| « PreviousNext » | |
   | Did this page help you? Yes | No | Tell us about it... |
AWS::CloudFormation::Authentication
Use the AWS::CloudFormation::Authentication type to specify authentication credentials for files or sources that you specify with the AWS::CloudFormation::Init type.
To include authentication information for a file or source that you specify with AWS::CloudFormation::Init, use
the uris property if the source is a URI or the buckets property if the source is an Amazon S3 bucket. For
more information about files, see Files. For more information about sources, see Sources.
You can also specify authentication information for files directly in the AWS::CloudFormation::Init resource.
The files key of the resource contains a property named authentication. You can use the
authentication property to associate authentication information defined in an
AWS::CloudFormation::Authentication resource directly with a file.
For files, AWS CloudFormation looks for authentication information in the following order:
The
authenticationproperty of the AWS::CloudFormation::Initfileskey.The
urisorbucketsproperty of the AWS::CloudFormation::Authentication resource.
For sources, AWS CloudFormation looks for authentication information in the uris or buckets
property of the AWS::CloudFormation::Authentication resource.
Syntax
Unlike most AWS CloudFormation resources, the AWS::CloudFormation::Authentication type does not contain a block called "Properties", but instead contains a list of user-named blocks, each containing its own authentication properties.
Not all properties pertain to each authentication type; see the type property for more details.
{
"Type" : "AWS::CloudFormation::Authentication" {
"String" : {
"accessKeyId" : String,
"buckets" : [ String, ... ],
"password" : String,
"secretKey" : String,
"type" : String,
"uris" : [ String, ... ],
"username" : String
},
...
}
} Properties
- accessKeyId
Specifies the access key ID for S3 authentication.
Required: Conditional. Can be specified only if the type property is set to
"S3".Type: String.
- buckets
A comma-delimited list of Amazon S3 buckets to be associated with the S3 authentication credentials.
Required: Conditional. Can be specified only if the type property is set to
"S3".Type: A list of strings.
- password
Specifies the password for basic authentication.
Required: Conditional. Can be specified only if the type property is set to
"basic".Type: String.
- secretKey
Specifies the secret key for S3 authentication.
Required: Conditional. Can be specified only if the type property is set to
"S3".Type: String.
- type
Specifies whether the authentication scheme uses a username and password ("basic") or an access key ID and secret key ("S3").
If you specify
"basic", you must also specify theusername,password, andurisproperties.If you specify
"S3", you must also specify theaccessKeyId,secretKey, andbucketsproperties.Required: Yes.
Type: String. Valid values are "basic" or "S3"
- uris
A comma-delimited list of URIs to be associated with the basic authentication credentials. The authorization applies to the specified URIs and any more specific URI. For example, if you specify
http://www.example.com, the authorization will also apply tohttp://www.example.com/test.Required: Conditional. Can be specified only if the type property is set to
"basic".Type: A list of strings.
- username
Specifies the username for basic authentication.
Required: Conditional. Can be specified only if the type property is set to
"basic".Type: String.
Return Values
Ref
When the logical ID of this resource is provided to the Ref intrinsic
function, it returns the resource name.
For more information about using the Ref function, see Ref.
Examples
Example EC2 Web Server Authentication
This template snippet shows how to get a file from a private S3 bucket within an EC2 instance. The credentials used for authentication are defined in the AWS::CloudFormation::Authentication resource, and referenced by the AWS::CloudFormation::Init resource in the files section.
"WebServer": {
"Type": "AWS::EC2::Instance",
"DependsOn" : "BucketPolicy",
"Metadata" : {
"AWS::CloudFormation::Init" : {
"config" : {
"packages" : { "yum" : { "httpd" : [] } },
"files" : {
"/var/www/html/index.html" : {
"source" : {
"Fn::Join" : [
"", [ "http://s3.amazonaws.com/", { "Ref" : "BucketName" }, "/index.html" ]
]
},
"mode" : "000400",
"owner" : "apache",
"group" : "apache",
"authentication" : "S3AccessCreds"
}
},
"services" : {
"sysvinit" : {
"httpd" : { "enabled" : "true", "ensureRunning" : "true" }
}
}
}
},
"AWS::CloudFormation::Authentication" : {
"S3AccessCreds" : {
"type" : "S3",
"accessKeyId" : { "Ref" : "CfnKeys" },
"secretKey" : { "Fn::GetAtt": [ "CfnKeys", "SecretAccessKey" ] }
}
}
},
"Properties": {
... EC2 Resource Properties ...
}
} Example Specifying Both Basic and S3 Authentication
The following example template snippet includes both basic and S3 authentication types.
"AWS::CloudFormation::Authentication" : {
"testBasic" : {
"type" : "basic",
"username" : "myuser",
"password" : "mypassword",
"uris" : [ "http://www.example.com/test" ]
},
"testS3" : {
"type" : "S3",
"accessKeyId" : "<Your Access Key ID>",
"secretKey" : "<Your Secret Key>",
"buckets" : [ "myawsbucket" ]
}
} Full Template Examples
For full template samples that feature the AWS::CloudFormation::Authentication resource, view the following templates on the AWS CloudFormation Sample Templates web page:
