AWS::GlobalAccelerator::CrossAccountAttachment
Create a cross-account attachment in AWS Global Accelerator. You create a cross-account attachment to specify the principals who have permission to work with resources in accelerators in their own account. You specify, in the same attachment, the resources that are shared.
A principal can be an AWS account number or the Amazon Resource Name (ARN) for an accelerator. For account numbers that are listed as principals, to work with a resource listed in the attachment, you must sign in to an account specified as a principal. Then, you can work with resources that are listed, with any of your accelerators. If an accelerator ARN is listed in the cross-account attachment as a principal, anyone with permission to make updates to the accelerator can work with resources that are listed in the attachment.
Specify each principal and resource separately. To specify two CIDR address pools, list
them individually under Resources
, and so on. For a command line operation, for example,
you might use a statement like the following:
"Resources": [{"Cidr": "169.254.60.0/24"},{"Cidr": "169.254.59.0/24"}]
For more information, see Working with cross-account attachments and resources in AWS Global Accelerator in the AWS Global Accelerator Developer Guide.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::GlobalAccelerator::CrossAccountAttachment", "Properties" : { "Name" :
String
, "Principals" :[ String, ... ]
, "Resources" :[ Resource, ... ]
, "Tags" :[ Tag, ... ]
} }
YAML
Type: AWS::GlobalAccelerator::CrossAccountAttachment Properties: Name:
String
Principals:- String
Resources:- Resource
Tags:- Tag
Properties
Name
-
The name of the cross-account attachment.
Required: Yes
Type: String
Pattern:
^[a-zA-Z0-9_-]{0,64}$
Minimum:
1
Maximum:
64
Update requires: No interruption
Principals
-
The principals included in the cross-account attachment.
Required: No
Type: Array of String
Update requires: No interruption
Resources
-
The resources included in the cross-account attachment.
Required: No
Type: Array of Resource
Update requires: No interruption
-
Add tags for a cross-account attachment.
For more information, see Tagging in AWS Global Accelerator in the AWS Global Accelerator Developer Guide.
Required: No
Type: Array of Tag
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the Amazon Resource Name (ARN) of the cross-account attachment.
For more information about using the Ref
function, see Ref
.
Fn::GetAtt
The Fn::GetAtt
intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt
intrinsic function, see Fn::GetAtt
.
AttachmentArn
-
The Amazon Resource Name (ARN) of the cross-account attachment.