tessl/pypi-troposphere
AWS CloudFormation creation library that facilitates building infrastructure templates programmatically in Python
parameters-outputs.mddocs/
Parameters and Outputs
CloudFormation template parameters for user inputs and outputs for exposing resource values, with comprehensive validation and cross-stack reference support.
Capabilities
Parameters
Template parameters allow users to provide input values when creating or updating CloudFormation stacks.
class Parameter(AWSDeclaration):
# Inherits constructor from BaseAWSObject:
# def __init__(self, title: str, template: Optional[Template] = None,
# validation: bool = True, **kwargs)
# Key properties (set via constructor kwargs or attribute assignment):
# Type: str - Parameter type (required)
# Default: Union[str, int, float] - Default value
# NoEcho: bool - Whether to mask parameter value in console
# AllowedValues: List[Any] - List of allowed values
# AllowedPattern: str - Regular expression pattern for validation
# MaxLength: int - Maximum string length (String parameters only)
# MinLength: int - Minimum string length (String parameters only)
# MaxValue: int - Maximum numeric value (Number parameters only)
# MinValue: int - Minimum numeric value (Number parameters only)
# Description: str - Parameter description
# ConstraintDescription: str - Error message for constraint violations
def validate(self) -> None:
"""Validate parameter configuration and default value."""
def validate_title(self) -> None:
"""Validate parameter title length (max 255 characters)."""Parameter Types
CloudFormation supports various parameter types with specific validation rules.
# Basic Parameter Types (string values for Type property)
"String" - String parameter type
"Number" - Numeric parameter type
"List<Number>" - List of numbers parameter type
"CommaDelimitedList" - Comma-delimited list parameter type
# AWS-Specific Parameter Types (string values for Type property)
"AWS::EC2::AvailabilityZone::Name" - EC2 Availability Zone name
"AWS::EC2::Image::Id" - EC2 AMI ID
"AWS::EC2::Instance::Id" - EC2 Instance ID
"AWS::EC2::KeyPair::KeyName" - EC2 Key Pair name
"AWS::EC2::SecurityGroup::GroupName" - EC2 Security Group name
"AWS::EC2::SecurityGroup::Id" - EC2 Security Group ID
"AWS::EC2::Subnet::Id" - EC2 Subnet ID
"AWS::EC2::VPC::Id" - EC2 VPC ID
"AWS::Route53::HostedZone::Id" - Route53 Hosted Zone ID
"AWS::S3::Bucket::Name" - S3 Bucket name
# List Types (string values for Type property)
"List<AWS::EC2::AvailabilityZone::Name>" - List of AZ names
"List<AWS::EC2::Image::Id>" - List of AMI IDs
"List<AWS::EC2::Instance::Id>" - List of Instance IDs
"List<AWS::EC2::SecurityGroup::GroupName>" - List of SG names
"List<AWS::EC2::SecurityGroup::Id>" - List of SG IDs
"List<AWS::EC2::Subnet::Id>" - List of Subnet IDs
"List<AWS::EC2::VPC::Id>" - List of VPC IDs
"List<AWS::Route53::HostedZone::Id>" - List of Hosted Zone IDsOutputs
Template outputs expose resource values and can be imported by other stacks.
class Output(AWSDeclaration):
# Inherits constructor from BaseAWSObject:
# def __init__(self, title: str, template: Optional[Template] = None,
# validation: bool = True, **kwargs)
# Key properties (set via constructor kwargs or attribute assignment):
# Value: Union[str, AWSHelperFn] - Output value (required)
# Description: str - Output description
# Export: Export - Export configuration for cross-stack referencesCross-Stack Exports
Enable cross-stack references by exporting output values.
class Export(AWSHelperFn):
def __init__(self, name: Union[str, AWSHelperFn]):
"""Export configuration for outputs with given name."""
