NestedStack

class aws_cdk.core.NestedStack(scope, id, *, notification_arns=None, parameters=None, removal_policy=None, timeout=None)

Bases: Stack

A CloudFormation nested stack.

When you apply template changes to update a top-level stack, CloudFormation updates the top-level stack and initiates an update to its nested stacks. CloudFormation updates the resources of modified nested stacks, but does not update the resources of unmodified nested stacks.

Furthermore, this stack will not be treated as an independent deployment artifact (won’t be listed in “cdk list” or deployable through “cdk deploy”), but rather only synthesized as a template and uploaded as an asset to S3.

Cross references of resource attributes between the parent stack and the nested stack will automatically be translated to stack parameters and outputs.

ExampleMetadata:: lit=test/integ.restapi-import.lit.ts infused

Example:

from aws_cdk.aws_apigateway import IntegrationResponse, MethodResponse, IntegrationResponse, MethodResponse
from aws_cdk.core import App, CfnOutput, NestedStack, NestedStackProps, Stack
from constructs import Construct
from aws_cdk.aws_apigateway import Deployment, Method, MockIntegration, PassthroughBehavior, RestApi, Stage

#
# This file showcases how to split up a RestApi's Resources and Methods across nested stacks.
#
# The root stack 'RootStack' first defines a RestApi.
# Two nested stacks BooksStack and PetsStack, create corresponding Resources '/books' and '/pets'.
# They are then deployed to a 'prod' Stage via a third nested stack - DeployStack.
#
# To verify this worked, go to the APIGateway
#

class RootStack(Stack):
    def __init__(self, scope):
        super().__init__(scope, "integ-restapi-import-RootStack")

        rest_api = RestApi(self, "RestApi",
            deploy=False
        )
        rest_api.root.add_method("ANY")

        pets_stack = PetsStack(self,
            rest_api_id=rest_api.rest_api_id,
            root_resource_id=rest_api.rest_api_root_resource_id
        )
        books_stack = BooksStack(self,
            rest_api_id=rest_api.rest_api_id,
            root_resource_id=rest_api.rest_api_root_resource_id
        )
        DeployStack(self,
            rest_api_id=rest_api.rest_api_id,
            methods=pets_stack.methods.concat(books_stack.methods)
        )

        CfnOutput(self, "PetsURL",
            value=f"https://{restApi.restApiId}.execute-api.{this.region}.amazonaws.com/prod/pets"
        )

        CfnOutput(self, "BooksURL",
            value=f"https://{restApi.restApiId}.execute-api.{this.region}.amazonaws.com/prod/books"
        )

class PetsStack(NestedStack):

    def __init__(self, scope, *, restApiId, rootResourceId, parameters=None, timeout=None, notificationArns=None, removalPolicy=None):
        super().__init__(scope, "integ-restapi-import-PetsStack", restApiId=restApiId, rootResourceId=rootResourceId, parameters=parameters, timeout=timeout, notificationArns=notificationArns, removalPolicy=removalPolicy)

        api = RestApi.from_rest_api_attributes(self, "RestApi",
            rest_api_id=rest_api_id,
            root_resource_id=root_resource_id
        )

        method = api.root.add_resource("pets").add_method("GET", MockIntegration(
            integration_responses=[IntegrationResponse(
                status_code="200"
            )],
            passthrough_behavior=PassthroughBehavior.NEVER,
            request_templates={
                "application/json": "{ "statusCode": 200 }"
            }
        ),
            method_responses=[MethodResponse(status_code="200")]
        )

        self.methods.push(method)

class BooksStack(NestedStack):

    def __init__(self, scope, *, restApiId, rootResourceId, parameters=None, timeout=None, notificationArns=None, removalPolicy=None):
        super().__init__(scope, "integ-restapi-import-BooksStack", restApiId=restApiId, rootResourceId=rootResourceId, parameters=parameters, timeout=timeout, notificationArns=notificationArns, removalPolicy=removalPolicy)

        api = RestApi.from_rest_api_attributes(self, "RestApi",
            rest_api_id=rest_api_id,
            root_resource_id=root_resource_id
        )

