Search code examples
amazon-web-servicesaws-cloudformationaws-cloudformation-custom-resource

CloudFormation Cross-Region Reference

When you are running multiple CloudFormation stacks within the same region, you are able to share references across stacks using CloudFormation Outputs

However, outputs cannot be used for cross region references as that documentation highlights.

You can't create cross-stack references across regions. You can use the intrinsic function Fn::ImportValue to import only values that have been exported within the same region.

How do you reference values across regions in CloudFormation?

For an example to follow, I have a Route 53 hosted zone deployed in us-east-1. However, I have a backend in us-west-2 that I want to create a DNS-validated ACM certificate which requires a reference to the hosted zone in order to be able to create the appropriate CNAME for prove ownership.

How would I go about referencing that hosted zone id created in us-east-1 from within us-west-2?

Solution

  • CDK 2.x

    There is a new Stack property called crossRegionReferences which you can enable to add cross region references. It's as simple as this:

    const stack = new Stack(app, 'Stack', {
  crossRegionReferences: true,
});

    Under the hood, this does something similar to the above answers by using custom resources and Systems Manager. From the CDK docs:

    crossRegionReferences?
    Enable this flag to allow native cross region stack references.

    Enabling this will create a CloudFormation custom resource in both the producing stack and consuming stack in order to perform the export/import

    This feature is currently experimental

    More details from the CDK core package README:

    You can enable the Stack property crossRegionReferences in order to access resources in a different stack and region. With this feature flag enabled it is possible to do something like creating a CloudFront distribution in us-east-2 and an ACM certificate in us-east-1.

    When the AWS CDK determines that the resource is in a different stack and is in a different region, it will "export" the value by creating a custom resource in the producing stack which creates SSM Parameters in the consuming region for each exported value. The parameters will be created with the name '/cdk/exports/${consumingStackName}/${export-name}'. In order to "import" the exports into the consuming stack a SSM Dynamic reference is used to reference the SSM parameter which was created.

    In order to mimic strong references, a Custom Resource is also created in the consuming stack which marks the SSM parameters as being "imported". When a parameter has been successfully imported, the producing stack cannot update the value.

    CDK 1.x

    If you are on CDK 1.x, continue using the workaround that others have shared.