Home

Awesome

CloudFormation CLI

AWS CloudFormation CLI

The CloudFormation CLI (cfn) allows you to author your own resource providers, hooks, and modules that can be used by CloudFormation.

Usage

Documentation

Primary documentation for the CloudFormation CLI can be found at the AWS Documentation site.

Installation

This tool can be installed using pip from the Python Package Index (PyPI). It requires Python 3. For resource and hook types, the tool requires at least one language plugin. Language plugins are not needed to create a module type. The language plugins are also available on PyPI and as such can be installed all at once:

pip install cloudformation-cli cloudformation-cli-java-plugin cloudformation-cli-go-plugin cloudformation-cli-python-plugin cloudformation-cli-typescript-plugin

Command: init

To create a project in the current directory, use the init command. A wizard will guide you through the creation.

cfn init

Command: generate

To refresh auto-generated code, use the generate command. Usually, plugins try to integrate this command in the native build flow, so please consult a plugin's README to see if this is necessary. In a module project, this will regenerate the module schema.

cfn generate

Command: submit

To register a resource provider, module, or hook in your account, use the submit command.

cfn submit
cfn submit --dry-run #prepares schema handler package without submitting for registration
cfn submit --set-default # if successfully registered, set submitted version to be the new default version

Command: package

This is to create a schema handler package without submitting equivalent to cfn submit --dry-run

cfn package

Command: test

To run the contract tests for a resource type, use the test command.

cfn test
cfn test -- -k contract_delete_update # to run a single test
cfn test -- --tb=long # exhaustive, informative traceback formatting
cfn test --enforce-timeout 60  # Read/List handler timeout (Create/Update/Delete handler timeout is twice the Read/List handler timeout)
cfn test --enforce-timeout 60 -- -k contract_delete_update # combine arguments
cfn test --log-group-name cw_log_group --log-role-arn log_delivery_role_arn # Handler logs generated by contract tests will be delivered to the specified cw_log_group using the credentials from log_delivery_role_arn

Note:

Install PYJQ for Linux system

yum install autoconf automake libtool
pip install pyjq

Install PYJQ for macOS system

brew install autoconf automake libtool
brew install jq
pip install pyjq

Install PYJQ for Ubuntu system

pip install pyjq

Command: validate

To validate the schema, use the validate command.

This command is automatically run whenever one attempts to submit a resource, module, or hook. Errors will prevent you from submitting your resource/module. Module fragments will additionally be validated via cfn-lint (but resulting warnings will not cause this step to fail).

cfn validate

Command: build-image

To build an image for a resource type. This image provides a minimalistic execution environment for the resource handler that does not depend on AWS Lambda in anyway. This image can be used during cfn invoke and cfn test instead of using sam cli.

cfn build-image
cfn build-image --image-name my-handler --executable target/myjar.jar

The resulting image can be run in a container by executing the following command:

docker run IMAGE_NAME HANDLER_ENTRYPOINT PAYLOAD
docker run my-test-resource com.my.test.resource.ExecutableHandlerWrapper PAYLOAD_JSON # Example for a java based-project

Development

For developing, it's strongly suggested to install the development dependencies inside a virtual environment. (This isn't required if you just want to use this tool.)

python3 -m venv env
source env/bin/activate
pip install -e . -r requirements.txt
pre-commit install

If you're creating a resource or hook type, you will also need to install a language plugin, such as the Java language plugin, also via pip install. For example, assuming the plugin is checked out in the same parent directory as this repository:

pip install -e ../cloudformation-cli-java-plugin
# run all hooks on all files, mirrors what the CI runs
pre-commit run --all-files
# run unit tests only. can also be used for other hooks, e.g. black, flake8, pylint-local
pre-commit run pytest-local

If you want to generate an HTML coverage report afterwards, run coverage html. The report is output to htmlcov/index.html.

Plugin system

New language plugins can be independently developed. As long as they declare the appropriate entry point and are installed in the same environment, they can even be completely separate codebases. For example, a plugin for Groovy might have the following entry point:

entry_points={
    "rpdk.v1.languages": ["groovy = rpdk.groovy:GroovyLanguagePlugin"],
},

Plugins must provide the same interface as LanguagePlugin (in plugin_base.py). And they may inherit from LanguagePlugin for the helper methods - but this is not necessary. As long as the class has the same methods, it will work as a plugin.

Supported plugins

Resource Types Supported Plugins

LanguageStatusGithubPyPI
JavaAvailablecloudformation-cli-java-plugincloudformation-cli-java-plugin
GoAvailablecloudformation-cli-go-plugincloudformation-cli-go-plugin
PythonAvailablecloudformation-cli-python-plugincloudformation-cli-python-plugin
TypeScriptAvailablecloudformation-cli-typescript-plugincloudformation-cli-typescript-plugin

Hook Types Supported Plugins

LanguageStatusGithubPyPI
JavaAvailablecloudformation-cli-java-plugincloudformation-cli-java-plugin
PythonAvailablecloudformation-cli-python-plugincloudformation-cli-python-plugin

License

This library is licensed under the Apache 2.0 License.

Community

Join us on Discord! Connect & interact with CloudFormation developers & experts, find channels to discuss and get help for our CLI, cfn-lint, CloudFormation registry, StackSets, Guard and more:

Join our Discord