList": {
"Type": "CommaDelimitedList"
},
"QueueNameParam": {
"Description": "Name for your SQS queue",
"Type": "String"
}
},
"Resources": {
"Queue": {
"Type": "AWS::SQS::Queue",
"Properties": {
"QueueName": {
"Ref": "QueueNameParam"
},
"DelaySeconds": {
"Fn::Length": {
"Ref": "QueueList"
}
}
}
}
}
}
```
### YAML
```
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::LanguageExtensions
Parameters:
QueueList:
Type: CommaDelimitedList
QueueNameParam:
Description: Name for your SQS queue
Type: String
Resources:
Queue:
Type: AWS::SQS::Queue
Properties:
QueueName: !Ref QueueNameParam
DelaySeconds:
'Fn::Length': !Ref QueueList
```
## Related resources
For more examples, see the following topics.
+ [`Fn::ForEach`](intrinsic-function-reference-foreach.md)
+ [`Fn::Length`](intrinsic-function-reference-length.md)
+ [`Fn::ToJsonString`](intrinsic-function-reference-ToJsonString.md)
+ [`Ref`](intrinsic-function-reference-ref.md)
+ [`Fn::GetAtt`](intrinsic-function-reference-getatt.md)
+ [`Fn::FindInMap enhancements`](intrinsic-function-reference-findinmap-enhancements.md)
For general information about using macros, see [Perform custom processing on CloudFormation templates with template macros](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html) in the *AWS CloudFormation User Guide*.
# `Fn::FindInMap enhancements`
The `AWS::LanguageExtensions` transform enhances the functionality of the `Fn::FindInMap` intrinsic function in CloudFormation templates.
The `Fn::FindInMap` function is used to retrieve a value from a mapping defined in the `Mappings` section of a CloudFormation template. However, the standard `Fn::FindInMap` function has limitations, such as the inability to handle missing mappings or use a `Fn::FindInMap` function with some intrinsic functions embedded inside it.
The `AWS::LanguageExtensions` transform addresses these limitations by introducing the following enhancements:
+ **Default value support** – You can specify a default value to be returned if a mapping is not found.
+ **Intrinsic function support** – You can also use a wider range of intrinsic functions to define the fields of `Fn::FindInMap` than with the standard `Fn::FindInMap` function.
## Declaration
### JSON
```
{ "Fn::FindInMap" : [
"MapName",
"TopLevelKey",
"SecondLevelKey",
{"DefaultValue": "DefaultValue"}
]
}
```
### YAML
Syntax for the full function name:
```
Fn::FindInMap:
- MapName
- TopLevelKey
- SecondLevelKey
- DefaultValue: DefaultValue
```
Syntax for the short form:
```
!FindInMap
- MapName
- TopLevelKey
- SecondLevelKey
- DefaultValue: DefaultValue
```
## Parameters
DefaultValue
The value that `Fn::FindInMap` will resolve to if the `TopLevelKey` and/or `SecondLevelKey` can not be found from the `MapName` map. This field is optional.
All parameters `MapName`, `TopLevelKey`, `SecondLevelKey`, and `DefaultValue` can be an intrinsic function as long as it's able to resolve to a valid value during the transform.
## Examples
The following examples demonstrate how to define the fields of `Fn::FindInMap` when you add the `AWS::LanguageExtensions` transform.
### Using a default value
The following is an example of using a default value in the `Fn::FindInMap` function.
#### JSON
```
{
//...
"Transform": "AWS::LanguageExtensions",
//...
"Fn::FindInMap": [
"RegionMap",
{ "Ref": "AWS::Region" },
"InstanceType",
{ "DefaultValue": "t3.micro" }
]
//...
}
```
#### YAML
```
Transform: 'AWS::LanguageExtensions'
#...
!FindInMap
- 'RegionMap'
- !Ref 'AWS::Region'
- 'InstanceType'
- DefaultValue: t3.micro
#...
```
#### Using intrinsic functions to define the top level key
The following is an example of using a `Fn::FindInMap` function with the `Fn::Select` and `Fn::Split` intrinsic functions embedded inside it to define the top level key.
##### JSON
```
{
//...
"Transform": "AWS::LanguageExtensions",
//...
"Fn::FindInMap": [
"MyMap",
{
"Fn::Select": [
0,
{
"Fn::Split": [
"|",
{ "Ref": "InputKeys" }
]
}
]
},
"SecondKey"
]
//...
}
```
##### YAML
```
Transform: 'AWS::LanguageExtensions'
#...
!FindInMap: [MyMap, !Select [0, !Split [|, !Ref InputKeys]], SecondKey]
#...
