選取您的 Cookie 偏好設定

我們使用提供自身網站和服務所需的基本 Cookie 和類似工具。我們使用效能 Cookie 收集匿名統計資料,以便了解客戶如何使用我們的網站並進行改進。基本 Cookie 無法停用,但可以按一下「自訂」或「拒絕」以拒絕效能 Cookie。

如果您同意,AWS 與經核准的第三方也會使用 Cookie 提供實用的網站功能、記住您的偏好設定,並顯示相關內容,包括相關廣告。若要接受或拒絕所有非必要 Cookie,請按一下「接受」或「拒絕」。若要進行更詳細的選擇,請按一下「自訂」。

AWS::CloudFormation::LambdaHook

焦點模式

在本頁面

AWS::CloudFormation::LambdaHook - AWS CloudFormation
此頁面尚未翻譯為您的語言。 請求翻譯
篩選條件查看

The AWS::CloudFormation::LambdaHook resource creates and activates a Lambda Hook. You can use a Lambda Hook to evaluate your resources before allowing stack operations. This resource forwards requests for resource evaluation to a Lambda function.

For more information, see Lambda Hooks in the AWS CloudFormation Hooks User Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::CloudFormation::LambdaHook", "Properties" : { "Alias" : String, "ExecutionRole" : String, "FailureMode" : String, "HookStatus" : String, "LambdaFunction" : String, "StackFilters" : StackFilters, "TargetFilters" : TargetFilters, "TargetOperations" : [ String, ... ] } }

YAML

Type: AWS::CloudFormation::LambdaHook Properties: Alias: String ExecutionRole: String FailureMode: String HookStatus: String LambdaFunction: String StackFilters: StackFilters TargetFilters: TargetFilters TargetOperations: - String

Properties

Alias

The type name alias for the Hook. This alias must be unique per account and Region.

The alias must be in the form Name1::Name2::Name3 and must not begin with AWS. For example, Private::Lambda::MyTestHook.

Required: Yes

Type: String

Pattern: ^(?!(?i)aws)[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}$

Update requires: Replacement

ExecutionRole

The IAM role that the Hook assumes to invoke your Lambda function.

Required: Yes

Type: String

Pattern: arn:.+:iam::[0-9]{12}:role/.+

Maximum: 256

Update requires: No interruption

FailureMode

Specifies how the Hook responds when the Lambda function invoked by the Hook returns a FAILED response.

  • FAIL: Prevents the action from proceeding. This is helpful for enforcing strict compliance or security policies.

  • WARN: Issues warnings to users but allows actions to continue. This is useful for non-critical validations or informational checks.

Required: Yes

Type: String

Allowed values: FAIL | WARN

Update requires: No interruption

HookStatus

Specifies if the Hook is ENABLED or DISABLED.

Required: Yes

Type: String

Allowed values: ENABLED | DISABLED

Update requires: No interruption

LambdaFunction

Specifies the Lambda function for the Hook. You can use:

  • The full Amazon Resource Name (ARN) without a suffix.

  • A qualified ARN with a version or alias suffix.

Required: Yes

Type: String

Pattern: (arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}(-gov)?(-iso([a-z])?)?-[a-z]+-\d{1}:)?(\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\$LATEST|[a-zA-Z0-9-_]+))?

Minimum: 1

Maximum: 170

Update requires: No interruption

StackFilters

Specifies the stack level filters for the Hook.

Required: No

Type: StackFilters

Update requires: No interruption

TargetFilters

Specifies the target filters for the Hook.

Required: No

Type: TargetFilters

Update requires: No interruption

TargetOperations

Specifies which type of operation the Hook is run against.

Valid values: STACK | RESOURCE | CHANGE_SET | CLOUD_CONTROL

Required: Yes

Type: Array of String

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the Hook Amazon Resource Name (ARN). For example: arn:aws:cloudformation:us-west-2:123456789012:type/hook/MyLambdaHook.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

HookArn

Returns the ARN of a Lambda Hook.

Examples

Creating a Lambda Hook in a template

The following example demonstrates how to create a Lambda Hook in a template.

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Create a Lambda Hook", "Parameters": { "HookFunctionArn": { "Description": "Hook Lambda Function ARN", "Type": "String" }, "HookName": { "Description": "The name of your Hook", "Type": "String", "Default": "Test::Lambda::Hook", "AllowedPattern": "^(?!(?i)aws)[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}$" } }, "Resources": { "LambdaInvokerHookRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": ["hooks.cloudformation.amazonaws.com"] }, "Action": "sts:AssumeRole" } ] }, "Path": "/", "Policies": [ { "PolicyName": "LambdaInvokerHookPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": ["lambda:InvokeFunction"], "Resource": {"Ref" : "HookFunctionArn"} } ] } } ] } }, "MyLambdaHook": { "Type": "AWS::CloudFormation::LambdaHook", "Properties": { "LambdaFunction": {"Ref" : "HookFunctionArn"}, "HookStatus": "ENABLED", "TargetOperations": [ "RESOURCE", "STACK" ], "FailureMode": "WARN", "Alias": {"Ref" : "HookName"}, "ExecutionRole": { "Fn::GetAtt": [ "LambdaInvokerHookRole", "Arn" ] }, "StackFilters": { "FilteringCriteria": "ALL", "StackNames": { "Exclude": [{"Ref" : "AWS::StackName"}] } } } } } }

YAML

AWSTemplateFormatVersion: 2010-09-09 Description: Create a Lambda Hook Parameters: HookFunctionArn: Description: Hook Lambda Function ARN Type: String HookName: Description: The name of your Hook Type: String Default: 'Test::Lambda::Hook' AllowedPattern: '^(?!(?i)aws)[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}$' Resources: LambdaInvokerHookRole: Type: 'AWS::IAM::Role' Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - hooks.cloudformation.amazonaws.com Action: 'sts:AssumeRole' Path: / Policies: - PolicyName: LambdaInvokerHookPolicy PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: - 'lambda:InvokeFunction' Resource: !Ref HookFunctionArn MyLambdaHook: Type: 'AWS::CloudFormation::LambdaHook' Properties: LambdaFunction: !Ref HookFunctionArn HookStatus: ENABLED TargetOperations: - RESOURCE - STACK FailureMode: WARN Alias: !Ref HookName ExecutionRole: !GetAtt LambdaInvokerHookRole.Arn StackFilters: FilteringCriteria: ALL StackNames: Exclude: - !Ref AWS::StackName

下一個主題:

StackFilters

上一個主題:

LoggingConfig
隱私權網站條款Cookie 偏好設定
© 2025, Amazon Web Services, Inc.或其附屬公司。保留所有權利。