        method = api.root.add_resource("books").add_method("GET", MockIntegration(
            integration_responses=[IntegrationResponse(
                status_code="200"
            )],
            passthrough_behavior=PassthroughBehavior.NEVER,
            request_templates={
                "application/json": "{ "statusCode": 200 }"
            }
        ),
            method_responses=[MethodResponse(status_code="200")]
        )

        self.methods.push(method)

class DeployStack(NestedStack):
    def __init__(self, scope, *, restApiId, methods=None, parameters=None, timeout=None, notificationArns=None, removalPolicy=None):
        super().__init__(scope, "integ-restapi-import-DeployStack", restApiId=restApiId, methods=methods, parameters=parameters, timeout=timeout, notificationArns=notificationArns, removalPolicy=removalPolicy)

        deployment = Deployment(self, "Deployment",
            api=RestApi.from_rest_api_id(self, "RestApi", rest_api_id)
        )
        if methods:
            for method in methods:
                deployment.node.add_dependency(method)
        Stage(self, "Stage", deployment=deployment)

RootStack(App())

Parameters:

scope (Construct) –
id (str) –
notification_arns (Optional[Sequence[str]]) – The Simple Notification Service (SNS) topics to publish stack related events. Default: - notifications are not sent for this stack.
parameters (Optional[Mapping[str, str]]) – The set value pairs that represent the parameters passed to CloudFormation when this nested stack is created. Each parameter has a name corresponding to a parameter defined in the embedded template and a value representing the value that you want to set for the parameter. The nested stack construct will automatically synthesize parameters in order to bind references from the parent stack(s) into the nested stack. Default: - no user-defined parameters are passed to the nested stack
removal_policy (Optional[RemovalPolicy]) – Policy to apply when the nested stack is removed. The default is Destroy, because all Removal Policies of resources inside the Nested Stack should already have been set correctly. You normally should not need to set this value. Default: RemovalPolicy.DESTROY
timeout (Optional[Duration]) – The length of time that CloudFormation waits for the nested stack to reach the CREATE_COMPLETE state. When CloudFormation detects that the nested stack has reached the CREATE_COMPLETE state, it marks the nested stack resource as CREATE_COMPLETE in the parent stack and resumes creating the parent stack. If the timeout period expires before the nested stack reaches CREATE_COMPLETE, CloudFormation marks the nested stack as failed and rolls back both the nested stack and parent stack. Default: - no timeout

Methods

add_dependency(target, reason=None)

Add a dependency between this stack and another stack.

This can be used to define dependencies between any two stacks within an app, and also supports nested stacks.

Parameters:

target (Stack) –
reason (Optional[str]) –

Return type:

None

add_docker_image_asset(*, source_hash, directory_name=None, docker_build_args=None, docker_build_target=None, docker_file=None, executable=None, network_mode=None, platform=None, repository_name=None)

(deprecated) Register a docker image asset on this Stack.

Parameters:

source_hash (str) – The hash of the contents of the docker build context. This hash is used throughout the system to identify this image and avoid duplicate work in case the source did not change. NOTE: this means that if you wish to update your docker image, you must make a modification to the source (e.g. add some metadata to your Dockerfile).
directory_name (Optional[str]) – The directory where the Dockerfile is stored, must be relative to the cloud assembly root. Default: - Exactly one of directoryName and executable is required
docker_build_args (Optional[Mapping[str, str]]) – Build args to pass to the docker build command. Since Docker build arguments are resolved before deployment, keys and values cannot refer to unresolved tokens (such as lambda.functionArn or queue.queueUrl). Only allowed when directoryName is specified. Default: - no build args are passed
docker_build_target (Optional[str]) – Docker target to build to. Only allowed when directoryName is specified. Default: - no target
docker_file (Optional[str]) – Path to the Dockerfile (relative to the directory). Only allowed when directoryName is specified. Default: - no file
executable (Optional[Sequence[str]]) – An external command that will produce the packaged asset. The command should produce the name of a local Docker image on stdout. Default: - Exactly one of directoryName and executable is required
network_mode (Optional[str]) – Networking mode for the RUN commands during build. Requires Docker Engine API v1.25+. Specify this property to build images on a specific networking mode. Default: - no networking mode specified
platform (Optional[str]) – Platform to build for. Requires Docker Buildx. Specify this property to build images on a specific platform. Default: - no platform specified (the current machine architecture will be used)
repository_name (Optional[str]) – (deprecated) ECR repository name. Specify this property if you need to statically address the image, e.g. from a Kubernetes Pod. Note, this is only the repository name, without the registry and the tag parts. Default: - automatically derived from the asset’s ID.

