Readonly Internal_crossWhether cross region references are enabled for this stack
Readonly Internal_versionWhether version reporting is enabled for this stack
Controls whether the CDK Metadata resource is injected
ReadonlyaccountThe AWS account into which this stack will be deployed.
This value is resolved according to the following rules:
env.account when the stack is defined. This can
either be a concrete account (e.g. 585695031111) or the
Aws.ACCOUNT_ID token.Aws.ACCOUNT_ID, which represents the CloudFormation intrinsic reference
{ "Ref": "AWS::AccountId" } encoded as a string token.Preferably, you should use the return value as an opaque string and not
attempt to parse it to implement your logic. If you do, you must first
check that it is a concrete value an not an unresolved token. If this
value is an unresolved token (Token.isUnresolved(stack.account) returns
true), this implies that the user wishes that this stack will synthesize
into a account-agnostic template. In this case, your code should either
fail (throw an error, emit a synth error using Annotations.of(construct).addError()) or
implement some other region-agnostic behavior.
ReadonlyartifactThe ID of the cloud assembly artifact for this stack.
ReadonlyenvironmentThe environment coordinates in which this stack is deployed. In the form
aws://account/region. Use stack.account and stack.region to obtain
the specific values, no need to parse.
You can use this value to determine if two stacks are targeting the same environment.
If either stack.account or stack.region are not concrete values (e.g.
Aws.ACCOUNT_ID or Aws.REGION) the special strings unknown-account and/or
unknown-region will be used respectively to indicate this stack is
region/account-agnostic.
ReadonlyisFlag indicating if S3 access logs bucket is enabled
ReadonlyisFlag indicating if AWS KMS CMK is enabled for AWS CloudWatch log group data encryption
ReadonlyisFlag indicating external deployment
ReadonlyisFlag indicating if AWS KMS CMK is enabled for AWS Lambda environment encryption
ReadonlyisFlag indicating if AWS KMS CMK is enabled for AWS S3 bucket encryption
ReadonlyisFlag indicating if AWS KMS CMK is enabled for AWS SQS Queue encryption
ProtectednagNag suppression input list
Optional ReadonlynestedIf this is a nested stack, this represents its AWS::CloudFormation::Stack
resource. undefined for top-level (non-nested) stacks.
ReadonlynodeThe tree node.
ReadonlyregionThe AWS region into which this stack will be deployed (e.g. us-west-2).
This value is resolved according to the following rules:
env.region when the stack is defined. This can
either be a concrete region (e.g. us-west-2) or the Aws.REGION
token.Aws.REGION, which is represents the CloudFormation intrinsic reference
{ "Ref": "AWS::Region" } encoded as a string token.Preferably, you should use the return value as an opaque string and not
attempt to parse it to implement your logic. If you do, you must first
check that it is a concrete value an not an unresolved token. If this
value is an unresolved token (Token.isUnresolved(stack.region) returns
true), this implies that the user wishes that this stack will synthesize
into a region-agnostic template. In this case, your code should either
fail (throw an error, emit a synth error using Annotations.of(construct).addError()) or
implement some other region-agnostic behavior.
ProtectedserviceList of supported partitions for Service Linked Role creation
ProtectedssmAccelerator SSM parameters This array is used to store SSM parameters that are created per-stack.
ReadonlysynthesizerSynthesis method for this stack
ReadonlytagsTags to be applied to the stack.
ReadonlytemplateThe name of the CloudFormation template file emitted to the output directory during synthesis.
Example value: MyStack.template.json
ReadonlytemplateOptions for CloudFormation template (like version, transform, description).
Returns the list of AZs that are available in the AWS environment (account/region) associated with this stack.
If the stack is environment-agnostic (either account and/or region are
tokens), this property will return an array with 2 tokens that will resolve
at deploy-time to the first two availability zones returned from CloudFormation's
Fn::GetAZs intrinsic function.
If they are not available in the context, returns a set of dummy values and
reports them as missing, and let the CLI resolve them by calling EC2
DescribeAvailabilityZones on the target environment.
To specify a different strategy for selecting availability zones override this method.
