CloudFormationCreateUpdateStackActionProps

class aws_cdk.aws_codepipeline_actions.CloudFormationCreateUpdateStackActionProps(*, action_name, run_order=None, variables_namespace=None, role=None, admin_permissions, stack_name, template_path, account=None, capabilities=None, cfn_capabilities=None, deployment_role=None, extra_inputs=None, output=None, output_file_name=None, parameter_overrides=None, region=None, replace_on_failure=None, template_configuration=None)

Bases: CommonAwsActionProps

Properties for the CloudFormationCreateUpdateStackAction.

Parameters:
  • action_name (str) – The physical, human-readable name of the Action. Note that Action names must be unique within a single Stage.

  • run_order (Union[int, float, None]) – The runOrder property for this Action. RunOrder determines the relative order in which multiple Actions in the same Stage execute. Default: 1

  • variables_namespace (Optional[str]) – The name of the namespace to use for variables emitted by this action. Default: - a name will be generated, based on the stage and action names, if any of the action’s variables were referenced - otherwise, no namespace will be set

  • role (Optional[IRole]) – The Role in which context’s this Action will be executing in. The Pipeline’s Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your {@link IAction.bind} method in the {@link ActionBindOptions.role} property. Default: a new Role will be generated

  • admin_permissions (bool) – Whether to grant full permissions to CloudFormation while deploying this template. Setting this to true affects the defaults for role and capabilities, if you don’t specify any alternatives. The default role that will be created for you will have full (i.e., *) permissions on all resources, and the deployment will have named IAM capabilities (i.e., able to create all IAM resources). This is a shorthand that you can use if you fully trust the templates that are deployed in this pipeline. If you want more fine-grained permissions, use addToRolePolicy and capabilities to control what the CloudFormation deployment is allowed to do.

  • stack_name (str) – The name of the stack to apply this action to.

  • template_path (ArtifactPath) – Input artifact with the CloudFormation template to deploy.

  • account (Optional[str]) – The AWS account this Action is supposed to operate in. Note: if you specify the role property, this is ignored - the action will operate in the same region the passed role does. Default: - action resides in the same account as the pipeline

  • capabilities (Optional[Sequence[CloudFormationCapabilities]]) – (deprecated) Acknowledge certain changes made as part of deployment. For stacks that contain certain resources, explicit acknowledgement that AWS CloudFormation might create or update those resources. For example, you must specify AnonymousIAM or NamedIAM if your stack template contains AWS Identity and Access Management (IAM) resources. For more information see the link below. Default: None, unless adminPermissions is true

  • cfn_capabilities (Optional[Sequence[CfnCapabilities]]) – Acknowledge certain changes made as part of deployment. For stacks that contain certain resources, explicit acknowledgement is required that AWS CloudFormation might create or update those resources. For example, you must specify ANONYMOUS_IAM or NAMED_IAM if your stack template contains AWS Identity and Access Management (IAM) resources. For more information, see the link below. Default: None, unless adminPermissions is true

  • deployment_role (Optional[IRole]) – IAM role to assume when deploying changes. If not specified, a fresh role is created. The role is created with zero permissions unless adminPermissions is true, in which case the role will have full permissions. Default: A fresh role with full or no permissions (depending on the value of adminPermissions).

  • extra_inputs (Optional[Sequence[Artifact]]) – The list of additional input Artifacts for this Action. This is especially useful when used in conjunction with the parameterOverrides property. For example, if you have: parameterOverrides: { ‘Param1’: action1.outputArtifact.bucketName, ‘Param2’: action2.outputArtifact.objectKey, } , if the output Artifacts of action1 and action2 were not used to set either the templateConfiguration or the templatePath properties, you need to make sure to include them in the extraInputs - otherwise, you’ll get an “unrecognized Artifact” error during your Pipeline’s execution.

  • output (Optional[Artifact]) – The name of the output artifact to generate. Only applied if outputFileName is set as well. Default: Automatically generated artifact name.