Deprecated:

Return type:

DockerImageAssetLocation

Use stack.synthesizer.addDockerImageAsset() if you are calling, and a different IStackSynthesizer class if you are implementing.

Stability:: deprecated

add_file_asset(*, source_hash, executable=None, file_name=None, packaging=None)

(deprecated) Register a file asset on this Stack.

Parameters:

source_hash (str) – A hash on the content source. This hash is used to uniquely identify this asset throughout the system. If this value doesn’t change, the asset will not be rebuilt or republished.
executable (Optional[Sequence[str]]) – An external command that will produce the packaged asset. The command should produce the location of a ZIP file on stdout. Default: - Exactly one of directory and executable is required
file_name (Optional[str]) – The path, relative to the root of the cloud assembly, in which this asset source resides. This can be a path to a file or a directory, depending on the packaging type. Default: - Exactly one of directory and executable is required
packaging (Optional[FileAssetPackaging]) – Which type of packaging to perform. Default: - Required if fileName is specified.

Deprecated:

Return type:

FileAssetLocation

Use stack.synthesizer.addFileAsset() if you are calling, and a different IStackSynthesizer class if you are implementing.

Stability:: deprecated

add_transform(transform)

Add a Transform to this stack. A Transform is a macro that AWS CloudFormation uses to process your template.

Duplicate values are removed when stack is synthesized.

Parameters:: transform (str) – The transform to add.
See:: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html
Return type:: None

Example:

# stack: Stack

stack.add_transform("AWS::Serverless-2016-10-31")

export_value(exported_value, *, name=None)

Create a CloudFormation Export for a value.

Returns a string representing the corresponding Fn.importValue() expression for this Export. You can control the name for the export by passing the name option.

If you don’t supply a value for name, the value you’re exporting must be a Resource attribute (for example: bucket.bucketName) and it will be given the same name as the automatic cross-stack reference that would be created if you used the attribute in another Stack.

One of the uses for this method is to remove the relationship between two Stacks established by automatic cross-stack references. It will temporarily ensure that the CloudFormation Export still exists while you remove the reference from the consuming stack. After that, you can remove the resource and the manual export.

Example

Here is how the process works. Let’s say there are two stacks, producerStack and consumerStack, and producerStack has a bucket called bucket, which is referenced by consumerStack (perhaps because an AWS Lambda Function writes into it, or something like that).

It is not safe to remove producerStack.bucket because as the bucket is being deleted, consumerStack might still be using it.

Instead, the process takes two deployments:

Deployment 1: break the relationship

Make sure consumerStack no longer references bucket.bucketName (maybe the consumer stack now uses its own bucket, or it writes to an AWS DynamoDB table, or maybe you just remove the Lambda Function altogether).
In the ProducerStack class, call this.exportValue(this.bucket.bucketName). This will make sure the CloudFormation Export continues to exist while the relationship between the two stacks is being broken.
Deploy (this will effectively only change the consumerStack, but it’s safe to deploy both).

Deployment 2: remove the bucket resource

You are now free to remove the bucket resource from producerStack.
Don’t forget to remove the exportValue() call as well.
Deploy again (this time only the producerStack will be changed – the bucket will be deleted).

Parameters:

exported_value (Any) –
name (Optional[str]) – The name of the export to create. Default: - A name is automatically chosen

Return type:

str

format_arn(*, resource, service, account=None, arn_format=None, partition=None, region=None, resource_name=None, sep=None)

Creates an ARN from components.

If partition, region or account are not specified, the stack’s partition, region and account will be used.

