AWS::CloudFormation::CustomResource - AWS CloudFormation

AWS::CloudFormation::CustomResource

In a CloudFormation template, you use the AWS::CloudFormation::CustomResource or Custom::String resource type to specify custom resources.

Custom resources provide a way for you to write custom provisioning logic in CloudFormation template and have CloudFormation run it during a stack operation, such as when you create, update or delete a stack. For more information, see Custom resources.

Note

If you use the VPC endpoints feature, custom resources in the VPC must have access to CloudFormation-specific Amazon Simple Storage Service (Amazon S3) buckets. Custom resources must send responses to a presigned Amazon S3 URL. If they can't send responses to Amazon S3, CloudFormation won't receive a response and the stack operation fails. For more information, see Setting up VPC endpoints for AWS CloudFormation.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::CloudFormation::CustomResource", "Properties" : { "ServiceTimeout" : String, "ServiceToken" : String } }

YAML

Type: AWS::CloudFormation::CustomResource Properties: ServiceTimeout: String ServiceToken: String

Properties

ServiceTimeout

The maximum time, in seconds, that can elapse before a custom resource operation times out.

The value must be an integer from 1 to 3600. The default value is 3600 seconds (1 hour).

Required: No

Type: String

Update requires: No interruption

ServiceToken

The service token, such as an Amazon SNS topic ARN or Lambda function ARN. The service token must be from the same Region as the stack.

Updates aren't supported.

Required: Yes

Type: String

Update requires: Replacement

Return values

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Remarks

Specifying custom resource type names

For custom resources, you can specify AWS::CloudFormation::CustomResource as the resource type, or you can specify your own resource type name. For example, instead of using AWS::CloudFormation::CustomResource, you can use Custom::MyCustomResourceTypeName.

Custom resource type names can include alphanumeric characters and the following characters: _@-. You can specify a custom resource type name up to a maximum length of 60 characters. You can't change the type during an update.

Using your own resource type names helps you quickly differentiate the types of custom resources in your stack. For example, if you had two custom resources that conduct two different ping tests, you could name their type as Custom::PingTester to make them easily identifiable as ping testers (instead of using AWS::CloudFormation::CustomResource).

Replacing a custom resource during an update

You can update custom resources that require a replacement of the underlying physical resource. When you update a custom resource in a CloudFormation template, CloudFormation sends an update request to that custom resource. If the custom resource requires a replacement, the new custom resource must send a response with the new physical ID. When CloudFormation receives the response, it compares the PhysicalResourceId between the old and new custom resources. If they're different, CloudFormation recognizes the update as a replacement and sends a delete request to the old resource. For a step-by-step walkthrough of this process, see Stack updates.

Note the following:

Retrieving return values

For a custom resource, return values are defined by the custom resource provider, and are retrieved by calling Fn::GetAtt on the provider-defined attributes.

Examples

Creating a custom resource definition in a template

The following example demonstrates how to create a custom resource definition in a template.

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "MyFrontEndTest": { "Type": "Custom::PingTester", "Version": "1.0", "Properties": { "ServiceToken": "arn:aws:sns:us-east-1:84969EXAMPLE:CRTest", "ServiceTimeout": "600", "key1": "string", "key2": [ "list" ], "key3": { "key4": "map" } } } }, "Outputs": { "CustomResourceAttribute1": { "Value": { "Fn::GetAtt": [ "MyFrontEndTest", "responseKey1" ] } }, "CustomResourceAttribute2": { "Value": { "Fn::GetAtt": [ "MyFrontEndTest", "responseKey2" ] } } } }

YAML

AWSTemplateFormatVersion: 2010-09-09 Resources: MyFrontEndTest: Type: 'Custom::PingTester' Version: '1.0' Properties: ServiceToken: 'arn:aws:sns:us-east-1:84969EXAMPLE:CRTest' ServiceTimeout: 600 key1: string key2: - list key3: key4: map Outputs: CustomResourceAttribute1: Value: !GetAtt - MyFrontEndTest - responseKey1 CustomResourceAttribute2: Value: !GetAtt - MyFrontEndTest - responseKey2

Using a Lambda function in a custom resource

With AWS Lambda functions and custom resources, you can run custom code in response to stack events (create, update, and delete). The following custom resource invokes a Lambda function and sends it the StackName property as input. The function uses this property to get outputs from the appropriate stack.

For more information on creating Lambda-backed custom resources, see Walkthrough: Look up AMI IDs with a Lambda-backed custom resource.

JSON

{ "MyCustomResource": { "Type": "Custom::TestLambdaCrossStackRef", "Properties": { "ServiceToken": { "Fn::Join": [ "", [ "arn:aws:lambda:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":function:", { "Ref": "LambdaFunctionName" } ] ] }, "ServiceTimeout": "35", "StackName": { "Ref": "NetworkStackName" } } } }

YAML

MyCustomResource: Type: 'Custom::TestLambdaCrossStackRef' Properties: ServiceToken: !Join - '' - - 'arn:aws:lambda:' - !Ref 'AWS::Region' - ':' - !Ref 'AWS::AccountId' - ':function:' - !Ref LambdaFunctionName ServiceTimeout: 35 StackName: !Ref NetworkStackName