Indicates whether the stack requires bundling or not
Return the stacks this stack depends on
Indicates if this is a nested stack, in which case parentStack will include a reference to it's parent.
If this is a nested stack, returns it's parent stack.
Returns the list of notification Amazon Resource Names (ARNs) for the current stack.
The partition in which this stack is defined
The ID of the stack
The concrete CloudFormation physical stack name.
This is either the name defined explicitly in the stackName prop or
allocated based on the stack's location in the construct tree. Stacks that
are directly defined under the app use their construct id as their stack
name. Stacks that are defined deeper within the tree will use a hashed naming
scheme based on the construct path to ensure uniqueness.
If you wish to obtain the deploy-time AWS::StackName intrinsic,
you can use Aws.STACK_NAME directly.
Whether termination protection is enabled for this stack.
The Amazon domain suffix for the region in which this stack is defined
InternalCalled implicitly by the addDependency helper function in order to
realize a dependency between two top-level stacks at the assembly level.
Use stack.addDependency to define the dependency between any two stacks,
and take into account nested stack relationships.
Optionalreason: StackDependencyReasonInternalCalled implicitly by the obtainDependencies helper function in order to
collect resource dependencies across two top-level stacks at the assembly level.
Use stack.obtainDependencies to see the dependencies between any two stacks.
InternalCalled implicitly by the removeDependency helper function in order to
remove a dependency between two top-level stacks at the assembly level.
Use stack.addDependency to define the dependency between any two stacks,
and take into account nested stack relationships.
OptionalreasonFilter: StackDependencyReasonProtected_toProtected_validateProtectedaccessProtectedaddAdd a Transform to this stack. A Transform is a macro that AWS CloudFormation uses to process your template.
Duplicate values are removed when stack is synthesized.
The transform to add
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/transform-section-structure.html
declare const stack: Stack;
stack.addTransform('AWS::Serverless-2016-10-31')
ProtectedallocateReturns the naming scheme used to allocate logical IDs. By default, uses
the HashedAddressingScheme but this method can be overridden to customize
this behavior.
In order to make sure logical IDs are unique and stable, we hash the resource construct tree path (i.e. toplevel/secondlevel/.../myresource) and add it as a suffix to the path components joined without a separator (CloudFormation IDs only allow alphanumeric characters).
The result will be:
<path.join('')><md5(path.join('/')> "human" "hash"
If the "human" part of the ID exceeds 240 characters, we simply trim it so the total ID doesn't exceed CloudFormation's 255 character limit.
We only take 8 characters from the md5 hash (0.000005 chance of collision).
Special cases:
L1/L2/Pipeline/Pipeline), they will be de-duplicated to make the
resulting human portion of the ID more pleasing: L1L2Pipeline<HASH>
instead of L1L2PipelinePipeline<HASH>The element for which the logical ID is allocated.
ProtectedcreateProtectedcreateProtectedcreateProtectedcreateProtectedcreateProtectedcreateProtectedcreateProtectedcreateProtectedcreateCreate a CloudFormation Export for a string list value
Returns a string list representing the corresponding Fn.importValue()
expression for this Export. The export expression is automatically wrapped with an
Fn::Join and the import value with an Fn::Split, since CloudFormation can only
export strings. You can control the name for the export by passing the name option.
If you don't supply a value for name, the value you're exporting must be
a Resource attribute (for example: bucket.bucketName) and it will be
given the same name as the automatic cross-stack reference that would be created
if you used the attribute in another Stack.
One of the uses for this method is to remove the relationship between two Stacks established by automatic cross-stack references. It will temporarily ensure that the CloudFormation Export still exists while you remove the reference from the consuming stack. After that, you can remove the resource and the manual export.
See exportValue for an example of this process.
Optionaloptions: ExportValueOptionsCreate a CloudFormation Export for a string value
Returns a string representing the corresponding Fn.importValue()
expression for this Export. You can control the name for the export by
passing the name option.
If you don't supply a value for name, the value you're exporting must be
a Resource attribute (for example: bucket.bucketName) and it will be
given the same name as the automatic cross-stack reference that would be created
if you used the attribute in another Stack.
