Home

Awesome

cfndsl

Spec Gem Version

AWS Cloudformation templates are an incredibly powerful way to build sets of resources in Amazon's AWS environment. Unfortunately, because they are specified in JSON or YAML, they are also difficult to write and maintain:

The cnfdsl gem provides a DSL that allows you to write templates using friendly Ruby logic to generate and validate cloudformation templates.

Getting Started

ruby version > 2.7 is required to run cfndsl, you should look at using rbenv example for installing with rbenv

rbenv exec gem install cfndsl

Example for doing it system wide Ruby

sudo gem install cfndsl

Update the the cloudformation specification to the latest version.

cfndsl -u

or update to a specific version

cfndsl -u 7.1.0

Now write a template in the dsl


CloudFormation {
  Description "Test"

  Parameter("One") {
    String
    Default "Test"
	MaxLength 15
  }

  Output(:One,FnBase64( Ref("One")))

  EC2_Instance(:MyInstance) {
    ImageId "ami-12345678"
  }

}

Then run cfndsl on the file

chris@raspberrypi:~/git/cfndsl$ cfndsl test.rb | json_pp
{
   "Parameters" : {
      "One" : {
	 "Type" : "String",
	 "Default" : "Test",
	 "MaxLength" : 15
      }
   },
   "Resources" : {
      "MyInstance" : {
	 "Type" : "AWS::EC2::Instance",
	 "Properties" : {
	    "ImageId" : "ami-12345678"
	 }
      }
   },
   "AWSTemplateFormatVersion" : "2010-09-09",
   "Outputs" : {
      "One" : {
	 "Value" : {
	    "Fn::Base64" : {
	       "Ref" : "One"
	    }
	 }
      }
   },
   "Description" : "Test"
}

Aside: that is correct - a significant amount of the development for this gem was done on a Raspberry Pi.

Syntax

cfndsl comes with a number of helper methods defined on each resource and/or the stack as a whole.

Template Metadata

Metadata is a special template section described here. The argument supplied must be JSON-able. Some CloudFormation features reference special keys if included in the Metadata, check the AWS documentation for specifics.

CloudFormation do
  Metadata(foo: 'bar')

  EC2_Instance(:myInstance) do
    ImageId 'ami-12345678'
    InstanceType 't1.micro'
  end
end

Template Parameters

At a bare minumum, parameters need a name, and default to having Type String. Specify the parameter in the singular, not plural:

CloudFormation do
  Parameter 'foo'
end
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": {
    "foo": {
      "Type": "String"
    }
  }
}

However, they can accept all of the following additional keys per the documentation:

Parameter('foo') do
  Description           'This is a sample parameter definition'
  Type                  'String'
  Default               'foo'
  NoEcho                true
  AllowedValues         %w(foo bar)
  AllowedPattern        '/pattern/'
  MaxLength             5
  MinLength             3
  MaxValue              10
  MinValue              2
  ConstraintDescription 'The error message printed when a parameter outside the constraints is given'
end

Parameters can be referenced later in your template:

EC2_Instance(:myInstance) do
  InstanceType 'm3.xlarge'
  UserData Ref('foo')
end

Template Mappings

Mappings are a hash-based lookup for your template. They can be specified in the singular or plural.

CloudFormation do
  Mapping('foo', letters: { a: 'a', b: 'b' }, numbers: { 1: 1, 2: 2 })
end
{
  "AWSTemplateFormatVersion": "2010-09-09",
    "Mappings": {
      "foo": {
	"letters": {
	  "a": "a",
	  "b": "b"
	},
	"numbers": {
	  "one": 1,
	  "two": 2
	}
      }
    }
  }
}

You can then reference them later in your template using the FnFindInMap method:

EC2_Instance(:myInstance) do
  InstanceType 'm3.xlarge'
  UserData FnFindInMap('foo', :numbers, :one)
end

Template Outputs

Outputs are declared one at a time and must be given a name and a value at a minimum, description is optional. Values are most typically obtained from other resources using Ref or FnGetAtt:

CloudFormation do
  EC2_Instance(:myInstance) do
    ImageId 'ami-12345678'
    Type 't1.micro'
  end

  Output(:myInstanceId) do
    Description 'My instance Id'
    Value Ref(:myInstance)
  end
end
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "myInstance": {
      "Properties": {
	"ImageId": "ami-12345678"
      },
      "Type": "AWS::EC2::Instance"
    }
  },
  "Outputs": {
    "myInstanceId": {
      "Description": "My instance Id",
      "Value": {
	"Ref": "myInstance"
      }
    }
  }
}

Template Conditions

Conditions must be created with statements in three sections: a variable entry as a Parameter, a template-level Condition that holds the logic based upon the value of that Parameter, and a resource-level Condition that references the template-level one by logical id.

