I am creating an (AWS Copilot) addon (inside the environments folder) which has the following piece of script creating a security group:
SGPostgresDb:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: sg-pgdb
GroupDescription: Allows only postgres traffic
VpcId: !Ref ?????????
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 5432
ToPort: 5432
CidrIp: 0.0.0.0/0
But I need to somehow refer to the VPC ID. How could I go about it?
In general, how can I refer to the elements specified inside the manifest.yml? Besides the VPC, the copilot creates internet gateway, subnets, route table...., so when we create additional resources inside an addon file we might need to refer to VPC or a subnet created by the copilot by copilot env deploy command. How can we refer to those elements too?
@fade2black!
Those environment resources are all Outputs of your environment's CloudFormation stack. So other stacks, including workload addons, and manifests can reference them.
Outputs:
VpcId:
Value: !Ref VPC
Export:
Name: !Sub ${AWS::StackName}-VpcId
PublicSubnets:
Value: !Join [ ',', [ !Ref PublicSubnet1, !Ref PublicSubnet2, ] ]
Export:
Name: !Sub ${AWS::StackName}-PublicSubnets
PrivateSubnets:
Value: !Join [ ',', [ !Ref PrivateSubnet1, !Ref PrivateSubnet2, ] ]
Export:
Name: !Sub ${AWS::StackName}-PrivateSubnets
InternetGatewayID:
Value: !Ref InternetGateway
Export:
Name: !Sub ${AWS::StackName}-InternetGatewayID
PublicRouteTableID:
Value: !Ref PublicRouteTable
Export:
Name: !Sub ${AWS::StackName}-PublicRouteTableID
PrivateRouteTableIDs:
Condition: CreateNATGateways
Value: !Join [ ',', [ !Ref PrivateRouteTable1, !Ref PrivateRouteTable2, ] ]
Export:
Name: !Sub ${AWS::StackName}-PrivateRouteTableIDs
ServiceDiscoveryNamespaceID:
Value: !GetAtt ServiceDiscoveryNamespace.Id
Export:
Name: !Sub ${AWS::StackName}-ServiceDiscoveryNamespaceID
EnvironmentSecurityGroup:
Value: !Ref EnvironmentSecurityGroup
Export:
Name: !Sub ${AWS::StackName}-EnvironmentSecurityGroup
PublicLoadBalancerDNSName:
Condition: CreateALB
Value: !GetAtt PublicLoadBalancer.DNSName
Export:
Name: !Sub ${AWS::StackName}-PublicLoadBalancerDNS
PublicLoadBalancerFullName:
Condition: CreateALB
Value: !GetAtt PublicLoadBalancer.LoadBalancerFullName
Export:
Name: !Sub ${AWS::StackName}-PublicLoadBalancerFullName
PublicLoadBalancerHostedZone:
Condition: CreateALB
Value: !GetAtt PublicLoadBalancer.CanonicalHostedZoneID
Export:
Name: !Sub ${AWS::StackName}-CanonicalHostedZoneID
HTTPListenerArn:
Condition: CreateALB
Value: !Ref HTTPListener
Export:
Name: !Sub ${AWS::StackName}-HTTPListenerArn
HTTPSListenerArn:
Condition: ExportHTTPSListener
Value: !Ref HTTPSListener
Export:
Name: !Sub ${AWS::StackName}-HTTPSListenerArn
DefaultHTTPTargetGroupArn:
Condition: CreateALB
Value: !Ref DefaultHTTPTargetGroup
Export:
Name: !Sub ${AWS::StackName}-DefaultHTTPTargetGroup
InternalLoadBalancerDNSName:
Condition: CreateInternalALB
Value: !GetAtt InternalLoadBalancer.DNSName
Export:
Name: !Sub ${AWS::StackName}-InternalLoadBalancerDNS
InternalLoadBalancerFullName:
Condition: CreateInternalALB
Value: !GetAtt InternalLoadBalancer.LoadBalancerFullName
Export:
Name: !Sub ${AWS::StackName}-InternalLoadBalancerFullName
InternalLoadBalancerHostedZone:
Condition: CreateInternalALB
Value: !GetAtt InternalLoadBalancer.CanonicalHostedZoneID
Export:
Name: !Sub ${AWS::StackName}-InternalLoadBalancerCanonicalHostedZoneID
InternalWorkloadsHostedZone:
Condition: CreateInternalALB
Value: !Ref InternalWorkloadsHostedZone
Export:
Name: !Sub ${AWS::StackName}-InternalWorkloadsHostedZoneID
InternalWorkloadsHostedZoneName:
Condition: CreateInternalALB
Value: !Sub ${EnvironmentName}.${AppName}.internal
Export:
Name: !Sub ${AWS::StackName}-InternalWorkloadsHostedZoneName
InternalHTTPListenerArn:
Condition: CreateInternalALB
Value: !Ref InternalHTTPListener
Export:
Name: !Sub ${AWS::StackName}-InternalHTTPListenerArn
InternalHTTPSListenerArn:
Condition: ExportInternalHTTPSListener
Value: !Ref InternalHTTPSListener
Export:
Name: !Sub ${AWS::StackName}-InternalHTTPSListenerArn
InternalLoadBalancerSecurityGroup:
Condition: CreateInternalALB
Value: !Ref InternalLoadBalancerSecurityGroup
Export:
Name: !Sub ${AWS::StackName}-InternalLoadBalancerSecurityGroup
ClusterId:
Value: !Ref Cluster
Export:
Name: !Sub ${AWS::StackName}-ClusterId
EnvironmentManagerRoleARN:
Value: !GetAtt EnvironmentManagerRole.Arn
Description: The role to be assumed by the ecs-cli to manage environments.
Export:
Name: !Sub ${AWS::StackName}-EnvironmentManagerRoleARN
CFNExecutionRoleARN:
Value: !GetAtt CloudformationExecutionRole.Arn
Description: The role to be assumed by the Cloudformation service when it deploys application infrastructure.
Export:
Name: !Sub ${AWS::StackName}-CFNExecutionRoleARN
EnvironmentHostedZone:
Condition: DelegateDNS
Value: !Ref EnvironmentHostedZone
Description: The HostedZone for this environment's private DNS.
Export:
Name: !Sub ${AWS::StackName}-HostedZone
EnvironmentSubdomain:
Condition: DelegateDNS
Value: !Sub ${EnvironmentName}.${AppName}.${AppDNSName}
Description: The domain name of this environment.
Export:
Name: !Sub ${AWS::StackName}-SubDomain
EnabledFeatures:
Value: !Sub '${ALBWorkloads},${InternalALBWorkloads},${EFSWorkloads},${NATWorkloads},${Aliases},${AppRunnerPrivateWorkloads}'
Description: Required output to force the stack to update if mutating feature params, like ALBWorkloads, does not change the template.
ManagedFileSystemID:
Condition: CreateEFS
Value: !Ref FileSystem
Description: The ID of the Copilot-managed EFS filesystem.
Export:
Name: !Sub ${AWS::StackName}-FilesystemID
PublicALBAccessible:
Condition: CreateALB
Value: true
LastForceDeployID:
Value: "cdb2bccb-136d-4d14-ae90-ad7377cf464e"
Description: Optionally force the template to update when no immediate resource change is present.
AppRunnerVpcEndpointId:
Condition: CreateAppRunnerVPCEndpoint
Value: !Ref AppRunnerVpcEndpoint
Description: VPC Endpoint to App Runner for private services
Export:
Name: !Sub ${AWS::StackName}-AppRunnerVpcEndpointId