AWS::AppConfig::ConfigurationProfile - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::AppConfig::ConfigurationProfile

The AWS::AppConfig::ConfigurationProfile resource creates a configuration profile that enables Amazon AppConfig to access the configuration source. Valid configuration sources include Amazon Systems Manager (SSM) documents, SSM Parameter Store parameters, and Amazon S3. A configuration profile includes the following information.

  • The Uri location of the configuration data.

  • The Amazon Identity and Access Management (IAM) role that provides access to the configuration data.

  • A validator for the configuration data. Available validators include either a JSON Schema or the Amazon Resource Name (ARN) of an Amazon Lambda function.

Amazon AppConfig requires that you create resources and deploy a configuration in the following order:

  1. Create an application

  2. Create an environment

  3. Create a configuration profile

  4. Choose a pre-defined deployment strategy or create your own

  5. Deploy the configuration

For more information, see Amazon AppConfig in the Amazon AppConfig User Guide.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::AppConfig::ConfigurationProfile", "Properties" : { "ApplicationId" : String, "Description" : String, "KmsKeyIdentifier" : String, "LocationUri" : String, "Name" : String, "RetrievalRoleArn" : String, "Tags" : [ Tags, ... ], "Type" : String, "Validators" : [ Validators, ... ] } }

YAML

Type: AWS::AppConfig::ConfigurationProfile Properties: ApplicationId: String Description: String KmsKeyIdentifier: String LocationUri: String Name: String RetrievalRoleArn: String Tags: - Tags Type: String Validators: - Validators

Properties

ApplicationId

The application ID.

Required: Yes

Type: String

Pattern: [a-z0-9]{4,7}

Update requires: Replacement

Description

A description of the configuration profile.

Required: No

Type: String

Minimum: 0

Maximum: 1024

Update requires: No interruption

KmsKeyIdentifier

The Amazon Key Management Service key identifier (key ID, key alias, or key ARN) provided when the resource was created or updated.

Required: No

Type: String

Pattern: ^[\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12}|alias/[a-zA-Z0-9/_-]{1,250}|arn:aws[a-zA-Z-]*:kms:[a-z]{2}(-gov|-iso(b?))?-[a-z]+-\d{1}:\d{12}:(key/[0-9a-f-]{36}|alias/[a-zA-Z0-9/_-]{1,250})$

Update requires: No interruption

LocationUri

A URI to locate the configuration. You can specify the following:

  • For the Amazon AppConfig hosted configuration store and for feature flags, specify hosted.

  • For an Amazon Systems Manager Parameter Store parameter, specify either the parameter name in the format ssm-parameter://<parameter name> or the ARN.

  • For an Amazon CodePipeline pipeline, specify the URI in the following format: codepipeline://<pipeline name>.

  • For an Amazon Secrets Manager secret, specify the URI in the following format: secretsmanager://<secret name>.

  • For an Amazon S3 object, specify the URI in the following format: s3://<bucket>/<objectKey> . Here is an example: s3://my-bucket/my-app/us-east-1/my-config.json

  • For an SSM document, specify either the document name in the format ssm-document://<document name> or the Amazon Resource Name (ARN).

Required: Yes

Type: String

Minimum: 1

Maximum: 2048

Update requires: Replacement

Name

A name for the configuration profile.

Required: Yes

Type: String

Minimum: 1

Maximum: 128

Update requires: No interruption

RetrievalRoleArn

The ARN of an IAM role with permission to access the configuration at the specified LocationUri.

Important

A retrieval role ARN is not required for configurations stored in the Amazon AppConfig hosted configuration store. It is required for all other sources that store your configuration.

Required: No

Type: String

Pattern: ^((arn):(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):(iam)::\d{12}:role[/].*)$

Minimum: 20

Maximum: 2048

Update requires: No interruption

Tags

Metadata to assign to the configuration profile. Tags help organize and categorize your Amazon AppConfig resources. Each tag consists of a key and an optional value, both of which you define.

Required: No

Type: Array of Tags

Update requires: No interruption

Type

The type of configurations contained in the profile. Amazon AppConfig supports feature flags and freeform configurations. We recommend you create feature flag configurations to enable or disable new features and freeform configurations to distribute configurations to an application. When calling this API, enter one of the following values for Type:

AWS.AppConfig.FeatureFlags

AWS.Freeform

Required: No

Type: String

Pattern: ^[a-zA-Z\.]+

Update requires: Replacement

Validators

A list of methods for validating the configuration.

Required: No

Type: Array of Validators

Maximum: 2

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the configuration profile ID.

Fn::GetAtt

ConfigurationProfileId

The configuration profile ID.

KmsKeyArn

The Amazon Resource Name of the Amazon Key Management Service key to encrypt new configuration data versions in the Amazon AppConfig hosted configuration store. This attribute is only used for hosted configuration types. To encrypt data managed in other configuration stores, see the documentation for how to specify an Amazon KMS key for that particular service.

Examples

Amazon AppConfig feature flag

The following example creates an Amazon AppConfig configuration profile of type HostedConfigurationVersion. The feature flag created by this example enables cryptocurrency at checkout. Amazon AppConfig stores the configuration data for this profile in the Amazon AppConfig hosted configuration store.