One of the uses for this method is to remove the relationship between two Stacks established by automatic cross-stack references. It will temporarily ensure that the CloudFormation Export still exists while you remove the reference from the consuming stack. After that, you can remove the resource and the manual export.
Here is how the process works. Let's say there are two stacks,
producerStack and consumerStack, and producerStack has a bucket
called bucket, which is referenced by consumerStack (perhaps because
an AWS Lambda Function writes into it, or something like that).
It is not safe to remove producerStack.bucket because as the bucket is being
deleted, consumerStack might still be using it.
Instead, the process takes two deployments:
Deployment 1: break the relationship:
consumerStack no longer references bucket.bucketName (maybe the consumer
stack now uses its own bucket, or it writes to an AWS DynamoDB table, or maybe you just
remove the Lambda Function altogether).ProducerStack class, call this.exportValue(this.bucket.bucketName). This
will make sure the CloudFormation Export continues to exist while the relationship
between the two stacks is being broken.consumerStack, but it's safe to deploy both).Deployment 2: remove the bucket resource:
bucket resource from producerStack.exportValue() call as well.producerStack will be changed -- the bucket will be deleted).Optionaloptions: ExportValueOptionsCreates an ARN from components.
If partition, region or account are not specified, the stack's
partition, region and account will be used.
If any component is the empty string, an empty string will be inserted into the generated ARN at the location that component corresponds to.
The ARN will be formatted as follows:
arn:{partition}:{service}:{region}:{account}:{resource}{sep}{resource-name}
The required ARN pieces that are omitted will be taken from the stack that the 'scope' is attached to. If all ARN pieces are supplied, the supplied scope can be 'undefined'.
Generate replacements and optionally return a temp path to the transformed document
OptionalorganizationId: stringOptionaltempFileName: stringOptionalparameters: { Function to get Accelerator key for given key type
{@type AcceleratorKeyType}
OptionalcustomResourceLambdaCloudWatchLogKmsKey: IKeycdk.aws_kms.IKey
cdk.aws_kms.IKey
ProtectedgetProtectedgetProtectedgetProtectedgetProtectedgetProtectedgetAllocates a stack-unique CloudFormation-compatible logical identity for a specific resource.
This method is called when a CfnElement is created and used to render the
initial logical identity of resources. Logical ID renames are applied at
this stage.
This method uses the protected method allocateLogicalId to render the
logical ID for an element. To modify the naming scheme, extend the Stack
class and override this method.
The CloudFormation element for which a logical identity is needed.
ProtectedgetProtectedgetProtectedgetProtectedisProtectedisProtectedisHelper function to verify if resource managed by ASEA or not by looking in resource mapping Can be replaced with LZA Configuration check. Not using configuration check to avoid errors/mistakes in configuration by user
Helper function to verify if resource managed by ASEA or not by looking in resource mapping Different than isManagedByAsea() because it does not filter for region or account id.
Look up a fact value for the given fact for the region of this stack
Will return a definite value only if the region of the current stack is resolved. If not, a lookup map will be added to the stack and the lookup will be done at CDK deployment time.
What regions will be included in the lookup map is controlled by the
@aws-cdk/core:target-partitions context value: it must be set to a list
of partitions, and only regions from the given partitions will be included.
If no such context key is set, all regions will be included.
This function is intended to be used by construct library authors. Application builders can rely on the abstractions offered by construct libraries and do not have to worry about regional facts.
If defaultValue is not given, it is an error if the fact is unknown for
the given region.
OptionaldefaultValue: stringSplits the provided ARN into its components. Works both if 'arn' is a string like 'arn:aws:s3:::bucket', and a Token representing a dynamic CloudFormation expression (in which case the returned components will also be dynamic CloudFormation expressions, encoded as Tokens).
the ARN to split into its components
the expected format of 'arn' - depends on what format the service 'arn' represents uses
ProtectedvalidateEvaluates if inputConfig is enabled and either excludeRegions or deploymentTargets is defined. Returns false if region is excluded
SecurityHubConfig | GuardDutyConfig
boolean
StaticisStaticisStaticof
Security Stack, configures local account security services