```
## Supported functions
You can use the following functions in the parameters of `Fn::FindInMap:` enhancements:
+ ``Fn::FindInMap``
+ ``Fn::Join``
+ ``Fn::Sub``
+ ``Fn::If``
+ ``Fn::Select``
+ ``Fn::Length``
+ ``Fn::ToJsonString``
+ ``Fn::Split`` - Unless it’s used for the default value, `Fn::Split` has to be used in conjunction with intrinsic functions that produce a string, such as ``Fn::Join`` or ``Fn::Select``.
+ ``Ref``
## Related resources
For more information and examples that show how to use the `Fn::FindInMap` intrinsic function, see [`Fn::FindInMap`](intrinsic-function-reference-findinmap.md).
For more information about the `AWS::LanguageExtensions` transform, see [`AWS::LanguageExtensions` transform](transform-aws-languageextensions.md).
# `AWS::SecretsManager` transform
This topic describes how to use the `AWS::SecretsManager` transform and the [AWS::SecretsManager::RotationSchedule](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-secretsmanager-rotationschedule.html) resource type to specify a Lambda function to perform secrets rotation.
The `AWS::SecretsManager` transform is a CloudFormation macro that, when referenced in your stack template, automatically generates a Lambda function for secrets rotation when you create or update a stack using a change set. The Lambda function is placed in a nested stack in the processed template. It uses a function template from the [AWS Secrets Manager Rotation Lambda Functions](https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas) repository, based on the value of the [RotationType](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-secretsmanager-rotationschedule-hostedrotationlambda.html#cfn-secretsmanager-rotationschedule-hostedrotationlambda-rotationtype) property of the [AWS::SecretsManager::RotationSchedule](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-secretsmanager-rotationschedule.html) resource.
## Usage
To use the `AWS::SecretsManager` transform, you must declare it at the top level of your CloudFormation template. You can't use `AWS::SecretsManager` as a transform embedded in any other template section.
The declaration must use the literal string `AWS::SecretsManager-2020-07-23` or `AWS::SecretsManager-2024-09-16` as its value. You can't use a parameter or function to specify a transform value.
### Syntax
To declare this transform in your CloudFormation template, use the following syntax:
#### JSON
```
{
"Transform":"AWS::SecretsManager-2020-07-23",
"Resources":{
...
}
}
```
#### YAML
```
Transform: AWS::SecretsManager-2020-07-23
Resources:
...
```
The `AWS::SecretsManager` transform is a standalone declaration with no additional parameters. Instead, you configure the [HostedRotationLambda](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-secretsmanager-rotationschedule-hostedrotationlambda.html) property of the [AWS::SecretsManager::RotationSchedule](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-secretsmanager-rotationschedule.html) resource in your stack template. The [HostedRotationLambda](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-secretsmanager-rotationschedule-hostedrotationlambda.html) property specifies the Lambda function to perform secrets rotation.
## New features in `AWS::SecretsManager-2024-09-16`
The latest version of the `AWS::SecretsManager` transform (`AWS::SecretsManager-2024-09-16`) introduces the following enhancements:
+ **Automatic Lambda upgrades** – When you update your CloudFormation stacks, your Lambda functions now automatically update their runtime configuration and internal dependencies. This ensures you're using the most secure and reliable versions of the code that manages secret rotation in Secrets Manager.
+ **Support for additional attributes** – The new transform supports additional resource attributes for the `AWS::SecretsManager::RotationSchedule` resource type when used with the `HostedRotationLambda` property, including the `DependsOn` attribute.
**Note**
Both versions support the `DeletionPolicy` and `UpdateReplacePolicy` attributes.
To learn more about this new version of the `AWS::SecretsManager` transform, see [Introducing an enhanced version of the AWS Secrets Manager transform: AWS::SecretsManager-2024-09-16](https://aws.amazon.com/blogs/security/introducing-an-enhanced-version-of-the-aws-secrets-manager-transform-awssecretsmanager-2024-09-16/) on the AWS Security Blog.
## Examples
The following examples show how to use the `AWS::SecretsManager` transform (`AWS::SecretsManager-2024-09-16`) and the [AWS::SecretsManager::RotationSchedule](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-secretsmanager-rotationschedule.html) resource in your template. In this example, CloudFormation will automatically generate a Lambda function for MySQL single user secret rotation.
The secret is set to rotate automatically every day at midnight (UTC). The rotation process may take up to 2 hours to complete. Updating the rotation schedule won't start an immediate rotation.
### JSON
```
{
"AWSTemplateFormatVersion":"2010-09-09",
"Transform":"AWS::SecretsManager-2024-09-16",
"Resources":{
...
"MySecretRotationSchedule":{
"Type":"AWS::SecretsManager::RotationSchedule",
"DependsOn":"logical name of AWS::SecretsManager::SecretTargetAttachment resource",
"Properties":{
"SecretId":{
"Ref":"logical name of AWS::SecretsManager::Secret resource"
},
"HostedRotationLambda":{
"RotationType":"MySQLSingleUser",
"RotationLambdaName":"name of Lambda function to be created",
"VpcSecurityGroupIds":{
"Fn::GetAtt":[
"logical name of AWS::EC2::SecurityGroup resource",
"GroupId"
]
},
"VpcSubnetIds":{
"Fn::Join":[
",",
[
{
"Ref":"logical name of primary subnet"
},
{
"Ref":"logical name of secondary subnet"
}
]
]
}
},
"RotationRules":{
"ScheduleExpression":"cron(0 0 * * ? *)",
"Duration":"2h"
},
"RotateImmediatelyOnUpdate":false
}
}
}
}
```
### YAML
```
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::SecretsManager-2024-09-16
Resources:
...
MySecretRotationSchedule:
Type: AWS::SecretsManager::RotationSchedule
DependsOn: logical name of AWS::SecretsManager::SecretTargetAttachment resource
Properties:
SecretId: !Ref logical name of AWS::SecretsManager::Secret resource
HostedRotationLambda:
RotationType: MySQLSingleUser
RotationLambdaName: name of Lambda function to be created
VpcSecurityGroupIds: !GetAtt logical name of AWS::EC2::SecurityGroup resource.GroupId
VpcSubnetIds:
Fn::Join:
- ","
- - Ref: logical name of primary subnet
- Ref: logical name of secondary subnet
RotationRules:
ScheduleExpression: cron(0 0 * * ? *)
Duration: 2h
RotateImmediatelyOnUpdate: false
```
## Related resources
For complete CloudFormation template examples that you can use to set up secret rotations, see the [Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-secretsmanager-rotationschedule.html#aws-resource-secretsmanager-rotationschedule--examples) section of `AWS::SecretsManager::RotationSchedule` resource.
For general information about using macros, see [Perform custom processing on CloudFormation templates with template macros](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html) in the *AWS CloudFormation User Guide*.
# `AWS::Serverless` transform
This topic describes how to use the `AWS::Serverless` transform to process a template written in the AWS Serverless Application Model (AWS SAM) syntax and transform it into a compliant CloudFormation template.
For more information about using the `AWS::Serverless` transform, see [AWS SAM transform](https://github.com/aws/serverless-application-model) on GitHub.
## Usage
To use the `AWS::Serverless` transform, you must declare it at the top level of your CloudFormation template. You can't use `AWS::Serverless` as a transform embedded in any other template section.
The declaration must use the literal string `AWS::Serverless-2016-10-31` as its value. You can't use a parameter or function to specify a transform value.
### Syntax
To declare this transform in your CloudFormation template, use the following syntax:
#### JSON
```
{
"Transform":"AWS::Serverless-2016-10-31",
"Resources":{
...
}
}
```
#### YAML
```
Transform: AWS::Serverless-2016-10-31
Resources:
...
```
The `AWS::Serverless` transform is a standalone declaration with no additional parameters.
## Examples
The following examples show how to use the `AWS::Serverless` transform and AWS SAM syntax to simplify the declaration of a Lambda function and its execution role.
### JSON
```
{
"Transform":"AWS::Serverless-2016-10-31",
"Resources":{
"MyFunction":{
"Type":"AWS::Serverless::Function",
"Properties":{
"Handler":"index.handler",
"Runtime":"nodejs20.x",
"CodeUri":"s3://amzn-s3-demo-bucket/MySourceCode.zip"
}
}
}
}
```
### YAML
```
Transform: AWS::Serverless-2016-10-31
Resources:
MyFunction:
Type: AWS::Serverless::Function
Properties:
Handler: index.handler
Runtime: nodejs20.x
CodeUri: 's3://amzn-s3-demo-bucket/MySourceCode.zip'
```
When creating a change set from the template, CloudFormation expands the AWS SAM syntax, as defined by the transform. The processed template expands the `AWS::Serverless::Function` resource, declaring a Lambda function and an execution role.
```
{
"Resources": {
"MyFunction": {
"Type": "AWS::Lambda::Function",
"Properties": {
"Handler": "index.handler",
"Code": {
"S3Bucket": "amzn-s3-demo-bucket",
"S3Key": "MySourceCode.zip"
},
"Role": {
"Fn::GetAtt": ["MyFunctionRole", "Arn"]
},
"Runtime": "nodejs20.x"
}
},
"MyFunctionRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"ManagedPolicyArns": ["arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"],
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [{
"Action": ["sts:AssumeRole"],
"Effect": "Allow",
"Principal": {
"Service": ["lambda.amazonaws.com"]
}
}]
}
}
}
}
}
```
## Using `AWS::Serverless` with `AWS::LanguageExtensions`
When using both `AWS::Serverless` and `AWS::LanguageExtensions` transforms, referencing resources like `AWS::ApiGateway::Stage` requires special syntax when the stage name is passed as a non-`NoEcho` parameter value.