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Transform": "AWS::LanguageExtensions", "Resources": { "MySuperCoolApp": { "Type": "AWS::AppConfig::Application", "Properties": { "Name": "MySuperCoolApp" } }, "MyFeatureFlags": { "Type": "AWS::AppConfig::ConfigurationProfile", "Properties": { "Name": "MyFeatureFlags", "ApplicationId": "MySuperCoolApp", "LocationUri": "hosted", "Type": "AWS.AppConfig.FeatureFlags" } }, "MyFeatureFlagsVersion": { "Type": "AWS::AppConfig::HostedConfigurationVersion", "Properties": { "ApplicationId": "MySuperCoolApp", "ConfigurationProfileId": "MyFeatureFlags", "ContentType": "application/json", "VersionLabel": "v1.0.0", "Content": { "Fn::ToJsonString": { "flags": { "allow-cryptocurrency-at-checkout": { "attributes": { "allowed-currency": { "constraints": { "elements": { "enum": [ "BTC", "ETH", "XRP" ], "type": "string" }, "type": "array" } }, "bitcoin-discount-percentage": { "constraints": { "maximum": 25, "minimum": 0, "type": "number" } } }, "name": "Allow Cryptocurrency at Checkout" } }, "values": { "allow-cryptocurrency-at-checkout": { "allowed-currency": [ "BTC", "ETH" ], "bitcoin-discount-percentage": 5, "enabled": true } }, "version": "1" } } } } } }

YAML

AWSTemplateFormatVersion: 2010-09-09 Transform: 'AWS::LanguageExtensions' Resources: MySuperCoolApp: Type: 'AWS::AppConfig::Application' Properties: Name: MySuperCoolApp MyFeatureFlags: Type: 'AWS::AppConfig::ConfigurationProfile' Properties: Name: MyFeatureFlags ApplicationId: !Ref MySuperCoolApp LocationUri: hosted Type: AWS.AppConfig.FeatureFlags MyFeatureFlagsVersion: Type: 'AWS::AppConfig::HostedConfigurationVersion' Properties: ApplicationId: !Ref MySuperCoolApp ConfigurationProfileId: !Ref MyFeatureFlags ContentType: application/json VersionLabel: "v1.0.0" Content: Fn::ToJsonString: flags: allow-cryptocurrency-at-checkout: attributes: allowed-currency: constraints: elements: enum: - BTC - ETH - XRP type: string type: array bitcoin-discount-percentage: constraints: maximum: 25 minimum: 0 type: number name: Allow Cryptocurrency at Checkout values: allow-cryptocurrency-at-checkout: allowed-currency: - BTC - ETH bitcoin-discount-percentage: 5 enabled: true version: '1'

Amazon AppConfig configuration profile example - Amazon CodePipeline

The following examples creates an Amazon AppConfig configuration profile named MyTestConfigurationProfile. A configuration profile includes source information for accessing your configuration data. A configuration profile can also include optional validators to ensure your configuration data is syntactically and semantically correct. The following configuration profile example uses the specified LocationUri to retrieve configuration data from Amazon CodePipeline.

JSON

{ "Resources": { "CodePipelineConfigurationProfile": { "Type": "AWS::AppConfig::ConfigurationProfile", "DependsOn": "MyTestApplication", "Properties": { "ApplicationId": "MyTestApplication", "Name": "MyTestConfigurationProfile", "Description": "My test configuration profile", "LocationUri": "codepipeline://YourPipelineName", "Validators": [ { "Type": "LAMBDA", "Content": "MyLambdaValidator" } ], "Tags": [ { "Key": "Env", "Value": "test" } ] } } } }

YAML

Resources: CodePipelineConfigurationProfile: Type: AWS::AppConfig::ConfigurationProfile Properties: ApplicationId: !Ref MyTestApplication Name: "MyTestConfigurationProfile" Description: "My test configuration profile" LocationUri: "codepipeline://YourPipelineName" Validators: - Type: LAMBDA Content: !ImportValue MyLambdaValidator Tags: - Key: Env Value: test

Amazon AppConfig configuration profile example - Parameter Store

The following examples creates an Amazon AppConfig configuration profile named MyTestConfigurationProfile. A configuration profile includes source information for accessing your configuration data. A configuration profile can also include optional validators to ensure your configuration data is syntactically and semantically correct. The following configuration profile example uses the specified RetrievalRoleArn and LocationUri to retrieve configuration data from an SSM parameter.

JSON

{ "Type": "AWS::AppConfig::ConfigurationProfile", "DependsOn": "MyTestApplication", "Properties": { "ApplicationId": { "Ref": "MyTestApplication" }, "Name": "MyTestConfigurationProfile", "Description": "My test configuration profile", "RetrievalRoleArn": { "Fn::ImportValue": "ConfigurationRetrievalAndMonitoringRole" }, "LocationUri": { "Fn::Sub": [ "ssm-parameter://${ParameterName}", { "ParameterName": { "Fn::ImportValue": "SSMParameter" } } ] }, "Validators": [ { "Type": "LAMBDA", "Content": { "Fn::ImportValue": "MyLambdaValidator" } } ], "Tags": [ { "Key": "Env", "Value": "Test" } ] } }

YAML

Resources: BasicConfigurationProfile: Type: AWS::AppConfig::ConfigurationProfile Properties: ApplicationId: !Ref MyTestApplication Name: "MyTestConfigurationProfile" Description: "My test configuration profile" RetrievalRoleArn: !ImportValue ConfigurationRetrievalAndMonitoringRole LocationUri: Fn::Sub: - "ssm-parameter://${ParameterName}" - ParameterName: !ImportValue SSMParameter Validators: - Type: LAMBDA Content: !ImportValue MyLambdaValidator Tags: - Key: Env Value: test

See also