AWS::OpsWorks::Stack - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::OpsWorks::Stack

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::OpsWorks::Stack", "Properties" : { "AgentVersion" : String, "Attributes" : {Key: Value, ...}, "ChefConfiguration" : ChefConfiguration, "CloneAppIds" : [ String, ... ], "ClonePermissions" : Boolean, "ConfigurationManager" : StackConfigurationManager, "CustomCookbooksSource" : Source, "CustomJson" : Json, "DefaultAvailabilityZone" : String, "DefaultInstanceProfileArn" : String, "DefaultOs" : String, "DefaultRootDeviceType" : String, "DefaultSshKeyName" : String, "DefaultSubnetId" : String, "EcsClusterArn" : String, "ElasticIps" : [ ElasticIp, ... ], "HostnameTheme" : String, "Name" : String, "RdsDbInstances" : [ RdsDbInstance, ... ], "ServiceRoleArn" : String, "SourceStackId" : String, "Tags" : [ Tag, ... ], "UseCustomCookbooks" : Boolean, "UseOpsworksSecurityGroups" : Boolean, "VpcId" : String } }

Properties

AgentVersion

The default Amazon OpsWorks Stacks agent version. You have the following options:

  • Auto-update - Set this parameter to LATEST. Amazon OpsWorks Stacks automatically installs new agent versions on the stack's instances as soon as they are available.

  • Fixed version - Set this parameter to your preferred agent version. To update the agent version, you must edit the stack configuration and specify a new version. Amazon OpsWorks Stacks installs that version on the stack's instances.

The default setting is the most recent release of the agent. To specify an agent version, you must use the complete version number, not the abbreviated number shown on the console. For a list of available agent version numbers, call DescribeAgentVersions. AgentVersion cannot be set to Chef 12.2.

Note

You can also specify an agent version when you create or update an instance, which overrides the stack's default setting.

Required: No

Type: String

Update requires: No interruption

Attributes

One or more user-defined key-value pairs to be added to the stack attributes.

Required: No

Type: Object of String

Pattern: [a-zA-Z0-9]+

Update requires: No interruption

ChefConfiguration

A ChefConfiguration object that specifies whether to enable Berkshelf and the Berkshelf version on Chef 11.10 stacks. For more information, see Create a New Stack.

Required: No

Type: ChefConfiguration

Update requires: No interruption

CloneAppIds

If you're cloning an Amazon OpsWorks stack, a list of Amazon OpsWorks application stack IDs from the source stack to include in the cloned stack.

Required: No

Type: Array of String

Update requires: Replacement

ClonePermissions

If you're cloning an Amazon OpsWorks stack, indicates whether to clone the source stack's permissions.

Required: No

Type: Boolean

Update requires: Replacement

ConfigurationManager

The configuration manager. When you create a stack we recommend that you use the configuration manager to specify the Chef version: 12, 11.10, or 11.4 for Linux stacks, or 12.2 for Windows stacks. The default value for Linux stacks is currently 12.

Required: No

Type: StackConfigurationManager

Update requires: No interruption

CustomCookbooksSource

Contains the information required to retrieve an app or cookbook from a repository. For more information, see Adding Apps or Cookbooks and Recipes.

Required: No

Type: Source

Update requires: No interruption

CustomJson

A string that contains user-defined, custom JSON. It can be used to override the corresponding default stack configuration attribute values or to pass data to recipes. The string should be in the following format:

"{\"key1\": \"value1\", \"key2\": \"value2\",...}"

For more information about custom JSON, see Use Custom JSON to Modify the Stack Configuration Attributes.

Required: No

Type: Json

Update requires: No interruption

DefaultAvailabilityZone

The stack's default Availability Zone, which must be in the specified region. For more information, see Regions and Endpoints. If you also specify a value for DefaultSubnetId, the subnet must be in the same zone. For more information, see the VpcId parameter description.

Required: No

Type: String

Update requires: No interruption

DefaultInstanceProfileArn

The Amazon Resource Name (ARN) of an IAM profile that is the default profile for all of the stack's EC2 instances. For more information about IAM ARNs, see Using Identifiers.