Instead of using the AWS SAM syntax for the reference (`MyApi.Stage`), use `Fn::Sub` to generate the logical ID reference. For example, `"Ref": {"Fn::Sub": "${MyApi}${StageName}Stage"}`. This builds the correct logical ID at runtime.
The reason for this special format is because these two transforms handle values differently:
+ `AWS::LanguageExtensions` resolves intrinsic functions to their actual values.
+ `AWS::Serverless` creates different logical IDs depending on whether it receives a static value or an intrinsic function.
## Related resources
For more information about serverless applications and the AWS Serverless Application Model (AWS SAM), see [AWS Serverless Application Model Developer Guide](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/what-is-sam.html).
For the resource and property types that are specific to AWS SAM, see [AWS SAM resources and properties](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-resources-and-properties.html) in the *AWS Serverless Application Model Developer Guide*.
For general information about using macros, see [Perform custom processing on CloudFormation templates with template macros](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-macros.html) in the *AWS CloudFormation User Guide*.
# `AWS::ServiceCatalog` transform
This topic describes how to use the `AWS::ServiceCatalog` transform to reference outputs from an existing AWS Service Catalog provisioned product in your CloudFormation template.
## Usage
To use the `AWS::ServiceCatalog` transform, you must declare it at the top level of your CloudFormation template. You can't use `AWS::ServiceCatalog` as a transform embedded in any other template section.
Where an output value is required, you provide the name of the provisioned product and the output key name.
You can reference multiple provisioned products and key names in your template, a maximum of 20 per template. During provisioning, the transform retrieves the value from each referenced provisioned product and key, substituting the output value in your CloudFormation template.
The declaration must use the literal string `AWS::ServiceCatalog` as its value. You can't use a parameter or function to specify a transform value.
### Syntax
To declare this transform in your CloudFormation template, use the following syntax:
#### JSON
```
{
"Transform":"AWS::ServiceCatalog",
"Resources":{
...
}
}
```
#### YAML
```
Transform: AWS::ServiceCatalog
Resources:
...
```
The `AWS::ServiceCatalog` transform is a standalone declaration with no additional parameters.
## Examples
The following examples show how you can reference outputs from an existing Service Catalog provisioned product in a CloudFormation template.
In these examples, `SampleProvisionedProduct` is a previously created provisioned product. `SampleOutputKey` is an output key of this provisioned product.
### JSON
This example is a working version.
Template versions that don't wrap the value as a string literal will fail.
```
{
"AWSTemplateFormatVersion":"2010-09-09",
"Transform":"AWS::ServiceCatalog",
"Resources":{
"ExampleParameter":{
"Type":"AWS::SSM::Parameter",
"Properties":{
"Type":"String",
"Value":"[[servicecatalog:provisionedproduct:SampleProvisionedProduct:SampleOutputKey]]"
}
}
}
}
```
### YAML
Examples 1–4 are valid templates. In Examples 1 and 2, the transform and value are string literals.
Example 5 isn't a valid template. The value must be wrapped in a string `'` or `"` or `>-`. If not, the user receives an error.
```
// Example 1
AWSTemplateFormatVersion: 2010-09-09
Transform: 'AWS::ServiceCatalog'
Resources:
ExampleParameter:
Type: AWS::SSM::Parameter
Properties:
Type: String
Value: '[[servicecatalog:provisionedproduct:SampleProvisionedProduct:SampleOutputKey]]'
// Example 2
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::ServiceCatalog
Resources:
ExampleParameter:
Type: AWS::SSM::Parameter
Properties:
Type: String
Value: '[[servicecatalog:provisionedproduct:SampleProvisionedProduct:SampleOutputKey]]'
// Example 3
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::ServiceCatalog
Resources:
ExampleParameter:
Type: AWS::SSM::Parameter
Properties:
Type: String
Value: "[[servicecatalog:provisionedproduct:SampleProvisionedProduct:SampleOutputKey]]"
// Example 4
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::ServiceCatalog
Resources:
ExampleParameter:
Type: AWS::SSM::Parameter
Properties:
Type: String
Value: >-
[[servicecatalog:provisionedproduct:SampleProvisionedProduct:SampleOutputKey]]
// Example 5
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::ServiceCatalog
Resources:
ExampleParameter2:
Type: AWS::SSM::Parameter
Properties:
Type: String
Value: [[servicecatalog:provisionedproduct:SSMProductProvisionedProduct:SampleOutputKey]]
```