| « PreviousNext » | |
   | Did this page help you? Yes | No | Tell us about it... |
AWS CloudFormation Amazon EC2 Template Snippets
This section contains a number of template snippets specific to Amazon EC2.
Topics
- EC2 Block Device Mapping Examples
- Assigning an Amazon EC2 Elastic IP Using AWS::EC2::EIP Snippet
- Assigning an Existing Elastic IP to an Amazon EC2 instance using AWS::EC2::EIPAssociation Snippet
- Assigning an Existing VPC Elastic IP to an Amazon EC2 instance using AWS::EC2::EIPAssociation Snippet
- Elastic Network Interface (ENI) Template Snippets
- Amazon EC2 Instance Resource
- Amazon EC2 Instance Resource with UserData, Volume and Tag
- Amazon EC2 Instance Resource with an Amazon SimpleDB Domain
- Amazon EC2 Security Group Resource with Two CIDR Range Ingress Rules
- Amazon EC2 Security Group Resource with Two Security Group Ingress Rules
- Amazon EC2 Security Group Resource with LoadBalancer Ingress Rule
- Using AWS::EC2::SecurityGroupIngress to Create Mutually Referencing Amazon EC2 Security Group Resources
- Amazon EC2 Volume Resource
- Amazon EC2 VolumeAttachment Resource
EC2 Block Device Mapping Examples
EC2 Instance with Block Device Mapping
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "AWS CloudFormation Sample Template EC2_Instance_With_Block_Device_Mapping: Example to show how to attach EBS volumes and modify the root device using EC2 block device mappings. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.",
"Parameters" : {
"InstanceType" : {
"Description" : "WebServer EC2 instance type",
"Type" : "String",
"Default" : "m1.small",
"AllowedValues" : [ "t1.micro","m1.small","m1.medium","m1.large","m1.xlarge","m3.xlarge","m3.2xlarge","m2.xlarge","m2.2xlarge","m2.4xlarge","c1.medium","c1.xlarge","cc1.4xlarge","cc2.8xlarge","cg1.4xlarge","hi1.4xlarge","hs1.8xlarge"],
"ConstraintDescription" : "must be a valid EC2 instance type."
},
"KeyName" : {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the web server",
"Type" : "String"
},
"SSHFrom": {
"Description": "Lockdown SSH access to the bastion host (default can be accessed from anywhere)",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid CIDR range of the form x.x.x.x/x."
}
},
"Mappings" : {
"AWSInstanceType2Arch" : {
"t1.micro" : { "Arch" : "PV64" },
"m1.small" : { "Arch" : "PV64" },
"m1.medium" : { "Arch" : "PV64" },
"m1.large" : { "Arch" : "PV64" },
"m1.xlarge" : { "Arch" : "PV64" },
"m3.xlarge" : { "Arch" : "PV64" },
"m3.2xlarge" : { "Arch" : "PV64" },
"m2.xlarge" : { "Arch" : "PV64" },
"m2.2xlarge" : { "Arch" : "PV64" },
"m2.4xlarge" : { "Arch" : "PV64" },
"c1.medium" : { "Arch" : "PV64" },
"c1.xlarge" : { "Arch" : "PV64" },
"cc1.4xlarge" : { "Arch" : "CLU64" },
"cc2.8xlarge" : { "Arch" : "CLU64" },
"cg1.4xlarge" : { "Arch" : "GPU64" },
"hi1.4xlarge" : { "Arch" : "PV64" },
"hs1.8xlarge" : { "Arch" : "PV64" }
},
"AWSRegionArch2AMI" : {
"us-east-1" : { "PV64" : "ami-1624987f", "CLU64" : "ami-08249861", "GPU64" : "ami-02f54a6b" },
"us-west-2" : { "PV64" : "ami-2a31bf1a", "CLU64" : "ami-2431bf14", "GPU64" : "NOT_YET_SUPPORTED" },
"us-west-1" : { "PV64" : "ami-1bf9de5e", "CLU64" : "NOT_YET_SUPPORTED", "GPU64" : "NOT_YET_SUPPORTED" },
"eu-west-1" : { "PV64" : "ami-c37474b7", "CLU64" : "ami-d97474ad", "GPU64" : "ami-1b02026f" },
"ap-southeast-1" : { "PV64" : "ami-a6a7e7f4", "CLU64" : "NOT_YET_SUPPORTED", "GPU64" : "NOT_YET_SUPPORTED" },
"ap-southeast-2" : { "PV64" : "ami-bd990e87", "CLU64" : "NOT_YET_SUPPORTED", "GPU64" : "NOT_YET_SUPPORTED" },
"ap-northeast-1" : { "PV64" : "ami-4e6cd34f", "CLU64" : "NOT_YET_SUPPORTED", "GPU64" : "NOT_YET_SUPPORTED" },
"sa-east-1" : { "PV64" : "ami-1e08d103", "CLU64" : "NOT_YET_SUPPORTED", "GPU64" : "NOT_YET_SUPPORTED" }
}
},
"Resources" : {
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" },
{ "Fn::FindInMap" : [ "AWSInstanceType2Arch", { "Ref" : "InstanceType" }, "Arch" ] } ] },
"KeyName" : { "Ref" : "KeyName" },
"InstanceType" : { "Ref" : "InstanceType" },
"SecurityGroups" : [{ "Ref" : "Ec2SecurityGroup" }],
"BlockDeviceMappings" : [
{
"DeviceName" : "/dev/sda1",
"Ebs" : { "VolumeSize" : "50" }
},{
"DeviceName" : "/dev/sdm",
"Ebs" : { "VolumeSize" : "100" }
}
]
}
},
"Ec2SecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "HTTP and SSH access",
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : "22", "ToPort" : "22",
"CidrIp" : { "Ref" : "SSHFrom" }
} ]
}
}
},
"Outputs" : {
"Instance" : {
"Value" : { "Fn::GetAtt" : [ "Ec2Instance", "PublicDnsName" ] },
"Description" : "DNS Name of the newly created EC2 instance"
}
}
}
EC2 Instance with Ephemeral Drives
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "AWS CloudFormation Sample Template EC2_Instance_With_Ephemeral_Drives: Example to show how to attach ephemeral drives using EC2 block device mappings. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.",
"Parameters" : {
"KeyName" : {
"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the web server",
"Type" : "String"
},
"SSHFrom": {
"Description": "Lockdown SSH access to the bastion host (default can be accessed from anywhere)",
"Type": "String",
"MinLength": "9",
"MaxLength": "18",
"Default": "0.0.0.0/0",
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid CIDR range of the form x.x.x.x/x."