# Args:
# name: Union[str, AWSHelperFn] - Export name (must be unique within region)Usage Examples
Basic Parameters
from troposphere import Template, Parameter, Ref
from troposphere.constants import T2_MICRO, T2_SMALL, T2_MEDIUM
template = Template()
# String parameter with allowed values
instance_type = Parameter(
"InstanceType",
Type="String",
Default="t2.micro",
AllowedValues=["t2.micro", "t2.small", "t2.medium"],
Description="EC2 instance type for the application server",
ConstraintDescription="Must be a valid EC2 instance type"
)
template.add_parameter(instance_type)
# Number parameter with range
port = Parameter(
"Port",
Type="Number",
Default=8080,
MinValue=1024,
MaxValue=65535,
Description="Application port number"
)
template.add_parameter(port)
# String parameter with pattern
bucket_name = Parameter(
"BucketName",
Type="String",
AllowedPattern="^[a-z0-9.-]*$",
MinLength=3,
MaxLength=63,
Description="S3 bucket name (lowercase letters, numbers, dots, hyphens only)",
ConstraintDescription="Bucket name must be 3-63 characters, lowercase letters, numbers, dots, and hyphens only"
)
template.add_parameter(bucket_name)
# NoEcho parameter for sensitive data
db_password = template.add_parameter(Parameter(
"DatabasePassword",
Type="String",
NoEcho=True,
MinLength=8,
MaxLength=128,
Description="Database master password",
ConstraintDescription="Password must be 8-128 characters"
))AWS-Specific Parameter Types
from troposphere import Template, Parameter
template = Template()
# VPC selection
vpc_id = template.add_parameter(Parameter(
"VpcId",
Type="AWS::EC2::VPC::Id",
Description="VPC ID where resources will be created"
))
# Subnet selection (multiple)
subnet_ids = template.add_parameter(Parameter(
"SubnetIds",
Type="List<AWS::EC2::Subnet::Id>",
Description="List of subnet IDs for load balancer"
))
# Key pair selection
key_name = template.add_parameter(Parameter(
"KeyName",
Type="AWS::EC2::KeyPair::KeyName",
Description="EC2 Key Pair for SSH access"
))
# AMI selection
ami_id = template.add_parameter(Parameter(
"AmiId",
Type="AWS::EC2::Image::Id",
Description="AMI ID for EC2 instances"
))
# Security group selection
security_groups = template.add_parameter(Parameter(
"SecurityGroups",
Type="List<AWS::EC2::SecurityGroup::Id>",
Description="Security groups for EC2 instances"
))Complex Parameter Validation
from troposphere import Template, Parameter
from troposphere.validators import positive_integer
template = Template()
# Custom validation function
def validate_cidr(cidr):
import ipaddress
try:
ipaddress.IPv4Network(cidr, strict=False)
return cidr
except ValueError:
raise ValueError(f"Invalid CIDR block: {cidr}")
# Parameter with custom validator
vpc_cidr = Parameter(
"VpcCidr",
Type="String",
Default="10.0.0.0/16",
Description="CIDR block for VPC",
props={
"VpcCidr": (validate_cidr, True)
}
)
# CommaDelimitedList parameter
availability_zones = template.add_parameter(Parameter(
"AvailabilityZones",
Type="CommaDelimitedList",
Description="List of availability zones",
Default="us-east-1a,us-east-1b"
))
# List<Number> parameter
alarm_thresholds = template.add_parameter(Parameter(
"AlarmThresholds",
Type="List<Number>",
Description="CloudWatch alarm thresholds",
Default="70,85,95"
))Parameter Groups and Labels
from troposphere import Template, Parameter
template = Template()
# Network parameters
vpc_id = template.add_parameter(Parameter(
"VpcId",
Type="AWS::EC2::VPC::Id",
Description="VPC for resources"
))
subnet_id = template.add_parameter(Parameter(
"SubnetId",
Type="AWS::EC2::Subnet::Id",
Description="Subnet for instance"
))
# Database parameters
db_instance_class = template.add_parameter(Parameter(
"DBInstanceClass",
Type="String",
Default="db.t3.micro",
Description="RDS instance class"
))
db_allocated_storage = template.add_parameter(Parameter(
"DBAllocatedStorage",
Type="Number",
Default=20,
MinValue=20,
MaxValue=1000,
Description="Database storage size in GB"
))
# Group parameters
template.add_parameter_to_group(vpc_id, "Network Configuration")
template.add_parameter_to_group(subnet_id, "Network Configuration")
