CloudFormationCreateUpdateStackActionProps
- class aws_cdk.aws_codepipeline_actions.CloudFormationCreateUpdateStackActionProps(*, action_name, run_order=None, variables_namespace=None, role=None, admin_permissions, stack_name, template_path, account=None, capabilities=None, cfn_capabilities=None, deployment_role=None, extra_inputs=None, output=None, output_file_name=None, parameter_overrides=None, region=None, replace_on_failure=None, template_configuration=None)
Bases:
CommonAwsActionProps
Properties for the CloudFormationCreateUpdateStackAction.
- Parameters:
action_name (
str
) – The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.run_order (
Union
[int
,float
,None
]) – The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1variables_namespace (
Optional
[str
]) – The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action’s variables were referenced - otherwise, no namespace will be setrole (
Optional
[IRole
]) – The Role in which context’s this Action will be executing in. The Pipeline’s Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your {@link IAction.bind} method in the {@link ActionBindOptions.role} property. Default: a new Role will be generatedadmin_permissions (
bool
) – Whether to grant full permissions to CloudFormation while deploying this template. Setting this totrue
affects the defaults forrole
andcapabilities
, if you don’t specify any alternatives. The default role that will be created for you will have full (i.e.,*
) permissions on all resources, and the deployment will have named IAM capabilities (i.e., able to create all IAM resources). This is a shorthand that you can use if you fully trust the templates that are deployed in this pipeline. If you want more fine-grained permissions, useaddToRolePolicy
andcapabilities
to control what the CloudFormation deployment is allowed to do.stack_name (
str
) – The name of the stack to apply this action to.template_path (
ArtifactPath
) – Input artifact with the CloudFormation template to deploy.account (
Optional
[str
]) – The AWS account this Action is supposed to operate in. Note: if you specify therole
property, this is ignored - the action will operate in the same region the passed role does. Default: - action resides in the same account as the pipelinecapabilities (
Optional
[Sequence
[CloudFormationCapabilities
]]) – (deprecated) Acknowledge certain changes made as part of deployment. For stacks that contain certain resources, explicit acknowledgement that AWS CloudFormation might create or update those resources. For example, you must specifyAnonymousIAM
orNamedIAM
if your stack template contains AWS Identity and Access Management (IAM) resources. For more information see the link below. Default: None, unlessadminPermissions
is truecfn_capabilities (
Optional
[Sequence
[CfnCapabilities
]]) – Acknowledge certain changes made as part of deployment. For stacks that contain certain resources, explicit acknowledgement is required that AWS CloudFormation might create or update those resources. For example, you must specifyANONYMOUS_IAM
orNAMED_IAM
if your stack template contains AWS Identity and Access Management (IAM) resources. For more information, see the link below. Default: None, unlessadminPermissions
is truedeployment_role (
Optional
[IRole
]) – IAM role to assume when deploying changes. If not specified, a fresh role is created. The role is created with zero permissions unlessadminPermissions
is true, in which case the role will have full permissions. Default: A fresh role with full or no permissions (depending on the value ofadminPermissions
).extra_inputs (
Optional
[Sequence
[Artifact
]]) – The list of additional input Artifacts for this Action. This is especially useful when used in conjunction with theparameterOverrides
property. For example, if you have: parameterOverrides: { ‘Param1’: action1.outputArtifact.bucketName, ‘Param2’: action2.outputArtifact.objectKey, } , if the output Artifacts ofaction1
andaction2
were not used to set either thetemplateConfiguration
or thetemplatePath
properties, you need to make sure to include them in theextraInputs
- otherwise, you’ll get an “unrecognized Artifact” error during your Pipeline’s execution.output (
Optional
[Artifact
]) – The name of the output artifact to generate. Only applied ifoutputFileName
is set as well. Default: Automatically generated artifact name.output_file_name (
Optional
[str
]) – A name for the filename in the output artifact to store the AWS CloudFormation call’s result. The file will contain the result of the call to AWS CloudFormation (for example the call to UpdateStack or CreateChangeSet). AWS CodePipeline adds the file to the output artifact after performing the specified action. Default: No output artifact generatedparameter_overrides (
Optional
[Mapping
[str
,Any
]]) – Additional template parameters. Template parameters specified here take precedence over template parameters found in the artifact specified by thetemplateConfiguration
property. We recommend that you use the template configuration file to specify most of your parameter values. Use parameter overrides to specify only dynamic parameter values (values that are unknown until you run the pipeline). All parameter names must be present in the stack template. Note: the entire object cannot be more than 1kB. Default: No overridesregion (
Optional
[str
]) – The AWS region the given Action resides in. Note that a cross-region Pipeline requires replication buckets to function correctly. You can provide their names with the {@link PipelineProps#crossRegionReplicationBuckets} property. If you don’t, the CodePipeline Construct will create new Stacks in your CDK app containing those buckets, that you will need tocdk deploy
before deploying the main, Pipeline-containing Stack. Default: the Action resides in the same region as the Pipelinereplace_on_failure (
Optional
[bool
]) – Replace the stack if it’s in a failed state. If this is set to true and the stack is in a failed state (one of ROLLBACK_COMPLETE, ROLLBACK_FAILED, CREATE_FAILED, DELETE_FAILED, or UPDATE_ROLLBACK_FAILED), AWS CloudFormation deletes the stack and then creates a new stack. If this is not set to true and the stack is in a failed state, the deployment fails. Default: falsetemplate_configuration (
Optional
[ArtifactPath
]) – Input artifact to use for template parameters values and stack policy. The template configuration file should contain a JSON object that should look like this:{ "Parameters": {...}, "Tags": {...}, "StackPolicy": {... }}
. For more information, see AWS CloudFormation Artifacts. Note that if you include sensitive information, such as passwords, restrict access to this file. Default: No template configuration based on input artifacts
- ExampleMetadata:
infused
Example:
from aws_cdk.core import PhysicalName # in stack for account 123456789012... # other_account_stack: Stack action_role = iam.Role(other_account_stack, "ActionRole", assumed_by=iam.AccountPrincipal("123456789012"), # the role has to have a physical name set role_name=PhysicalName.GENERATE_IF_NEEDED ) # in the pipeline stack... source_output = codepipeline.Artifact() codepipeline_actions.CloudFormationCreateUpdateStackAction( action_name="CloudFormationCreateUpdate", stack_name="MyStackName", admin_permissions=True, template_path=source_output.at_path("template.yaml"), role=action_role )
Attributes
- account
The AWS account this Action is supposed to operate in.
Note: if you specify the
role
property, this is ignored - the action will operate in the same region the passed role does.- Default:
action resides in the same account as the pipeline
- action_name
The physical, human-readable name of the Action.
Note that Action names must be unique within a single Stage.
- admin_permissions
Whether to grant full permissions to CloudFormation while deploying this template.
Setting this to
true
affects the defaults forrole
andcapabilities
, if you don’t specify any alternatives.The default role that will be created for you will have full (i.e.,
*
) permissions on all resources, and the deployment will have named IAM capabilities (i.e., able to create all IAM resources).This is a shorthand that you can use if you fully trust the templates that are deployed in this pipeline. If you want more fine-grained permissions, use
addToRolePolicy
andcapabilities
to control what the CloudFormation deployment is allowed to do.
- capabilities
(deprecated) Acknowledge certain changes made as part of deployment.
For stacks that contain certain resources, explicit acknowledgement that AWS CloudFormation might create or update those resources. For example, you must specify
AnonymousIAM
orNamedIAM
if your stack template contains AWS Identity and Access Management (IAM) resources. For more information see the link below.- Default:
None, unless
adminPermissions
is true- Deprecated:
use {@link cfnCapabilities} instead
- See:
- Stability:
deprecated
- cfn_capabilities
Acknowledge certain changes made as part of deployment.