CloudFormation do
  Parameter(:environment) do
    Default 'development'
    AllowedValues %w(production development)
  end

  Condition(:createResource, FnEquals(Ref(:environment), 'production'))

  EC2_Instance(:myInstance) do
    Condition :createResource
    ImageId 'ami-12345678'
    Type 't1.micro'
  end
end
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Parameters": {
    "environment": {
      "Type": "String",
      "Default": "development",
      "AllowedValues": [
	"production",
	"development"
      ]
    }
  },
  "Conditions": {
    "createResource": {
      "Fn::Equals": [
	{
	  "Ref": "environment"
	},
	"production"
      ]
    }
  },
  "Resources": {
    "myInstance": {
      "Condition": "createResource",
      "Properties": {
	"ImageId": "ami-12345678"
      },
      "Type": "AWS::EC2::Instance"
    }
  }
}

Template Resources

Cfndsl creates accessor methods for all of the resources listed here and here. If a resource is missing, or if you prefer to explicitly enter a resource in a template, you can do so. Keep in mind that since you are using the generic Resource class, you will also need to explicitly set the Type and that you no longer have access to the helper methods defined on that particular class, so you will have to use the Property method to set them.

CloudFormation do
  Resource(:myInstance) do
    Type 'AWS::EC2::Instance'
    Property('ImageId', 'ami-12345678')
    Property('Type', 't1.micro')
  end

  # Will generate the same json as this
  #
  # EC2_Instance(:myInstance) do
  #   ImageId 'ami-12345678'
  #   Type 't1.micro'
  # end
end
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "myInstance": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
	"ImageId": "ami-12345678",
	"Type": "t1.micro"
      }
    }
  }
}

Resource Types

When using the generic Resource method, rather than the dsl methods, specify the type of resource using Type and the properties using Property. See Template Resources for an example.

Resource Conditions

Resource conditions are specified singularly, referencing a template-level condition by logical id. See Template Conditions for an example.

Resource DependsOn

Resources can depend upon other resources explicitly using DependsOn. It accepts one or more logical ids.

CloudFormation do
  EC2_Instance(:database) do
    ImageId 'ami-12345678'
    Type 't1.micro'
  end

  EC2_Instance(:webserver) do
    DependsOn :database
    ImageId 'ami-12345678'
    Type 't1.micro'
  end
end
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "database": {
      "Properties": {
	"ImageId": "ami-12345678"
      },
      "Type": "AWS::EC2::Instance"
    },
    "webserver": {
      "Properties": {
	"ImageId": "ami-12345678"
      },
      "Type": "AWS::EC2::Instance",
      "DependsOn": "database"
    }
  }
}

Resource DeletionPolicy

Resources can have deletion policies associated with them. Specify them one per resource as an attribute:

CloudFormation do
  EC2_Instance(:myInstance) do
    DeletionPolicy 'Retain'
    ImageId 'ami-12345678'
    Type 't1.micro'
  end
end

Resource Metadata

You can attach arbitrary metadata as an attribute. Arguments provided must be able to be JSON-ified:

CloudFormation do
  EC2_Instance(:myInstance) do
    Metadata(foo: 'bar')
    ImageId 'ami-12345678'
    Type 't1.micro'
  end
end

Resource CreationPolicy/UpdatePolicy

These attributes are only usable on particular resources. The name of the attribute is not arbitrary, it must match the policy name you are trying to attach. Different policies have different parameters.

CloudFormation do
  EC2_Instance(:myInstance) do
    ImageId 'ami-12345678'
    Type 't1.micro'
    CreationPolicy(:ResourceSignal, { Count: 1, Timeout: 'PT1M' })
  end
end

Samples

There is a more detailed example in the samples directory. The file "autoscale.template" is one of the standard Amazon sample templates. "autoscale.rb" generates an equivalent template file.

There's also a larger set of examples available at cfndsl_examples thanks to @neillturner.

Command Line Options

The cfndsl command line program now accepts some command line options.

Usage: cfndsl [options] FILE
    -o, --output FILE                Write output to file
    -y, --yaml FILE                  Import yaml file as local variables
    -j, --json FILE                  Import json file as local variables
    -p, --pretty                     Pretty-format output JSON
    -f, --format FORMAT              Specify the output format (JSON default)
    -D, --define "VARIABLE=VALUE"    Directly set local VARIABLE as VALUE
    -v, --verbose                    Turn on verbose output
    -m, --disable-deep-merge         Disable deep merging of yaml
    -s, --specification-file FILE    Location of Cloudformation Resource Specification file
    -u [VERSION],                    Update the Resource Specification file to latest, or specific version
        --update-specification
    -g RESOURCE_TYPE,RESOURCE_LOGICAL_NAME,
        --generate                   Add resource type and logical name
    -l, --list                       List supported resources
    -h, --help                       Display this screen

By default, cfndsl will attempt to evaluate FILE as cfndsl template and print the resulting cloudformation json template to stdout. With the -o option, you can instead have it write the resulting json template to a given file. The -v option prints out additional information (to stderr) about what is happening in the model generation process.