}
},
"Mappings" : {
"AWSRegionArch2AMI" : {
"us-east-1" : { "PV64" : "ami-1624987f" },
"us-west-2" : { "PV64" : "ami-2a31bf1a" },
"us-west-1" : { "PV64" : "ami-1bf9de5e" },
"eu-west-1" : { "PV64" : "ami-c37474b7" },
"ap-southeast-1" : { "PV64" : "ami-a6a7e7f4" },
"ap-southeast-2" : { "PV64" : "ami-bd990e87" },
"ap-northeast-1" : { "PV64" : "ami-4e6cd34f" },
"sa-east-1" : { "PV64" : "ami-1e08d103" }
}
},
"Resources" : {
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"ImageId" : { "Fn::FindInMap" : [ "AWSRegionArch2AMI", { "Ref" : "AWS::Region" }, "PV64" ]},
"KeyName" : { "Ref" : "KeyName" },
"InstanceType" : "m1.small",
"SecurityGroups" : [{ "Ref" : "Ec2SecurityGroup" }],
"BlockDeviceMappings" : [
{
"DeviceName" : "/dev/sdc",
"VirtualName" : "ephemeral0"
}
]
}
},
"Ec2SecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "HTTP and SSH access",
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : "22", "ToPort" : "22",
"CidrIp" : { "Ref" : "SSHFrom" }
} ]
}
}
},
"Outputs" : {
"Instance" : {
"Value" : { "Fn::GetAtt" : [ "Ec2Instance", "PublicDnsName" ] },
"Description" : "DNS Name of the newly created EC2 instance"
}
}
}
Assigning an Amazon EC2 Elastic IP Using AWS::EC2::EIP Snippet
This example shows how to allocate an Amazon EC2 Elastic IP address and assign it to an Amazon EC2 instance using a AWS::EC2::EIP resource.
"MyEIP" : {
"Type" : "AWS::EC2::EIP",
"Properties" : {
"InstanceId" : { "Ref" : "logical name of an AWS::EC2::Instance resource" }
}
}Assigning an Existing Elastic IP to an Amazon EC2 instance using AWS::EC2::EIPAssociation Snippet
This example shows how to assign an existing Amazon EC2 Elastic IP address to an Amazon EC2 instance using an AWS::EC2::EIPAssociation resource.
"IPAssoc" : {
"Type" : "AWS::EC2::EIPAssociation",
"Properties" : {
"InstanceId" : { "Ref" : "logical name of an AWS::EC2::Instance resource" },
"EIP" : "existing Elastic IP address"
}
}
Assigning an Existing VPC Elastic IP to an Amazon EC2 instance using AWS::EC2::EIPAssociation Snippet
This example shows how to assign an existing VPC Elastic IP address to an Amazon EC2 instance using an AWS::EC2::EIPAssociation resource.