  • output_file_name (Optional[str]) – A name for the filename in the output artifact to store the AWS CloudFormation call’s result. The file will contain the result of the call to AWS CloudFormation (for example the call to UpdateStack or CreateChangeSet). AWS CodePipeline adds the file to the output artifact after performing the specified action. Default: No output artifact generated

  • parameter_overrides (Optional[Mapping[str, Any]]) – Additional template parameters. Template parameters specified here take precedence over template parameters found in the artifact specified by the templateConfiguration property. We recommend that you use the template configuration file to specify most of your parameter values. Use parameter overrides to specify only dynamic parameter values (values that are unknown until you run the pipeline). All parameter names must be present in the stack template. Note: the entire object cannot be more than 1kB. Default: No overrides

  • region (Optional[str]) – The AWS region the given Action resides in. Note that a cross-region Pipeline requires replication buckets to function correctly. You can provide their names with the {@link PipelineProps#crossRegionReplicationBuckets} property. If you don’t, the CodePipeline Construct will create new Stacks in your CDK app containing those buckets, that you will need to cdk deploy before deploying the main, Pipeline-containing Stack. Default: the Action resides in the same region as the Pipeline

  • replace_on_failure (Optional[bool]) – Replace the stack if it’s in a failed state. If this is set to true and the stack is in a failed state (one of ROLLBACK_COMPLETE, ROLLBACK_FAILED, CREATE_FAILED, DELETE_FAILED, or UPDATE_ROLLBACK_FAILED), AWS CloudFormation deletes the stack and then creates a new stack. If this is not set to true and the stack is in a failed state, the deployment fails. Default: false

  • template_configuration (Optional[ArtifactPath]) – Input artifact to use for template parameters values and stack policy. The template configuration file should contain a JSON object that should look like this: { "Parameters": {...}, "Tags": {...}, "StackPolicy": {... }}. For more information, see AWS CloudFormation Artifacts. Note that if you include sensitive information, such as passwords, restrict access to this file. Default: No template configuration based on input artifacts

ExampleMetadata:

infused

Example:

from aws_cdk.core import PhysicalName

# in stack for account 123456789012...
# other_account_stack: Stack

action_role = iam.Role(other_account_stack, "ActionRole",
    assumed_by=iam.AccountPrincipal("123456789012"),
    # the role has to have a physical name set
    role_name=PhysicalName.GENERATE_IF_NEEDED
)

# in the pipeline stack...
source_output = codepipeline.Artifact()
codepipeline_actions.CloudFormationCreateUpdateStackAction(
    action_name="CloudFormationCreateUpdate",
    stack_name="MyStackName",
    admin_permissions=True,
    template_path=source_output.at_path("template.yaml"),
    role=action_role
)

Attributes

account

The AWS account this Action is supposed to operate in.

Note: if you specify the role property, this is ignored - the action will operate in the same region the passed role does.

Default:
  • action resides in the same account as the pipeline

action_name

The physical, human-readable name of the Action.

Note that Action names must be unique within a single Stage.

admin_permissions

Whether to grant full permissions to CloudFormation while deploying this template.

Setting this to true affects the defaults for role and capabilities, if you don’t specify any alternatives.

The default role that will be created for you will have full (i.e., *) permissions on all resources, and the deployment will have named IAM capabilities (i.e., able to create all IAM resources).

This is a shorthand that you can use if you fully trust the templates that are deployed in this pipeline. If you want more fine-grained permissions, use addToRolePolicy and capabilities to control what the CloudFormation deployment is allowed to do.

capabilities

(deprecated) Acknowledge certain changes made as part of deployment.

For stacks that contain certain resources, explicit acknowledgement that AWS CloudFormation might create or update those resources. For example, you must specify AnonymousIAM or NamedIAM if your stack template contains AWS Identity and Access Management (IAM) resources. For more information see the link below.

Default:

None, unless adminPermissions is true

Deprecated:

use {@link cfnCapabilities} instead

See:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities

Stability:

deprecated

cfn_capabilities

Acknowledge certain changes made as part of deployment.