Required: Yes

Type: String

Update requires: No interruption

DefaultOs

The stack's default operating system, which is installed on every instance unless you specify a different operating system when you create the instance. You can specify one of the following.

  • A supported Linux operating system: An Amazon Linux version, such as Amazon Linux 2, Amazon Linux 2018.03, Amazon Linux 2017.09, Amazon Linux 2017.03, Amazon Linux 2016.09, Amazon Linux 2016.03, Amazon Linux 2015.09, or Amazon Linux 2015.03.

  • A supported Ubuntu operating system, such as Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, or Ubuntu 12.04 LTS.

  • CentOS Linux 7

  • Red Hat Enterprise Linux 7

  • A supported Windows operating system, such as Microsoft Windows Server 2012 R2 Base, Microsoft Windows Server 2012 R2 with SQL Server Express, Microsoft Windows Server 2012 R2 with SQL Server Standard, or Microsoft Windows Server 2012 R2 with SQL Server Web.

  • A custom AMI: Custom. You specify the custom AMI you want to use when you create instances. For more information, see Using Custom AMIs.

The default option is the current Amazon Linux version. Not all operating systems are supported with all versions of Chef. For more information about supported operating systems, see Amazon OpsWorks Stacks Operating Systems.

Required: No

Type: String

Update requires: No interruption

DefaultRootDeviceType

The default root device type. This value is the default for all instances in the stack, but you can override it when you create an instance. The default option is instance-store. For more information, see Storage for the Root Device.

Required: No

Type: String

Allowed values: ebs | instance-store

Update requires: No interruption

DefaultSshKeyName

A default Amazon EC2 key pair name. The default value is none. If you specify a key pair name, Amazon OpsWorks installs the public key on the instance and you can use the private key with an SSH client to log in to the instance. For more information, see Using SSH to Communicate with an Instance and Managing SSH Access. You can override this setting by specifying a different key pair, or no key pair, when you create an instance.

Required: No

Type: String

Update requires: No interruption

DefaultSubnetId

The stack's default subnet ID. All instances are launched into this subnet unless you specify another subnet ID when you create the instance. This parameter is required if you specify a value for the VpcId parameter. If you also specify a value for DefaultAvailabilityZone, the subnet must be in that zone.

Required: Conditional

Type: String

Update requires: No interruption

EcsClusterArn

The Amazon Resource Name (ARN) of the Amazon Elastic Container Service (Amazon ECS) cluster to register with the Amazon OpsWorks stack.

Note

If you specify a cluster that's registered with another Amazon OpsWorks stack, Amazon CloudFormation deregisters the existing association before registering the cluster.

Required: No

Type: String

Update requires: No interruption

ElasticIps

A list of Elastic IP addresses to register with the Amazon OpsWorks stack.

Note

If you specify an IP address that's registered with another Amazon OpsWorks stack, Amazon CloudFormation deregisters the existing association before registering the IP address.

Required: No

Type: Array of ElasticIp

Update requires: No interruption

HostnameTheme

The stack's host name theme, with spaces replaced by underscores. The theme is used to generate host names for the stack's instances. By default, HostnameTheme is set to Layer_Dependent, which creates host names by appending integers to the layer's short name. The other themes are:

  • Baked_Goods

  • Clouds

  • Europe_Cities

  • Fruits

  • Greek_Deities_and_Titans

  • Legendary_creatures_from_Japan

  • Planets_and_Moons

  • Roman_Deities

  • Scottish_Islands

  • US_Cities

  • Wild_Cats

To obtain a generated host name, call GetHostNameSuggestion, which returns a host name based on the current theme.

Required: No

Type: String

Update requires: No interruption

Name

The stack name. Stack names can be a maximum of 64 characters.

Required: Yes

Type: String

Update requires: No interruption

RdsDbInstances

The Amazon Relational Database Service (Amazon RDS) database instance to register with the Amazon OpsWorks stack.

Note

If you specify a database instance that's registered with another Amazon OpsWorks stack, Amazon CloudFormation deregisters the existing association before registering the database instance.

