AWS::MWAA::Environment
The AWS::MWAA::Environment resource creates an Amazon Managed Workflows for Apache Airflow (MWAA) environment.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::MWAA::Environment", "Properties" : { "AirflowConfigurationOptions" :Json, "AirflowVersion" :String, "DagS3Path" :String, "EndpointManagement" :String, "EnvironmentClass" :String, "ExecutionRoleArn" :String, "KmsKey" :String, "LoggingConfiguration" :LoggingConfiguration, "MaxWebservers" :Integer, "MaxWorkers" :Integer, "MinWebservers" :Integer, "MinWorkers" :Integer, "Name" :String, "NetworkConfiguration" :NetworkConfiguration, "PluginsS3ObjectVersion" :String, "PluginsS3Path" :String, "RequirementsS3ObjectVersion" :String, "RequirementsS3Path" :String, "Schedulers" :Integer, "SourceBucketArn" :String, "StartupScriptS3ObjectVersion" :String, "StartupScriptS3Path" :String, "Tags" :[, "WebserverAccessMode" :Tag, ... ]String, "WeeklyMaintenanceWindowStart" :String} }
YAML
Type: AWS::MWAA::Environment Properties: AirflowConfigurationOptions:JsonAirflowVersion:StringDagS3Path:StringEndpointManagement:StringEnvironmentClass:StringExecutionRoleArn:StringKmsKey:StringLoggingConfiguration:LoggingConfigurationMaxWebservers:IntegerMaxWorkers:IntegerMinWebservers:IntegerMinWorkers:IntegerName:StringNetworkConfiguration:NetworkConfigurationPluginsS3ObjectVersion:StringPluginsS3Path:StringRequirementsS3ObjectVersion:StringRequirementsS3Path:StringSchedulers:IntegerSourceBucketArn:StringStartupScriptS3ObjectVersion:StringStartupScriptS3Path:StringTags:-WebserverAccessMode:TagStringWeeklyMaintenanceWindowStart:String
Properties
AirflowConfigurationOptions-
A list of key-value pairs containing the Airflow configuration options for your environment. For example,
core.default_timezone: utc. To learn more, see Apache Airflow configuration options.Required: No
Type: Json
Update requires: Some interruptions
AirflowVersion-
The version of Apache Airflow to use for the environment. If no value is specified, defaults to the latest version.
If you specify a newer version number for an existing environment, the version update requires some service interruption before taking effect.
Allowed Values:
1.10.12|2.0.2|2.2.2|2.4.3|2.5.1|2.6.3|2.7.2|2.8.1|2.9.2(latest)Required: No
Type: String
Pattern:
^[0-9a-z.]+$Maximum:
32Update requires: Replacement
DagS3Path-
The relative path to the DAGs folder on your Amazon S3 bucket. For example,
dags. To learn more, see Adding or updating DAGs.Required: No
Type: String
Pattern:
.*Maximum:
1024Update requires: Some interruptions
EndpointManagement-
Defines whether the VPC endpoints configured for the environment are created, and managed, by the customer or by Amazon MWAA. If set to
SERVICE, Amazon MWAA will create and manage the required VPC endpoints in your VPC. If set toCUSTOMER, you must create, and manage, the VPC endpoints in your VPC.Required: No
Type: String
Allowed values:
CUSTOMER | SERVICEUpdate requires: Replacement
EnvironmentClass-
The environment class type. Valid values:
mw1.small,mw1.medium,mw1.large. To learn more, see Amazon MWAA environment class.Required: No
Type: String
Minimum:
1Maximum:
1024Update requires: Some interruptions
ExecutionRoleArn-
The Amazon Resource Name (ARN) of the execution role in IAM that allows MWAA to access AWS resources in your environment. For example,
arn:aws:iam::123456789:role/my-execution-role. To learn more, see Amazon MWAA Execution role.Required: No
Type: String
Pattern:
^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b)(-[a-z]+)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$Maximum:
1224Update requires: Some interruptions
KmsKey-
The AWS Key Management Service (KMS) key to encrypt and decrypt the data in your environment. You can use an AWS KMS key managed by MWAA, or a customer-managed KMS key (advanced).