For stacks that contain certain resources, explicit acknowledgement is required that AWS CloudFormation might create or update those resources. For example, you must specify
ANONYMOUS_IAM
orNAMED_IAM
if your stack template contains AWS Identity and Access Management (IAM) resources. For more information, see the link below.- Default:
None, unless
adminPermissions
is true- See:
- deployment_role
IAM role to assume when deploying changes.
If not specified, a fresh role is created. The role is created with zero permissions unless
adminPermissions
is true, in which case the role will have full permissions.- Default:
A fresh role with full or no permissions (depending on the value of
adminPermissions
).
- extra_inputs
The list of additional input Artifacts for this Action.
This is especially useful when used in conjunction with the
parameterOverrides
property. For example, if you have:parameterOverrides: { ‘Param1’: action1.outputArtifact.bucketName, ‘Param2’: action2.outputArtifact.objectKey, }
, if the output Artifacts of
action1
andaction2
were not used to set either thetemplateConfiguration
or thetemplatePath
properties, you need to make sure to include them in theextraInputs
- otherwise, you’ll get an “unrecognized Artifact” error during your Pipeline’s execution.
- output
The name of the output artifact to generate.
Only applied if
outputFileName
is set as well.- Default:
Automatically generated artifact name.
- output_file_name
A name for the filename in the output artifact to store the AWS CloudFormation call’s result.
The file will contain the result of the call to AWS CloudFormation (for example the call to UpdateStack or CreateChangeSet).
AWS CodePipeline adds the file to the output artifact after performing the specified action.
- Default:
No output artifact generated
- parameter_overrides
Additional template parameters.
Template parameters specified here take precedence over template parameters found in the artifact specified by the
templateConfiguration
property.We recommend that you use the template configuration file to specify most of your parameter values. Use parameter overrides to specify only dynamic parameter values (values that are unknown until you run the pipeline).
All parameter names must be present in the stack template.
Note: the entire object cannot be more than 1kB.
- Default:
No overrides
- region
The AWS region the given Action resides in.
Note that a cross-region Pipeline requires replication buckets to function correctly. You can provide their names with the {@link PipelineProps#crossRegionReplicationBuckets} property. If you don’t, the CodePipeline Construct will create new Stacks in your CDK app containing those buckets, that you will need to
cdk deploy
before deploying the main, Pipeline-containing Stack.- Default:
the Action resides in the same region as the Pipeline
- replace_on_failure
Replace the stack if it’s in a failed state.
If this is set to true and the stack is in a failed state (one of ROLLBACK_COMPLETE, ROLLBACK_FAILED, CREATE_FAILED, DELETE_FAILED, or UPDATE_ROLLBACK_FAILED), AWS CloudFormation deletes the stack and then creates a new stack.
If this is not set to true and the stack is in a failed state, the deployment fails.
- Default:
false
- role
The Role in which context’s this Action will be executing in.
The Pipeline’s Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your {@link IAction.bind} method in the {@link ActionBindOptions.role} property.
- Default:
a new Role will be generated
- run_order
The runOrder property for this Action.
RunOrder determines the relative order in which multiple Actions in the same Stage execute.
- stack_name
The name of the stack to apply this action to.
- template_configuration
Input artifact to use for template parameters values and stack policy.
The template configuration file should contain a JSON object that should look like this:
{ "Parameters": {...}, "Tags": {...}, "StackPolicy": {... }}
. For more information, see AWS CloudFormation Artifacts.Note that if you include sensitive information, such as passwords, restrict access to this file.
- Default:
No template configuration based on input artifacts
- template_path
Input artifact with the CloudFormation template to deploy.
- variables_namespace
The name of the namespace to use for variables emitted by this action.
- Default:
a name will be generated, based on the stage and action names,
if any of the action’s variables were referenced - otherwise, no namespace will be set