AWS::GlobalAccelerator::CrossAccountAttachment - AWS CloudFormation

AWS::GlobalAccelerator::CrossAccountAttachment

Create a cross-account attachment in AWS Global Accelerator. You create a cross-account attachment to specify the principals who have permission to work with resources in accelerators in their own account. You specify, in the same attachment, the resources that are shared.

A principal can be an AWS account number or the Amazon Resource Name (ARN) for an accelerator. For account numbers that are listed as principals, to work with a resource listed in the attachment, you must sign in to an account specified as a principal. Then, you can work with resources that are listed, with any of your accelerators. If an accelerator ARN is listed in the cross-account attachment as a principal, anyone with permission to make updates to the accelerator can work with resources that are listed in the attachment.

Specify each principal and resource separately. To specify two CIDR address pools, list them individually under Resources, and so on. For a command line operation, for example, you might use a statement like the following:

"Resources": [{"Cidr": "169.254.60.0/24"},{"Cidr": "169.254.59.0/24"}]

For more information, see Working with cross-account attachments and resources in AWS Global Accelerator in the AWS Global Accelerator Developer Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::GlobalAccelerator::CrossAccountAttachment", "Properties" : { "Name" : String, "Principals" : [ String, ... ], "Resources" : [ Resource, ... ], "Tags" : [ Tag, ... ] } }

YAML

Type: AWS::GlobalAccelerator::CrossAccountAttachment Properties: Name: String Principals: - String Resources: - Resource Tags: - Tag

Properties

Name

The name of the cross-account attachment.

Required: Yes

Type: String

Pattern: ^[a-zA-Z0-9_-]{0,64}$

Minimum: 1

Maximum: 64

Update requires: No interruption

Principals

The principals included in the cross-account attachment.

Required: No

Type: Array of String

Update requires: No interruption

Resources

The resources included in the cross-account attachment.

Required: No

Type: Array of Resource

Update requires: No interruption

Tags

Add tags for a cross-account attachment.

For more information, see Tagging in AWS Global Accelerator in the AWS Global Accelerator Developer Guide.

Required: No

Type: Array of Tag

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the Amazon Resource Name (ARN) of the cross-account attachment.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

AttachmentArn

The Amazon Resource Name (ARN) of the cross-account attachment.