Required: No

Type: Array of RdsDbInstance

Update requires: No interruption

ServiceRoleArn

The stack's IAM role, which allows Amazon OpsWorks Stacks to work with Amazon resources on your behalf. You must set this parameter to the Amazon Resource Name (ARN) for an existing IAM role. For more information about IAM ARNs, see Using Identifiers.

Required: Yes

Type: String

Update requires: Replacement

SourceStackId

If you're cloning an Amazon OpsWorks stack, the stack ID of the source Amazon OpsWorks stack to clone.

Required: No

Type: String

Update requires: Replacement

Tags

A map that contains tag keys and tag values that are attached to a stack or layer.

  • The key cannot be empty.

  • The key can be a maximum of 127 characters, and can contain only Unicode letters, numbers, or separators, or the following special characters: + - = . _ : /

  • The value can be a maximum 255 characters, and contain only Unicode letters, numbers, or separators, or the following special characters: + - = . _ : /

  • Leading and trailing white spaces are trimmed from both the key and value.

  • A maximum of 40 tags is allowed for any resource.

Required: No

Type: Array of Tag

Update requires: No interruption

UseCustomCookbooks

Whether the stack uses custom cookbooks.

Required: No

Type: Boolean

Update requires: No interruption

UseOpsworksSecurityGroups

Whether to associate the Amazon OpsWorks Stacks built-in security groups with the stack's layers.

Amazon OpsWorks Stacks provides a standard set of built-in security groups, one for each layer, which are associated with layers by default. With UseOpsworksSecurityGroups you can instead provide your own custom security groups. UseOpsworksSecurityGroups has the following settings:

  • True - Amazon OpsWorks Stacks automatically associates the appropriate built-in security group with each layer (default setting). You can associate additional security groups with a layer after you create it, but you cannot delete the built-in security group.

  • False - Amazon OpsWorks Stacks does not associate built-in security groups with layers. You must create appropriate EC2 security groups and associate a security group with each layer that you create. However, you can still manually associate a built-in security group with a layer on creation; custom security groups are required only for those layers that need custom settings.

For more information, see Create a New Stack.

Required: No

Type: Boolean

Update requires: No interruption

VpcId

The ID of the VPC that the stack is to be launched into. The VPC must be in the stack's region. All instances are launched into this VPC. You cannot change the ID later.

  • If your account supports EC2-Classic, the default value is no VPC.

  • If your account does not support EC2-Classic, the default value is the default VPC for the specified region.

If the VPC ID corresponds to a default VPC and you have specified either the DefaultAvailabilityZone or the DefaultSubnetId parameter only, Amazon OpsWorks Stacks infers the value of the other parameter. If you specify neither parameter, Amazon OpsWorks Stacks sets these parameters to the first valid Availability Zone for the specified region and the corresponding default VPC subnet ID, respectively.

If you specify a nondefault VPC ID, note the following:

  • It must belong to a VPC in your account that is in the specified region.

  • You must specify a value for DefaultSubnetId.

For more information about how to use Amazon OpsWorks Stacks with a VPC, see Running a Stack in a VPC. For more information about default VPC and EC2-Classic, see Supported Platforms.

Required: No

Type: String

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource name. For example:

{ "Ref": "myStack" }

For the Amazon OpsWorks stack myStack, Ref returns the Amazon OpsWorks stack ID.

For more information about using the Ref function, see Ref.

Fn::GetAtt

Examples

Template Snippet

The following snippet creates an Amazon OpsWorks stack that uses the default service role and Amazon EC2 role, which are created after you use Amazon OpsWorks for the first time:

JSON

"myStack" : { "Type" : "AWS::OpsWorks::Stack", "Properties" : { "Name" : {"Ref":"OpsWorksStackName"}, "ServiceRoleArn" : { "Fn::Join": ["", ["arn:aws:iam::", {"Ref":"AWS::AccountId"}, ":role/aws-opsworks-service-role"]] }, "DefaultInstanceProfileArn" : { "Fn::Join": ["", ["arn:aws:iam::", {"Ref":"AWS::AccountId"}, ":instance-profile/aws-opsworks-ec2-role"]] }, "DefaultSshKeyName" : {"Ref":"KeyName"} } }