If any component is the empty string, an empty string will be inserted into the generated ARN at the location that component corresponds to.

The ARN will be formatted as follows:

arn:{partition}:{service}:{region}:{account}:{resource}{sep}}{resource-name}

The required ARN pieces that are omitted will be taken from the stack that the ‘scope’ is attached to. If all ARN pieces are supplied, the supplied scope can be ‘undefined’.

Parameters:

resource (str) – Resource type (e.g. “table”, “autoScalingGroup”, “certificate”). For some resource types, e.g. S3 buckets, this field defines the bucket name.
service (str) – The service namespace that identifies the AWS product (for example, ‘s3’, ‘iam’, ‘codepipline’).
account (Optional[str]) – The ID of the AWS account that owns the resource, without the hyphens. For example, 123456789012. Note that the ARNs for some resources don’t require an account number, so this component might be omitted. Default: The account the stack is deployed to.
arn_format (Optional[ArnFormat]) – The specific ARN format to use for this ARN value. Default: - uses value of sep as the separator for formatting, ArnFormat.SLASH_RESOURCE_NAME if that property was also not provided
partition (Optional[str]) – The partition that the resource is in. For standard AWS regions, the partition is aws. If you have resources in other partitions, the partition is aws-partitionname. For example, the partition for resources in the China (Beijing) region is aws-cn. Default: The AWS partition the stack is deployed to.
region (Optional[str]) – The region the resource resides in. Note that the ARNs for some resources do not require a region, so this component might be omitted. Default: The region the stack is deployed to.
resource_name (Optional[str]) – Resource name or path within the resource (i.e. S3 bucket object key) or a wildcard such as "*". This is service-dependent.
sep (Optional[str]) – (deprecated) Separator between resource type and the resource. Can be either ‘/’, ‘:’ or an empty string. Will only be used if resourceName is defined. Default: ‘/’

Return type:

str

get_logical_id(element)

Allocates a stack-unique CloudFormation-compatible logical identity for a specific resource.

This method is called when a CfnElement is created and used to render the initial logical identity of resources. Logical ID renames are applied at this stage.

This method uses the protected method allocateLogicalId to render the logical ID for an element. To modify the naming scheme, extend the Stack class and override this method.

Parameters:: element (CfnElement) – The CloudFormation element for which a logical identity is needed.
Return type:: str

parse_arn(arn, sep_if_token=None, has_name=None)

(deprecated) Given an ARN, parses it and returns components.

IF THE ARN IS A CONCRETE STRING…

…it will be parsed and validated. The separator (sep) will be set to ‘/’ if the 6th component includes a ‘/’, in which case, resource will be set to the value before the ‘/’ and resourceName will be the rest. In case there is no ‘/’, resource will be set to the 6th components and resourceName will be set to the rest of the string.

IF THE ARN IS A TOKEN…

…it cannot be validated, since we don’t have the actual value yet at the time of this function call. You will have to supply sepIfToken and whether or not ARNs of the expected format usually have resource names in order to parse it properly. The resulting ArnComponents object will contain tokens for the subexpressions of the ARN, not string literals.

If the resource name could possibly contain the separator char, the actual resource name cannot be properly parsed. This only occurs if the separator char is ‘/’, and happens for example for S3 object ARNs, IAM Role ARNs, IAM OIDC Provider ARNs, etc. To properly extract the resource name from a Tokenized ARN, you must know the resource type and call Arn.extractResourceName.

Parameters:

arn (str) – The ARN string to parse.
sep_if_token (Optional[str]) – The separator used to separate resource from resourceName.
has_name (Optional[bool]) – Whether there is a name component in the ARN at all. For example, SNS Topics ARNs have the ‘resource’ component contain the topic name, and no ‘resourceName’ component.

Return type:

ArnComponents

Returns:

an ArnComponents object which allows access to the various components of the ARN.

Deprecated:: use splitArn instead
Stability:: deprecated

regional_fact(fact_name, default_value=None)

Look up a fact value for the given fact for the region of this stack.

Will return a definite value only if the region of the current stack is resolved. If not, a lookup map will be added to the stack and the lookup will be done at CDK deployment time.