The -y, -j, -r and -D options can be used to control some things about the environment that the template code gets evaluate in. For instance, the -D option allows you to set a variable at the command line that can then be referred to within the template itself.

This is best illustrated with a example. Consider the following cfndsl template

# cfndsl template sample/t1.rb
CloudFormation do

  description = external_parameters.fetch(:description, 'default description')
  machines = external_parameters.fetch(:machines, 1).to_i

  Description description

  (1..machines).each do |i|
    name = "machine#{i}"
    EC2_Instance(name) do
      ImageId 'ami-12345678'
      Type 't1.micro'
    end
  end

end

Note the two variables description and machines. The template sets these to some reasonable default values, and if you run cfndsl on it without changing them in any way you get the following cloudformation template:

{
  "Resources": {
    "machine1": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
	"ImageId": "ami-12345678"
      }
    }
  },
  "Description": "default description",
  "AWSTemplateFormatVersion": "2010-09-09"
}

However if you run the command

$ cfndsl sample/t1.rb -D 'description=3 machine cluster' -D 'machines=3'

you get the following generated template.

{
  "Resources": {
    "machine3": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
	"ImageId": "ami-12345678"
      }
    },
    "machine2": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
	"ImageId": "ami-12345678"
      }
    },
    "machine1": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
	"ImageId": "ami-12345678"
      }
    }
  },
  "Description": "3 machine cluster",
  "AWSTemplateFormatVersion": "2010-09-09"
}

The -y and -j options allow you to group several variable definitions into a single file (formated as either yaml or json respectively). If you had a file called 't1.yaml' that contained the following,

# sample/t1.yaml
description: 5 machine cluster
machines: 5

the command

$ cfndsl sample/t1.rb -y sample/t1.yaml

would generate a template with 5 instances declared.

Specifying multiple -y options will default deep_merge all the yaml in the order specified. You can disable this with -m.

Rake task

Simply add the following to your Rakefile:

require 'cfndsl/rake_task'

namespace(:cfndsl) do
  CfnDsl::RakeTask.new do |t|
    # Use a custom specification file
    t.specification(file: 'tmp/cloudformation_resources.json')

    desc 'Generate CloudFormation Json'
    t.json(name: :json, files: FileList.new('sample/*.rb'), pathmap: 'tmp/%f.json')
    
    # Generate yaml output, loading an extra file that matches the source file
    t.yaml(name: :yaml, files: 'sample/t1.rb', pathmap: 'tmp/%f.yaml', extras: '%X.yaml')
  end
end

And then use rake to generate the cloudformation:

$ bin/rake cfndsl:generate

Embedded Ruby


# Optionally before requiring 'cfndsl' set global options
require `cfndsl/globals`
CfnDsl.specification_file(file) # Override location of json spec file 
CfnDsl.disable_deep_merge       # Prevent monkey patching of Hash with deep merge capabilities

require `cfndsl`

# As a function that takes a block of DSL
template = CloudFormation do
  # Some CfnDsl
end
puts JSON.pretty_generate(template.validate)

# As a class that is a template
class MyTemplate < CfnDsl::CloudFormationTemplate  
  def initialize 
    super do
      # Base DSL
    end  
  end
  
  def instance(logical_id)
    this = self
    EC2_Instance(logical_id) do
      self.class.name # << 'CfnDsl::ResourceDefinition' not 'MyTemplate' !
      InstanceType this.instance_type  
    end 
  end
   
  #do not make this private! 
  def instance_type
    't3.large'      
  end
end

# As a builder class
class Builder
  include CfnDsl::CloudFormation

  def model
    this = self # the DSL blocks are executed via instance_eval
    ref_param = Ref('param')  # and other Fn::*
    template = CloudFormation do
      # Some DSL
    end
    template.validate.to_json
  end
end

Generating CloudFormation resources from cfndsl

By supplying the -g parameter you are now able to generate cloudformation resources for supported objects, for a list of supported resources run cfndsl -l

Example

cfndsl -g AWS::EC2::EIP,EIP
require 'cfndsl'
CloudFormation do
  Description 'auto generated cloudformation cfndsl template'

  EC2_EIP('EIP') do
        Domain String # http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-eip.html#cfn-ec2-eip-domain
        InstanceId String # http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-eip.html#cfn-ec2-eip-instanceid
  end
end

Many thanks to the base code from cfnlego to make this possible!