For stacks that contain certain resources, explicit acknowledgement is required that AWS CloudFormation might create or update those resources. For example, you must specify ANONYMOUS_IAM or NAMED_IAM if your stack template contains AWS Identity and Access Management (IAM) resources. For more information, see the link below.

Default:

None, unless adminPermissions is true

See:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities

deployment_role

IAM role to assume when deploying changes.

If not specified, a fresh role is created. The role is created with zero permissions unless adminPermissions is true, in which case the role will have full permissions.

Default:

A fresh role with full or no permissions (depending on the value of adminPermissions).

extra_inputs

The list of additional input Artifacts for this Action.

This is especially useful when used in conjunction with the parameterOverrides property. For example, if you have:

parameterOverrides: { ‘Param1’: action1.outputArtifact.bucketName, ‘Param2’: action2.outputArtifact.objectKey, }

, if the output Artifacts of action1 and action2 were not used to set either the templateConfiguration or the templatePath properties, you need to make sure to include them in the extraInputs - otherwise, you’ll get an “unrecognized Artifact” error during your Pipeline’s execution.

output

The name of the output artifact to generate.

Only applied if outputFileName is set as well.

Default:

Automatically generated artifact name.

output_file_name

A name for the filename in the output artifact to store the AWS CloudFormation call’s result.

The file will contain the result of the call to AWS CloudFormation (for example the call to UpdateStack or CreateChangeSet).

AWS CodePipeline adds the file to the output artifact after performing the specified action.

Default:

No output artifact generated

parameter_overrides

Additional template parameters.

Template parameters specified here take precedence over template parameters found in the artifact specified by the templateConfiguration property.

We recommend that you use the template configuration file to specify most of your parameter values. Use parameter overrides to specify only dynamic parameter values (values that are unknown until you run the pipeline).

All parameter names must be present in the stack template.

Note: the entire object cannot be more than 1kB.

Default:

No overrides

region

The AWS region the given Action resides in.

Note that a cross-region Pipeline requires replication buckets to function correctly. You can provide their names with the {@link PipelineProps#crossRegionReplicationBuckets} property. If you don’t, the CodePipeline Construct will create new Stacks in your CDK app containing those buckets, that you will need to cdk deploy before deploying the main, Pipeline-containing Stack.

Default:

the Action resides in the same region as the Pipeline

replace_on_failure

Replace the stack if it’s in a failed state.

If this is set to true and the stack is in a failed state (one of ROLLBACK_COMPLETE, ROLLBACK_FAILED, CREATE_FAILED, DELETE_FAILED, or UPDATE_ROLLBACK_FAILED), AWS CloudFormation deletes the stack and then creates a new stack.

If this is not set to true and the stack is in a failed state, the deployment fails.

Default:

false

role

The Role in which context’s this Action will be executing in.

The Pipeline’s Role will assume this Role (the required permissions for that will be granted automatically) right before executing this Action. This Action will be passed into your {@link IAction.bind} method in the {@link ActionBindOptions.role} property.

Default:

a new Role will be generated

run_order

The runOrder property for this Action.

RunOrder determines the relative order in which multiple Actions in the same Stage execute.

Default:

1

See:

https://docs.aws.amazon.com/codepipeline/latest/userguide/reference-pipeline-structure.html

stack_name

The name of the stack to apply this action to.

template_configuration

Input artifact to use for template parameters values and stack policy.

The template configuration file should contain a JSON object that should look like this: { "Parameters": {...}, "Tags": {...}, "StackPolicy": {... }}. For more information, see AWS CloudFormation Artifacts.

Note that if you include sensitive information, such as passwords, restrict access to this file.

Default:

No template configuration based on input artifacts

template_path

Input artifact with the CloudFormation template to deploy.

variables_namespace

The name of the namespace to use for variables emitted by this action.

Default:

  • a name will be generated, based on the stage and action names,

if any of the action’s variables were referenced - otherwise, no namespace will be set