template.add_parameter_to_group(db_instance_class, "Database Configuration")
template.add_parameter_to_group(db_allocated_storage, "Database Configuration")
# Set parameter labels
template.set_parameter_label(vpc_id, "VPC")
template.set_parameter_label(subnet_id, "Subnet")
template.set_parameter_label(db_instance_class, "Instance Class")
template.set_parameter_label(db_allocated_storage, "Storage Size (GB)")Basic Outputs
from troposphere import Template, Output, Ref, GetAtt
from troposphere.ec2 import Instance
from troposphere.s3 import Bucket
template = Template()
# Create resources
instance = template.add_resource(Instance(
"MyInstance",
ImageId="ami-0abcdef1234567890",
InstanceType="t2.micro"
))
bucket = template.add_resource(Bucket("MyBucket"))
# Simple outputs
template.add_output(Output(
"InstanceId",
Value=Ref(instance),
Description="EC2 Instance ID"
))
template.add_output(Output(
"InstancePublicIP",
Value=GetAtt(instance, "PublicIp"),
Description="Instance public IP address"
))
template.add_output(Output(
"BucketName",
Value=Ref(bucket),
Description="S3 Bucket name"
))
template.add_output(Output(
"BucketDomainName",
Value=GetAtt(bucket, "DomainName"),
Description="S3 Bucket domain name"
))Cross-Stack Exports
from troposphere import Template, Output, Export, Sub, Ref
from troposphere.ec2 import VPC, Subnet
template = Template()
# Create VPC
vpc = template.add_resource(VPC(
"MyVPC",
CidrBlock="10.0.0.0/16",
EnableDnsSupport=True,
EnableDnsHostnames=True
))
# Create subnet
subnet = template.add_resource(Subnet(
"PublicSubnet",
VpcId=Ref(vpc),
CidrBlock="10.0.1.0/24",
MapPublicIpOnLaunch=True
))
# Export VPC ID for other stacks
template.add_output(Output(
"VpcId",
Value=Ref(vpc),
Description="VPC ID",
Export=Export(Sub("${AWS::StackName}-VPC-ID"))
))
# Export subnet ID
template.add_output(Output(
"PublicSubnetId",
Value=Ref(subnet),
Description="Public subnet ID",
Export=Export(Sub("${AWS::StackName}-PublicSubnet-ID"))
))
# Export with fixed name
template.add_output(Output(
"VpcCidr",
Value=GetAtt(vpc, "CidrBlock"),
Description="VPC CIDR block",
Export=Export("MyNetwork-VPC-CIDR")
))Using Imported Values
from troposphere import Template, ImportValue, Sub
from troposphere.ec2 import Instance, SecurityGroup
template = Template()
# Import values from other stacks
vpc_id = ImportValue(Sub("${NetworkStackName}-VPC-ID"))
subnet_id = ImportValue(Sub("${NetworkStackName}-PublicSubnet-ID"))
# Fixed export name import
security_group_id = ImportValue("SharedResources-WebServerSecurityGroup")
# Use imported values
instance = template.add_resource(Instance(
"WebServer",
ImageId="ami-0abcdef1234567890",
InstanceType="t2.micro",
SubnetId=subnet_id,
SecurityGroupIds=[security_group_id]
))
# Parameter for stack name
network_stack_param = template.add_parameter(Parameter(
"NetworkStackName",
Type="String",
Description="Name of the network stack to import from"
))Advanced Output Examples
from troposphere import *
from troposphere.elasticloadbalancingv2 import LoadBalancer
from troposphere.route53 import RecordSet
template = Template()
# Create load balancer
alb = template.add_resource(LoadBalancer(
"ApplicationLoadBalancer",
Scheme="internet-facing",
Type="application",
IpAddressType="ipv4"
))
# Complex output with string manipulation
template.add_output(Output(
"LoadBalancerURL",
Value=Join("", ["http://", GetAtt(alb, "DNSName")]),
Description="Application Load Balancer URL"
))
# Conditional output
template.add_condition("CreateDNS", Equals(Ref("CreateDNSRecord"), "true"))
template.add_output(Output(
"CustomDomainURL",
Condition="CreateDNS",
Value=Join("", ["https://", Ref("DomainName")]),
Description="Custom domain URL (only if DNS record created)",
Export=Export(Sub("${AWS::StackName}-CustomDomain"))
))
# Output with multiple attribute references
template.add_output(Output(
"LoadBalancerInfo",
Value=Sub("DNS: ${DNS}, ARN: ${ARN}, Scheme: ${Scheme}", {
"DNS": GetAtt(alb, "DNSName"),
"ARN": Ref(alb),
"Scheme": GetAtt(alb, "Scheme")
}),
Description="Load balancer information summary"
))Install with Tessl CLI
npx tessl i tessl/pypi-troposphere