-
Notifications
You must be signed in to change notification settings - Fork 27
/
Copy pathawscommunity-resource-lookup.json
127 lines (127 loc) · 7.25 KB
/
awscommunity-resource-lookup.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
{
"typeName": "AwsCommunity::Resource::Lookup",
"description": "This resource uses AWS Cloud Control API to perform a lookup of a resource of a given type (such as, `AWS::EC2::VPC`) in your AWS account and current region, based on a query you specify. If only one match is found, this resource returns the primary ID of the resource (in the `AWS::EC2::VPC` example, the VPC ID) and the resource properties, that you can then reference in your template with the `Fn::GetAtt` intrinsic function. Specify resource type search targets that are supported by Cloud Control API.",
"sourceUrl": "https://github.com/aws-cloudformation/community-registry-extensions/tree/main/resources/Resource_Lookup",
"documentationUrl": "https://github.com/aws-cloudformation/community-registry-extensions/blob/main/resources/Resource_Lookup/README.md",
"properties": {
"TypeName": {
"description": "The resource type name you wish to use for the lookup operation.",
"type": "string",
"pattern": "^[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}$"
},
"JmesPathQuery": {
"description": "A query, in JMESPath (https://jmespath.org/) format, to perform the resource lookup; for example: `Tags[?Key == 'Owner' && Value == 'test-only']`. When you specify a new value on resource updates (for example, when you update the stack that describes this resource), a new lookup will be performed.",
"type": "string",
"minLength": 1,
"maxLength": 4096
},
"ResourceLookupRoleArn": {
"description": "The Amazon Resource Name (ARN) of the IAM role you wish to use for performing resource lookup operations in your AWS account on your behalf; for example: `arn:aws:iam::111122223333:role/my-example-role`. The role whose ARN you specify for this property is passed to AWS Cloud Control API's `ListResources` and `GetResource` actions when this resource type calls them on your behalf against resource type targets (such as, `AWS::EC2::VPC`). As for the role, for example, you could create an IAM role whose `Service` `Principal` is `cloudformation.amazonaws.com` in the trust policy, and whose policy is e.g., a `ReadOnlyAccess` AWS managed policy, or another managed policy you choose, or your own policy, depending on which permissions you require.",
"type": "string",
"pattern": "^arn:aws(-[a-z]+)*:iam::[0-9]{12}:role\\/[\\w+=,.@-]{1,64}$"
},
"ResourceModel": {
"description": "The model of the resource you're using: this additional information is required if you're using a resource type shown in the `Resources that require additional information` page (https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/resource-operations-list.html#resource-operations-list-containers). Specify the required properties using the JSON format; for example, to specify `LoadBalancerArn` and its ARN value for `AWS::ElasticLoadBalancingV2::Listener` (that you specify in the `TypeName` property): `{\"LoadBalancerArn\": \"REPLACE_WITH_YOUR_LOAD_BALANCER_ARN\"}`.",
"type": "string",
"pattern": "^[\\s\\S]*$"
},
"LookupSerialNumber": {
"description": "Optional, numeric integer value (such as `1`, `2`), that you can specify to induce a new search on e.g., stack updates without modifying the value for `JmesPathQuery`. Specify a value that is different from the previous one to induce the update; note that either adding this property to the resource if not present before an update, or removing it if previously added to the resource, will yield the same effect of changing the property value and will induce an update.",
"type": "string",
"pattern": "^[0-9]*$"
},
"Tags": {
"type": "object",
"description": "Optional key-value pairs object (such as, `Env: Dev`, `Name: Test`) to associate to the AWS Systems Manager Parameter Store parameter resource, that the implementation of this resource type creates in your account to persist the lookup result.",
"patternProperties": {
"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$": {
"type": "string"
}
},
"additionalProperties": false
},
"ResourceLookupId": {
"description": "When this resource type finds only one match as the result of a lookup operation, it then creates an AWS Systems Manager Parameter Store parameter resource in your account and current region to persist the lookup result for subsequent use (for example, when its `Read` handler is invoked). `ResourceLookupId` holds the name of the Parameter Store parameter; for example: `/CloudFormation/AwsCommunity/Resource/Lookup/resource-lookup-id-11112222-3333-aaaa-bbbb-ccccddddeeee`.",
"type": "string"
},
"ResourceIdentifier": {
"description": "The resource identifier. For example, the ID of a VPC if you looked up an `AWS::EC2::VPC` resource type for which only one match was found.",
"type": "string"
},
"ResourceProperties": {
"description": "The resource properties. For example, the properties of a VPC if you looked up an `AWS::EC2::VPC` resource type for which only one match was found.",
"type": "string"
}
},
"additionalProperties": false,
"required": [
"JmesPathQuery",
"ResourceLookupRoleArn",
"TypeName"
],
"readOnlyProperties": [
"/properties/ResourceIdentifier",
"/properties/ResourceLookupId",
"/properties/ResourceProperties"
],
"writeOnlyProperties": [
"/properties/JmesPathQuery",
"/properties/ResourceModel",
"/properties/LookupSerialNumber"
],
"primaryIdentifier": [
"/properties/ResourceLookupId"
],
"createOnlyProperties": [
"/properties/JmesPathQuery",
"/properties/ResourceLookupRoleArn",
"/properties/ResourceModel",
"/properties/TypeName",
"/properties/LookupSerialNumber"
],
"tagging": {
"taggable": true,
"tagOnCreate": true,
"tagUpdatable": true,
"cloudFormationSystemTags": false,
"tagProperty": "/properties/Tags"
},
"handlers": {
"create": {
"permissions": [
"cloudformation:GetResource",
"cloudformation:ListResources",
"iam:PassRole",
"ssm:AddTagsToResource",
"ssm:GetParameter",
"ssm:PutParameter"
]
},
"update": {
"permissions": [
"ssm:AddTagsToResource",
"ssm:AddTagsToResource",
"ssm:GetParameter",
"ssm:RemoveTagsFromResource"
]
},
"read": {
"permissions": [
"cloudformation:GetResource",
"ssm:GetParameter",
"ssm:GetParameters",
"ssm:ListTagsForResource"
]
},
"delete": {
"permissions": [
"ssm:DeleteParameter"
]
},
"list": {
"permissions": [
"ssm:DescribeParameters"
]
}
}
}