This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns the value of an attribute from a
resource in the template.
Declaration
JSON
{ "Fn::GetAtt" : [ "logicalNameOfResource", "attributeName" ] }
YAML
Syntax for the full function name:
Fn::GetAtt: [logicalNameOfResource,attributeName]
Syntax for the short form:
!GetAttlogicalNameOfResource.attributeName
Parameters
logicalNameOfResource-
The logical name (also called logical ID) of the resource that contains the attribute that you want.
attributeName-
The name of the resource-specific attribute whose value you want. See the resource's reference page for details about the attributes available for that resource type.
Return value
The attribute value. For information about GetAtt return values for
resources, see the documentation for the resources in the Resource and property reference.
Examples
Return an attribute value
The following examples return a string containing the DNS name of the load balancer with
the logical name myELB.
JSON
"Fn::GetAtt" : [ "myELB" , "DNSName" ]
YAML
!GetAtt myELB.DNSName
Return multiple attribute values
The following examples return the SourceSecurityGroup.OwnerAlias and
SourceSecurityGroup.GroupName of the load balancer with the logical name
myELB.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "myELB": { "Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Properties": { "AvailabilityZones": [ "eu-west-1a" ], "Listeners": [ { "LoadBalancerPort": "80", "InstancePort": "80", "Protocol": "HTTP" } ] } }, "myELBIngressGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "ELB ingress group", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": 80, "ToPort": 80, "SourceSecurityGroupOwnerId": { "Fn::GetAtt": [ "myELB", "SourceSecurityGroup.OwnerAlias" ] }, "SourceSecurityGroupName": { "Fn::GetAtt": [ "myELB", "SourceSecurityGroup.GroupName" ] } } ] } } } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Resources: myELB: Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: AvailabilityZones: - eu-west-1a Listeners: - LoadBalancerPort: '80' InstancePort: '80' Protocol: HTTP myELBIngressGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: ELB ingress group SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 SourceSecurityGroupOwnerId: !GetAtt myELB.SourceSecurityGroup.OwnerAlias SourceSecurityGroupName: !GetAtt myELB.SourceSecurityGroup.GroupName
Use Fn::Sub
inside Fn::GetAtt function
Note
When you use the AWS::LanguageExtensions transform, you can use
Fn::GetAtt in combination with other intrinsic functions. For supported
functions, see Supported functions.
The following examples show how to use Fn::GetAtt with Fn::Sub, in conjuction with Fn::ForEach, in the Outputs section of
a template to reduce the template length and verbosity. The use of Fn::Sub
within Fn::GetAtt allows the template to contain one intrinsic function that
can reference a different bucket at every iteration of the Fn::ForEach call.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Transform": "AWS::LanguageExtensions", "Mappings": { "Buckets": { "Properties": { "Identifiers": ["A", "B", "C"] } } }, "Resources": { "Fn::ForEach::Buckets": [ "Identifier", {"Fn::FindInMap": ["Buckets", "Properties", "Identifiers"]}, { "S3Bucket${Identifier}": { "Type": "AWS::S3::Bucket", "Properties": { "AccessControl": "PublicRead", "MetricsConfigurations": [ { "Id": {"Fn::Sub": "EntireBucket${Identifier}"} } ], "WebsiteConfiguration": { "IndexDocument": "index.html", "ErrorDocument": "error.html", "RoutingRules": [ { "RoutingRuleCondition": { "HttpErrorCodeReturnedEquals": "404", "KeyPrefixEquals": "out1/" }, "RedirectRule": { "HostName": "ec2-11-22-333-44.compute-1.amazonaws.com", "ReplaceKeyPrefixWith": "report-404/" } } ] } }, "DeletionPolicy": "Retain", "UpdateReplacePolicy": "Retain" } } ] }, "Outputs": { "Fn::ForEach::BucketOutputs": [ "Identifier", {"Fn::FindInMap": ["Buckets", "Properties", "Identifiers"]}, { "Fn::ForEach::GetAttLoop": [ "Property", ["Arn", "DomainName", "WebsiteURL"], { "S3Bucket${Identifier}${Property}": { "Value": { "Fn::GetAtt": [{"Fn::Sub": "S3Bucket${Identifier}"}, {"Ref": "Property"}] } } } ] } ] } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Transform: AWS::LanguageExtensions Mappings: Buckets: Properties: Identifiers: - A - B - C Resources: 'Fn::ForEach::Buckets': - Identifier - Fn::FindInMap: - Buckets - Properties - Identifiers - 'S3Bucket${Identifier}': Type: 'AWS::S3::Bucket' Properties: AccessControl: PublicRead MetricsConfigurations: - Id: Fn::Sub: 'EntireBucket${Identifier}' WebsiteConfiguration: IndexDocument: index.html ErrorDocument: error.html RoutingRules: - RoutingRuleCondition: HttpErrorCodeReturnedEquals: '404' KeyPrefixEquals: out1/ RedirectRule: HostName: ec2-11-22-333-44.compute-1.amazonaws.com ReplaceKeyPrefixWith: report-404/ DeletionPolicy: Retain UpdateReplacePolicy: Retain Outputs: 'Fn::ForEach::BucketOutputs': - Identifier - Fn::FindInMap: - Buckets - Properties - Identifiers - 'Fn::ForEach::GetAttLoop': - Property - - Arn - DomainName - WebsiteURL - 'S3Bucket${Identifier}${Property}': Value: !GetAtt - !Sub 'S3Bucket${Identifier}' - !Ref Property
Supported functions
When you use the AWS::LanguageExtensions transform, you can use the following
functions within the Fn::GetAtt function. This is true with either the
Fn::GetAtt logical resource name or the Fn::GetAtt attribute
name.
When the AWS::LanguageExtensions transform is not used:
-
The
Fn::GetAttattribute name can only use the Ref function. -
The
Fn::GetAttlogical resource name can't use functions. You must specify a string that's a resource's logical ID.