AWS::MWAA::Environment - AWS CloudFormation

AWS::MWAA::Environment

The AWS::MWAA::Environment resource creates an Amazon Managed Workflows for Apache Airflow (MWAA) environment.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::MWAA::Environment", "Properties" : { "AirflowConfigurationOptions" : Json, "AirflowVersion" : String, "DagS3Path" : String, "EndpointManagement" : String, "EnvironmentClass" : String, "ExecutionRoleArn" : String, "KmsKey" : String, "LoggingConfiguration" : LoggingConfiguration, "MaxWebservers" : Integer, "MaxWorkers" : Integer, "MinWebservers" : Integer, "MinWorkers" : Integer, "Name" : String, "NetworkConfiguration" : NetworkConfiguration, "PluginsS3ObjectVersion" : String, "PluginsS3Path" : String, "RequirementsS3ObjectVersion" : String, "RequirementsS3Path" : String, "Schedulers" : Integer, "SourceBucketArn" : String, "StartupScriptS3ObjectVersion" : String, "StartupScriptS3Path" : String, "Tags" : [ Tag, ... ], "WebserverAccessMode" : String, "WeeklyMaintenanceWindowStart" : String } }

Properties

AirflowConfigurationOptions

A list of key-value pairs containing the Airflow configuration options for your environment. For example, core.default_timezone: utc. To learn more, see Apache Airflow configuration options.

Required: No

Type: Json

Update requires: Some interruptions

AirflowVersion

The version of Apache Airflow to use for the environment. If no value is specified, defaults to the latest version.

If you specify a newer version number for an existing environment, the version update requires some service interruption before taking effect.

Allowed Values: 1.10.12 | 2.0.2 | 2.2.2 | 2.4.3 | 2.5.1 | 2.6.3 | 2.7.2 | 2.8.1 | 2.9.2 (latest)

Required: No

Type: String

Pattern: ^[0-9a-z.]+$

Maximum: 32

Update requires: Replacement

DagS3Path

The relative path to the DAGs folder on your Amazon S3 bucket. For example, dags. To learn more, see Adding or updating DAGs.

Required: No

Type: String

Pattern: .*

Maximum: 1024

Update requires: Some interruptions

EndpointManagement

Defines whether the VPC endpoints configured for the environment are created, and managed, by the customer or by Amazon MWAA. If set to SERVICE, Amazon MWAA will create and manage the required VPC endpoints in your VPC. If set to CUSTOMER, you must create, and manage, the VPC endpoints in your VPC.

Required: No

Type: String

Allowed values: CUSTOMER | SERVICE

Update requires: Replacement

EnvironmentClass

The environment class type. Valid values: mw1.small, mw1.medium, mw1.large. To learn more, see Amazon MWAA environment class.

Required: No

Type: String

Minimum: 1

Maximum: 1024

Update requires: Some interruptions

ExecutionRoleArn

The Amazon Resource Name (ARN) of the execution role in IAM that allows MWAA to access AWS resources in your environment. For example, arn:aws:iam::123456789:role/my-execution-role. To learn more, see Amazon MWAA Execution role.

Required: No

Type: String

Pattern: ^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b)(-[a-z]+)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$

Maximum: 1224

Update requires: Some interruptions

KmsKey

The AWS Key Management Service (KMS) key to encrypt and decrypt the data in your environment. You can use an AWS KMS key managed by MWAA, or a customer-managed KMS key (advanced).

Required: No

Type: String

Pattern: ^(((arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b)(-[a-z]+)?:kms:[a-z]{2}-[a-z]+-\d:\d+:)?key\/)?[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|(arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):kms:[a-z]{2}-[a-z]+-\d:\d+:)?alias/.+)$

Maximum: 1224

Update requires: Replacement

LoggingConfiguration

The Apache Airflow logs being sent to CloudWatch Logs: DagProcessingLogs, SchedulerLogs, TaskLogs, WebserverLogs, WorkerLogs.

Required: No

Type: LoggingConfiguration

Update requires: Some interruptions

MaxWebservers

The maximum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. For example, in scenarios where your workload requires network calls to the Apache Airflow REST API with a high transaction-per-second (TPS) rate, Amazon MWAA will increase the number of web servers up to the number set in MaxWebserers. As TPS rates decrease Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.

Valid values: For environments larger than mw1.micro, accepts values from 2 to 5. Defaults to 2 for all environment sizes except mw1.micro, which defaults to 1.