Required: No
Type: String
Pattern:
^(((arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b)(-[a-z]+)?:kms:[a-z]{2}-[a-z]+-\d:\d+:)?key\/)?[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|(arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):kms:[a-z]{2}-[a-z]+-\d:\d+:)?alias/.+)$Maximum:
1224Update requires: Replacement
LoggingConfiguration-
The Apache Airflow logs being sent to CloudWatch Logs:
DagProcessingLogs,SchedulerLogs,TaskLogs,WebserverLogs,WorkerLogs.Required: No
Type: LoggingConfiguration
Update requires: Some interruptions
MaxWebservers-
The maximum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for
MaxWebserverswhen you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. For example, in scenarios where your workload requires network calls to the Apache Airflow REST API with a high transaction-per-second (TPS) rate, Amazon MWAA will increase the number of web servers up to the number set inMaxWebserers. As TPS rates decrease Amazon MWAA disposes of the additional web servers, and scales down to the number set inMinxWebserers.Valid values: For environments larger than mw1.micro, accepts values from
2to5. Defaults to2for all environment sizes except mw1.micro, which defaults to1.Required: No
Type: Integer
Minimum:
1Update requires: No interruption
MaxWorkers-
The maximum number of workers that you want to run in your environment. MWAA scales the number of Apache Airflow workers up to the number you specify in the
MaxWorkersfield. For example,20. When there are no more tasks running, and no more in the queue, MWAA disposes of the extra workers leaving the one worker that is included with your environment, or the number you specify inMinWorkers.Required: No
Type: Integer
Minimum:
1Update requires: Some interruptions
MinWebservers-
The minimum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for
MaxWebserverswhen you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. As the transaction-per-second rate, and the network load, decrease, Amazon MWAA disposes of the additional web servers, and scales down to the number set inMinxWebserers.Valid values: For environments larger than mw1.micro, accepts values from
2to5. Defaults to2for all environment sizes except mw1.micro, which defaults to1.Required: No
Type: Integer
Minimum:
1Update requires: No interruption
MinWorkers-
The minimum number of workers that you want to run in your environment. MWAA scales the number of Apache Airflow workers up to the number you specify in the
MaxWorkersfield. When there are no more tasks running, and no more in the queue, MWAA disposes of the extra workers leaving the worker count you specify in theMinWorkersfield. For example,2.Required: No
Type: Integer
Minimum:
1Update requires: Some interruptions
Name-
The name of your Amazon MWAA environment.
Required: Yes
Type: String
Pattern:
^[a-zA-Z][0-9a-zA-Z\-_]*$Minimum:
1Maximum:
80Update requires: Replacement
NetworkConfiguration-
The VPC networking components used to secure and enable network traffic between the AWS resources for your environment. To learn more, see About networking on Amazon MWAA.
Required: No
Type: NetworkConfiguration
Update requires: Replacement
PluginsS3ObjectVersion-
The version of the plugins.zip file on your Amazon S3 bucket. To learn more, see Installing custom plugins.
Required: No
Type: String
Maximum:
1024Update requires: Some interruptions
PluginsS3Path-
The relative path to the
plugins.zipfile on your Amazon S3 bucket. For example,plugins.zip. To learn more, see Installing custom plugins.Required: No
Type: String
Pattern:
.*Maximum:
1024Update requires: Some interruptions
RequirementsS3ObjectVersion-
The version of the requirements.txt file on your Amazon S3 bucket. To learn more, see Installing Python dependencies.
Required: No
Type: String
Maximum:
1024Update requires: Some interruptions
RequirementsS3Path-
The relative path to the
requirements.txtfile on your Amazon S3 bucket. For example,requirements.txt. To learn more, see Installing Python dependencies.Required: No
Type: String
Pattern:
.*Maximum:
1024Update requires: Some interruptions
Schedulers-
The number of schedulers that you want to run in your environment. Valid values:
-
v2 - Accepts between 2 to 5. Defaults to 2.
-
v1 - Accepts 1.
Required: No
Type: Integer
Minimum:
1Update requires: Some interruptions
-
SourceBucketArn-
The Amazon Resource Name (ARN) of the Amazon S3 bucket where your DAG code and supporting files are stored. For example,
arn:aws:s3:::my-airflow-bucket-unique-name. To learn more, see Create an Amazon S3 bucket for Amazon MWAA.Required: No
Type: String
Pattern:
^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b)(-[a-z]+)?:s3:::[a-z0-9.\-]+$Minimum:
1Maximum:
1224Update requires: Some interruptions
StartupScriptS3ObjectVersion-
The version of the startup shell script in your Amazon S3 bucket. You must specify the version ID that Amazon S3 assigns to the file every time you update the script.
Version IDs are Unicode, UTF-8 encoded, URL-ready, opaque strings that are no more than 1,024 bytes long. The following is an example:
3sL4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUoFor more information, see Using a startup script.
Required: No
Type: String
Maximum:
1024Update requires: Some interruptions
StartupScriptS3Path-
The relative path to the startup shell script in your Amazon S3 bucket. For example,
s3://mwaa-environment/startup.sh.Amazon MWAA runs the script as your environment starts, and before running the Apache Airflow process. You can use this script to install dependencies, modify Apache Airflow configuration options, and set environment variables. For more information, see Using a startup script.
Required: No
Type: String
Pattern:
.*Maximum:
1024Update requires: Some interruptions
-
The key-value tag pairs associated to your environment. For example,
"Environment": "Staging". To learn more, see Tagging.If you specify new tags for an existing environment, the update requires service interruption before taking effect.