What regions will be included in the lookup map is controlled by the @aws-cdk/core:target-partitions context value: it must be set to a list of partitions, and only regions from the given partitions will be included. If no such context key is set, all regions will be included.

This function is intended to be used by construct library authors. Application builders can rely on the abstractions offered by construct libraries and do not have to worry about regional facts.

If defaultValue is not given, it is an error if the fact is unknown for the given region.

Parameters:

fact_name (str) –
default_value (Optional[str]) –

Return type:

str

rename_logical_id(old_id, new_id)

Rename a generated logical identities.

To modify the naming scheme strategy, extend the Stack class and override the allocateLogicalId method.

Parameters:

old_id (str) –
new_id (str) –

Return type:

None

report_missing_context(*, key, props, provider)

(deprecated) DEPRECATED.

Parameters:

key (str) – (deprecated) The missing context key.
props (Mapping[str, Any]) – (deprecated) A set of provider-specific options. (This is the old untyped definition, which is necessary for backwards compatibility. See cxschema for a type definition.)
provider (str) – (deprecated) The provider from which we expect this context key to be obtained. (This is the old untyped definition, which is necessary for backwards compatibility. See cxschema for a type definition.)

Deprecated:

use reportMissingContextKey()

Stability:

deprecated

Return type:

None

report_missing_context_key(*, key, props, provider)

Indicate that a context key was expected.

Contains instructions which will be emitted into the cloud assembly on how the key should be supplied.

Parameters:

key (str) – The missing context key.
props (Union[AmiContextQuery, Dict[str, Any], AvailabilityZonesContextQuery, HostedZoneContextQuery, SSMParameterContextQuery, VpcContextQuery, EndpointServiceAvailabilityZonesContextQuery, LoadBalancerContextQuery, LoadBalancerListenerContextQuery, SecurityGroupContextQuery, KeyContextQuery, PluginContextQuery]) – A set of provider-specific options.
provider (ContextProvider) – The provider from which we expect this context key to be obtained.

Return type:

None

resolve(obj)

Resolve a tokenized value in the context of the current stack.

Parameters:

obj (Any) –

Return type:

Any

set_parameter(name, value)

Assign a value to one of the nested stack parameters.

Parameters:

name (str) – The parameter name (ID).
value (str) – The value to assign.

Return type:

None

split_arn(arn, arn_format)

Splits the provided ARN into its components.

Works both if ‘arn’ is a string like ‘arn:aws:s3:::bucket’, and a Token representing a dynamic CloudFormation expression (in which case the returned components will also be dynamic CloudFormation expressions, encoded as Tokens).

Parameters:

arn (str) – the ARN to split into its components.
arn_format (ArnFormat) – the expected format of ‘arn’ - depends on what format the service ‘arn’ represents uses.

Return type:

ArnComponents

to_json_string(obj, space=None)

Convert an object, potentially containing tokens, to a JSON string.

Parameters:

obj (Any) –
space (Union[int, float, None]) –

Return type:

str

to_string()

Returns a string representation of this construct.

Return type:: str

Attributes

account

The AWS account into which this stack will be deployed.

This value is resolved according to the following rules:

The value provided to env.account when the stack is defined. This can either be a concerete account (e.g. 585695031111) or the Aws.accountId token.
Aws.accountId, which represents the CloudFormation intrinsic reference { "Ref": "AWS::AccountId" } encoded as a string token.

Preferably, you should use the return value as an opaque string and not attempt to parse it to implement your logic. If you do, you must first check that it is a concerete value an not an unresolved token. If this value is an unresolved token (Token.isUnresolved(stack.account) returns true), this implies that the user wishes that this stack will synthesize into a account-agnostic template. In this case, your code should either fail (throw an error, emit a synth error using Annotations.of(construct).addError()) or implement some other region-agnostic behavior.

artifact_id: The ID of the cloud assembly artifact for this stack.

availability_zones

Returns the list of AZs that are available in the AWS environment (account/region) associated with this stack.