Required: No

Type: Integer

Minimum: 1

Update requires: No interruption

MaxWorkers

The maximum number of workers that you want to run in your environment. MWAA scales the number of Apache Airflow workers up to the number you specify in the MaxWorkers field. For example, 20. When there are no more tasks running, and no more in the queue, MWAA disposes of the extra workers leaving the one worker that is included with your environment, or the number you specify in MinWorkers.

Required: No

Type: Integer

Minimum: 1

Update requires: Some interruptions

MinWebservers

The minimum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. As the transaction-per-second rate, and the network load, decrease, Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.

Valid values: For environments larger than mw1.micro, accepts values from 2 to 5. Defaults to 2 for all environment sizes except mw1.micro, which defaults to 1.

Required: No

Type: Integer

Minimum: 1

Update requires: No interruption

MinWorkers

The minimum number of workers that you want to run in your environment. MWAA scales the number of Apache Airflow workers up to the number you specify in the MaxWorkers field. When there are no more tasks running, and no more in the queue, MWAA disposes of the extra workers leaving the worker count you specify in the MinWorkers field. For example, 2.

Required: No

Type: Integer

Minimum: 1

Update requires: Some interruptions

Name

The name of your Amazon MWAA environment.

Required: Yes

Type: String

Pattern: ^[a-zA-Z][0-9a-zA-Z\-_]*$

Minimum: 1

Maximum: 80

Update requires: Replacement

NetworkConfiguration

The VPC networking components used to secure and enable network traffic between the AWS resources for your environment. To learn more, see About networking on Amazon MWAA.

Required: No

Type: NetworkConfiguration

Update requires: Replacement

PluginsS3ObjectVersion

The version of the plugins.zip file on your Amazon S3 bucket. To learn more, see Installing custom plugins.

Required: No

Type: String

Maximum: 1024

Update requires: Some interruptions

PluginsS3Path

The relative path to the plugins.zip file on your Amazon S3 bucket. For example, plugins.zip. To learn more, see Installing custom plugins.

Required: No

Type: String

Pattern: .*

Maximum: 1024

Update requires: Some interruptions

RequirementsS3ObjectVersion

The version of the requirements.txt file on your Amazon S3 bucket. To learn more, see Installing Python dependencies.

Required: No

Type: String

Maximum: 1024

Update requires: Some interruptions

RequirementsS3Path

The relative path to the requirements.txt file on your Amazon S3 bucket. For example, requirements.txt. To learn more, see Installing Python dependencies.

Required: No

Type: String

Pattern: .*

Maximum: 1024

Update requires: Some interruptions

Schedulers

The number of schedulers that you want to run in your environment. Valid values:

  • v2 - Accepts between 2 to 5. Defaults to 2.

  • v1 - Accepts 1.

Required: No

Type: Integer

Minimum: 1

Update requires: Some interruptions

SourceBucketArn

The Amazon Resource Name (ARN) of the Amazon S3 bucket where your DAG code and supporting files are stored. For example, arn:aws:s3:::my-airflow-bucket-unique-name. To learn more, see Create an Amazon S3 bucket for Amazon MWAA.

Required: No

Type: String

Pattern: ^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b)(-[a-z]+)?:s3:::[a-z0-9.\-]+$

Minimum: 1

Maximum: 1224

Update requires: Some interruptions

StartupScriptS3ObjectVersion

The version of the startup shell script in your Amazon S3 bucket. You must specify the version ID that Amazon S3 assigns to the file every time you update the script.

Version IDs are Unicode, UTF-8 encoded, URL-ready, opaque strings that are no more than 1,024 bytes long. The following is an example:

3sL4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUo

For more information, see Using a startup script.

Required: No

Type: String

Maximum: 1024

Update requires: Some interruptions

StartupScriptS3Path

The relative path to the startup shell script in your Amazon S3 bucket. For example, s3://mwaa-environment/startup.sh.

Amazon MWAA runs the script as your environment starts, and before running the Apache Airflow process. You can use this script to install dependencies, modify Apache Airflow configuration options, and set environment variables. For more information, see Using a startup script.

Required: No

Type: String

Pattern: .*

Maximum: 1024

Update requires: Some interruptions

Tags

The key-value tag pairs associated to your environment. For example, "Environment": "Staging". To learn more, see Tagging.

If you specify new tags for an existing environment, the update requires service interruption before taking effect.

Required: No

Type: Array of Tag

Update requires: Some interruptions

WebserverAccessMode

The Apache Airflow Web server access mode. To learn more, see Apache Airflow access modes. Valid values: PRIVATE_ONLY or PUBLIC_ONLY.