Required: No
Type: Array of
TagUpdate requires: Some interruptions
WebserverAccessMode-
The Apache Airflow Web server access mode. To learn more, see Apache Airflow access modes. Valid values:
PRIVATE_ONLYorPUBLIC_ONLY.Required: No
Type: String
Allowed values:
PRIVATE_ONLY | PUBLIC_ONLYUpdate requires: Some interruptions
WeeklyMaintenanceWindowStart-
The day and time of the week to start weekly maintenance updates of your environment in the following format:
DAY:HH:MM. For example:TUE:03:30. You can specify a start time in 30 minute increments only. Supported input includes the following:-
MON|TUE|WED|THU|FRI|SAT|SUN:([01]\\d|2[0-3]):(00|30)
Required: No
Type: String
Pattern:
(MON|TUE|WED|THU|FRI|SAT|SUN):([01]\d|2[0-3]):(00|30)Maximum:
9Update requires: Some interruptions
-
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the environment details.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
Arn-
The ARN for the Amazon MWAA environment.
CeleryExecutorQueue-
The queue ARN for the environment's Celery Executor
. Amazon MWAA uses a Celery Executor to distribute tasks across multiple workers. When you create an environment in a shared VPC, you must provide access to the Celery Executor queue from your VPC. DatabaseVpcEndpointService-
The VPC endpoint for the environment's Amazon RDS database.
LoggingConfiguration.DagProcessingLogs.CloudWatchLogGroupArn-
The ARN for the CloudWatch Logs group where the Apache Airflow DAG processing logs are published.
LoggingConfiguration.SchedulerLogs.CloudWatchLogGroupArn-
The ARN for the CloudWatch Logs group where the Apache Airflow Scheduler logs are published.
LoggingConfiguration.TaskLogs.CloudWatchLogGroupArn-
The ARN for the CloudWatch Logs group where the Apache Airflow task logs are published.
LoggingConfiguration.WebserverLogs.CloudWatchLogGroupArn-
The ARN for the CloudWatch Logs group where the Apache Airflow Web server logs are published.
LoggingConfiguration.WorkerLogs.CloudWatchLogGroupArn-
The ARN for the CloudWatch Logs group where the Apache Airflow Worker logs are published.
WebserverUrl-
The URL of your Apache Airflow UI.
WebserverVpcEndpointService-
The VPC endpoint for the environment's web server.
Examples
Create a MWAA environment - JSON
The following example shows how to create a MWAA environment:
JSON
{ "Environment": { "Type": "AWS::MWAA::Environment", "Properties": { "Name": "my-airflow-environment", "AirflowConfigurationOptions": { "logging.logging_level": "INFO", "core.default_timezone": "utc" }, "Tags": { "Environment": "Staging", "Team": "Analytics" }, "NetworkConfiguration": { "SubnetIds": [ "subnet-123456", "subnet-789011" ], "SecurityGroupIds": [ "sg-0101010" ] }, "LoggingConfiguration": { "DagProcessingLogs": { "Enabled": true, "LogLevel": "INFO" }, "SchedulerLogs": { "Enabled": false, "LogLevel": "INFO" }, "TaskLogs": { "Enabled": true, "LogLevel": "INFO" }, "WebserverLogs": { "Enabled": false, "LogLevel": "INFO" }, "WorkerLogs": { "Enabled": false, "LogLevel": "INFO" } }, "SourceBucketArn": "arn:aws:s3:::my-dags-bucket", "ExecutionRoleArn": "arn:aws:iam::012345678900:role/service-role/my-execution-role", "MaxWorkers": 1, "DagS3Path": "dags", "EnvironmentClass": "mw1.small" } } }
Create a MWAA environment - YAML
The following example shows how to create a MWAA environment:
YAML
Environment: Properties: AirflowConfigurationOptions: core.default_timezone: utc logging.logging_level: INFO DagS3Path: dags EnvironmentClass: mw1.small ExecutionRoleArn: "arn:aws:iam::012345678900:role/service-role/my-execution-role" LoggingConfiguration: DagProcessingLogs: Enabled: true LogLevel: INFO SchedulerLogs: Enabled: false LogLevel: INFO TaskLogs: Enabled: true LogLevel: INFO WebserverLogs: Enabled: false LogLevel: INFO WorkerLogs: Enabled: false LogLevel: INFO MaxWorkers: 1 Name: my-airflow-environment NetworkConfiguration: SecurityGroupIds: - sg-0101010 SubnetIds: - subnet-123456 - subnet-789011 SourceBucketArn: "arn:aws:s3:::my-dags-bucket" Tags: Environment: Staging Team: Analytics Type: "AWS::MWAA::Environment"