YAML

myStack: Type: "AWS::OpsWorks::Stack" Properties: Name: Ref: "OpsWorksStackName" ServiceRoleArn: Fn::Join: - "" - - "arn:aws:iam::" - Ref: "AWS::AccountId" - ":role/aws-opsworks-service-role" DefaultInstanceProfileArn: Fn::Join: - "" - - "arn:aws:iam::" - Ref: "AWS::AccountId" - ":instance-profile/aws-opsworks-ec2-role" DefaultSshKeyName: Ref: "KeyName"

Specify tags for layers and stacks

The following complete template example specifies tags for an Amazon OpsWorks layer and stack that reference parameter values.

JSON

{ "Resources": { "ServiceRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ { "Ref": "OpsServicePrincipal" } ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/", "Policies": [ { "PolicyName": "opsworks-service", "PolicyDocument": { "Statement": [ { "Effect": "Allow", "Action": [ "ec2:*", "iam:PassRole", "cloudwatch:GetMetricStatistics", "elasticloadbalancing:*" ], "Resource": "*" } ] } } ] } }, "OpsWorksEC2Role": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ { "Ref": "Ec2ServicePrincipal" } ] }, "Action": [ "sts:AssumeRole" ] } ] }, "Path": "/" } }, "InstanceRole": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Path": "/", "Roles": [ { "Ref": "OpsWorksEC2Role" } ] } }, "myStack": { "Type": "AWS::OpsWorks::Stack", "Properties": { "Name": "TestStack", "ServiceRoleArn": { "Fn::GetAtt": [ "ServiceRole", "Arn" ] }, "DefaultInstanceProfileArn": { "Fn::GetAtt": [ "InstanceRole", "Arn" ] }, "Tags": [ { "Key": { "Ref": "StackKey" }, "Value": { "Ref": "StackValue" } } ] } }, "myLayer": { "Type": "AWS::OpsWorks::Layer", "Properties": { "EnableAutoHealing": "true", "AutoAssignElasticIps": "false", "AutoAssignPublicIps": "true", "StackId": { "Ref": "myStack" }, "Type": "custom", "Shortname": "shortname", "Name": "name", "Tags": [ { "Key": { "Ref": "LayerKey" }, "Value": { "Ref": "LayerValue" } } ] } } }, "Parameters": { "StackKey": { "Type": "String" }, "LayerKey": { "Type": "String" }, "StackValue": { "Type": "String" }, "LayerValue": { "Type": "String" }, "OpsServicePrincipal": { "Type": "String" }, "Ec2ServicePrincipal": { "Type": "String" } } }

YAML

Resources: ServiceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: - !Ref OpsServicePrincipal Action: - 'sts:AssumeRole' Path: / Policies: - PolicyName: opsworks-service PolicyDocument: Statement: - Effect: Allow Action: - 'ec2:*' - 'iam:PassRole' - 'cloudwatch:GetMetricStatistics' - 'elasticloadbalancing:*' Resource: '*' OpsWorksEC2Role: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: - !Ref Ec2ServicePrincipal Action: - 'sts:AssumeRole' Path: / InstanceRole: Type: AWS::IAM::InstanceProfile Properties: Path: / Roles: - !Ref OpsWorksEC2Role myStack: Type: AWS::OpsWorks::Stack Properties: Name: TestStack ServiceRoleArn: !GetAtt - ServiceRole - Arn DefaultInstanceProfileArn: !GetAtt - InstanceRole - Arn Tags: - Key: !Ref StackKey Value: !Ref StackValue myLayer: Type: AWS::OpsWorks::Layer Properties: EnableAutoHealing: 'true' AutoAssignElasticIps: 'false' AutoAssignPublicIps: 'true' StackId: !Ref myStack Type: custom Shortname: shortname Name: name Tags: - Key: !Ref LayerKey Value: !Ref LayerValue Parameters: StackKey: Type: String LayerKey: Type: String StackValue: Type: String LayerValue: Type: String OpsServicePrincipal: Type: String Ec2ServicePrincipal: Type: String

See also