Required: No

Type: String

Allowed values: PRIVATE_ONLY | PUBLIC_ONLY

Update requires: Some interruptions

WeeklyMaintenanceWindowStart

The day and time of the week to start weekly maintenance updates of your environment in the following format: DAY:HH:MM. For example: TUE:03:30. You can specify a start time in 30 minute increments only. Supported input includes the following:

  • MON|TUE|WED|THU|FRI|SAT|SUN:([01]\\d|2[0-3]):(00|30)

Required: No

Type: String

Pattern: (MON|TUE|WED|THU|FRI|SAT|SUN):([01]\d|2[0-3]):(00|30)

Maximum: 9

Update requires: Some interruptions

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the environment details.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

The ARN for the Amazon MWAA environment.

CeleryExecutorQueue

The queue ARN for the environment's Celery Executor. Amazon MWAA uses a Celery Executor to distribute tasks across multiple workers. When you create an environment in a shared VPC, you must provide access to the Celery Executor queue from your VPC.

DatabaseVpcEndpointService

The VPC endpoint for the environment's Amazon RDS database.

LoggingConfiguration.DagProcessingLogs.CloudWatchLogGroupArn

The ARN for the CloudWatch Logs group where the Apache Airflow DAG processing logs are published.

LoggingConfiguration.SchedulerLogs.CloudWatchLogGroupArn

The ARN for the CloudWatch Logs group where the Apache Airflow Scheduler logs are published.

LoggingConfiguration.TaskLogs.CloudWatchLogGroupArn

The ARN for the CloudWatch Logs group where the Apache Airflow task logs are published.

LoggingConfiguration.WebserverLogs.CloudWatchLogGroupArn

The ARN for the CloudWatch Logs group where the Apache Airflow Web server logs are published.

LoggingConfiguration.WorkerLogs.CloudWatchLogGroupArn

The ARN for the CloudWatch Logs group where the Apache Airflow Worker logs are published.

WebserverUrl

The URL of your Apache Airflow UI.

WebserverVpcEndpointService

The VPC endpoint for the environment's web server.

Examples

Create a MWAA environment - JSON

The following example shows how to create a MWAA environment:

JSON

{ "Environment": { "Type": "AWS::MWAA::Environment", "Properties": { "Name": "my-airflow-environment", "AirflowConfigurationOptions": { "logging.logging_level": "INFO", "core.default_timezone": "utc" }, "Tags": { "Environment": "Staging", "Team": "Analytics" }, "NetworkConfiguration": { "SubnetIds": [ "subnet-123456", "subnet-789011" ], "SecurityGroupIds": [ "sg-0101010" ] }, "LoggingConfiguration": { "DagProcessingLogs": { "Enabled": true, "LogLevel": "INFO" }, "SchedulerLogs": { "Enabled": false, "LogLevel": "INFO" }, "TaskLogs": { "Enabled": true, "LogLevel": "INFO" }, "WebserverLogs": { "Enabled": false, "LogLevel": "INFO" }, "WorkerLogs": { "Enabled": false, "LogLevel": "INFO" } }, "SourceBucketArn": "arn:aws:s3:::my-dags-bucket", "ExecutionRoleArn": "arn:aws:iam::012345678900:role/service-role/my-execution-role", "MaxWorkers": 1, "DagS3Path": "dags", "EnvironmentClass": "mw1.small" } } }

Create a MWAA environment - YAML

The following example shows how to create a MWAA environment:

YAML

Environment: Properties: AirflowConfigurationOptions: core.default_timezone: utc logging.logging_level: INFO DagS3Path: dags EnvironmentClass: mw1.small ExecutionRoleArn: "arn:aws:iam::012345678900:role/service-role/my-execution-role" LoggingConfiguration: DagProcessingLogs: Enabled: true LogLevel: INFO SchedulerLogs: Enabled: false LogLevel: INFO TaskLogs: Enabled: true LogLevel: INFO WebserverLogs: Enabled: false LogLevel: INFO WorkerLogs: Enabled: false LogLevel: INFO MaxWorkers: 1 Name: my-airflow-environment NetworkConfiguration: SecurityGroupIds: - sg-0101010 SubnetIds: - subnet-123456 - subnet-789011 SourceBucketArn: "arn:aws:s3:::my-dags-bucket" Tags: Environment: Staging Team: Analytics Type: "AWS::MWAA::Environment"