If the stack is environment-agnostic (either account and/or region are tokens), this property will return an array with 2 tokens that will resolve at deploy-time to the first two availability zones returned from CloudFormation’s Fn::GetAZs intrinsic function.

If they are not available in the context, returns a set of dummy values and reports them as missing, and let the CLI resolve them by calling EC2 DescribeAvailabilityZones on the target environment.

To specify a different strategy for selecting availability zones override this method.

bundling_required: Indicates whether the stack requires bundling or not.

dependencies: Return the stacks this stack depends on.

environment

The environment coordinates in which this stack is deployed.

In the form aws://account/region. Use stack.account and stack.region to obtain the specific values, no need to parse.

You can use this value to determine if two stacks are targeting the same environment.

If either stack.account or stack.region are not concrete values (e.g. Aws.account or Aws.region) the special strings unknown-account and/or unknown-region will be used respectively to indicate this stack is region/account-agnostic.

nested: Indicates if this is a nested stack, in which case parentStack will include a reference to it’s parent.

nested_stack_parent: If this is a nested stack, returns it’s parent stack.

nested_stack_resource

If this is a nested stack, this represents its AWS::CloudFormation::Stack resource.

undefined for top-level (non-nested) stacks.

node: The construct tree node associated with this construct.

notification_arns: Returns the list of notification Amazon Resource Names (ARNs) for the current stack.

parent_stack

(deprecated) Returns the parent of a nested stack.

Deprecated:: use nestedStackParent
Stability:: deprecated

partition: The partition in which this stack is defined.

region

The AWS region into which this stack will be deployed (e.g. us-west-2).

This value is resolved according to the following rules:

The value provided to env.region when the stack is defined. This can either be a concerete region (e.g. us-west-2) or the Aws.region token.
Aws.region, which is represents the CloudFormation intrinsic reference { "Ref": "AWS::Region" } encoded as a string token.

Preferably, you should use the return value as an opaque string and not attempt to parse it to implement your logic. If you do, you must first check that it is a concerete value an not an unresolved token. If this value is an unresolved token (Token.isUnresolved(stack.region) returns true), this implies that the user wishes that this stack will synthesize into a region-agnostic template. In this case, your code should either fail (throw an error, emit a synth error using Annotations.of(construct).addError()) or implement some other region-agnostic behavior.

stack_id

An attribute that represents the ID of the stack.

This is a context aware attribute:

If this is referenced from the parent stack, it will return { "Ref": "LogicalIdOfNestedStackResource" }.
If this is referenced from the context of the nested stack, it will return { "Ref": "AWS::StackId" }

Example value: arn:aws:cloudformation:us-east-2:123456789012:stack/mystack-mynestedstack-sggfrhxhum7w/f449b250-b969-11e0-a185-5081d0136786

Attribute:: true

stack_name

An attribute that represents the name of the nested stack.

This is a context aware attribute:

If this is referenced from the parent stack, it will return a token that parses the name from the stack ID.
If this is referenced from the context of the nested stack, it will return { "Ref": "AWS::StackName" }

Example value: mystack-mynestedstack-sggfrhxhum7w

Attribute:: true

synthesizer: Synthesis method for this stack.

tags: Tags to be applied to the stack.

template_file

The name of the CloudFormation template file emitted to the output directory during synthesis.

Example value: MyStack.template.json

template_options: Options for CloudFormation template (like version, transform, description).

termination_protection: Whether termination protection is enabled for this stack.

url_suffix: The Amazon domain suffix for the region in which this stack is defined.

Static Methods

classmethod is_construct(x)

Return whether the given object is a Construct.

Parameters:

x (Any) –

Return type:

bool

classmethod is_nested_stack(x)

Checks if x is an object of type NestedStack.

Parameters:

x (Any) –

Return type:

bool

classmethod is_stack(x)

Return whether the given object is a Stack.

We do attribute detection since we can’t reliably use ‘instanceof’.

Parameters:

x (Any) –

Return type:

bool

classmethod of(construct)

Looks up the first stack scope in which construct is defined.

Fails if there is no stack up the tree.

Parameters:: construct (IConstruct) – The construct to start the search from.
Return type:: Stack