"VpcIPAssoc" : {
"Type" : "AWS::EC2::EIPAssociation",
"Properties" : {
"InstanceId" : { "Ref" : "logical name of an AWS::EC2::Instance resource" },
"AllocationId" : "existing VPC Elastic IP allocation ID"
}
}
Elastic Network Interface (ENI) Template Snippets
VPC_EC2_Instance_With_ENI
Sample template showing how to create an instance with 1 elastic network interface (ENI). It assumes you have already created a VPC. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "AWS CloudFormation Sample Template VPC_EC2_Instance_With_ENI: Sample template showing how to create an instance with 2 network interfaces, one for Web assess and one for SSH access. The default ENI for the instance is used for Web traffic and a second ENI is created for control port traffic. It assumes you have already created a VPC. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the AWS resources used if you create a stack from this template.",
"Parameters" : {
"KeyName" : {
"Description" : "Name of and existing EC2 KeyPair to enable SSH access to the instance",
"Type" : "String"
},
"VpcId" : {
"Type" : "String",
"Description" : "VpcId of your existing Virtual Private Cloud (VPC)"
},
"SubnetId" : {
"Type" : "String",
"Description" : "SubnetId of an existing subnet in your Virtual Private Cloud (VPC)"
},
"WebServerPort" : {
"Description" : "TCP/IP port of the web server",
"Type" : "String",
"Default" : "80"
}
},
"Mappings" : {
"RegionMap" : {
"us-east-1" : { "AMI" : "ami-aba768c2" },
"us-west-1" : { "AMI" : "ami-458fd300" },
"us-west-2" : { "AMI" : "ami-fcff72cc" },
"eu-west-1" : { "AMI" : "ami-018bb975" },
"sa-east-1" : { "AMI" : "ami-a039e6bd" },
"ap-southeast-1" : { "AMI" : "ami-425a2010" },
"ap-northeast-1" : { "AMI" : "ami-7871c579" }
}
},
"Resources" : {
"ControlPortAddress" : {
"Type" : "AWS::EC2::EIP",
"Properties" : {
"Domain" : "vpc"
}
},
"AssociateControlPort" : {
"Type" : "AWS::EC2::EIPAssociation",
"Properties" : {
"AllocationId" : { "Fn::GetAtt" : [ "ControlPortAddress", "AllocationId" ]},
"NetworkInterfaceId" : { "Ref" : "controlXface" }
}
},
"SSHSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : { "Ref" : "VpcId" },
"GroupDescription" : "Enable SSH access via port 22",
"SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0" } ]
}
},
"WebSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"VpcId" : { "Ref" : "VpcId" },
"GroupDescription" : "Enable HTTP access via user defined port",
"SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : { "Ref" : "WebServerPort" }, "ToPort" : { "Ref" : "WebServerPort" }, "CidrIp" : "0.0.0.0/0" } ]
}
},
"controlXface" : {
"Type" : "AWS::EC2::NetworkInterface",
"Properties" : {
"SubnetId" : { "Ref" : "SubnetId" },
"Description" :"Interface for control traffic such as SSH",
"GroupSet" : [ {"Ref" : "SSHSecurityGroup"} ],
"SourceDestCheck" : "true",
"Tags" : [ {"Key" : "Network", "Value" : "Control"}]
}
},
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},
"KeyName" : { "Ref" : "KeyName" },
"NetworkInterfaces" : [ { "NetworkInterfaceId" : {"Ref" : "controlXface"}, "DeviceIndex" : "0" } ],
"Tags" : [ {"Key" : "Role", "Value" : "Test Instance"}],
"UserData" : { "Fn::Base64" : { "Ref" : "WebServerPort" }}
}
}
},
"Outputs" : {
"InstanceId" : {
"Value" : { "Ref" : "Ec2Instance" },
"Description" : "Instance Id of newly created instance"
},
"ControlPortPublicAddress" : {
"Value" : { "Ref" : "ControlPortAddress" },
"Description" : "Control port public IP address of instance for SSH"
}
}
}Amazon EC2 Instance Resource
This snippet shows a simple AWS::EC2::Instance resource.
"MyInstance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"AvailabilityZone" : "us-east-1a",
"ImageId" : "ami-20b65349"
}
}Amazon EC2 Instance Resource with UserData, Volume and Tag
This snippet shows an AWS::EC2::Instance resource with one Amazon EC2 Volume, one Tag, and Base64-encoded
UserData. An AWS::EC2::SecurityGroup resource, an AWS::SNS::Topic resource, and an AWS::ETC::Volume resource
all must be defined in the same template. Also, the references KeyName,
AccessKey, and SecretKey are parameters must be defined in
the Parameters section of the template.
"MyInstance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"KeyName" : { "Ref" : "KeyName" },
"SecurityGroups" : [ {
"Ref" : "logical name of AWS::EC2::SecurityGroup resource"
} ],
"UserData" : {
"Fn::Base64" : {
"Fn::Join" : [ ":", [
"PORT=80",
"TOPIC=", {
"Ref" : "logical name of an AWS::SNS::Topic resource"
},
"ACCESS_KEY=", { "Ref" : "AccessKey" },
"SECRET_KEY=", { "Ref" : "SecretKey" } ]
]
}
},
"InstanceType" : "m1.small",
"AvailabilityZone" : "us-east-1a",
"ImageId" : "ami-1e817677",
"Volumes" : [
{ "VolumeId" : {
"Ref" : "logical name of AWS::EC2::Volume resource"
},
"Device" : "/dev/sdk" }
],
"Tags" : [ {
"Key" : "Name",
"Value" : "MyTag"
} ]
}
}Amazon EC2 Instance Resource with an Amazon SimpleDB Domain
This snippet shows an AWS::EC2::Instance resource with an Amazon SimpleDB domain specified in the UserData.
"MyInstance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"UserData" : {
"Fn::Base64" : {
"Fn::Join" : [ "",
[ "Domain=", {
"Ref" : "logical name of an AWS::SDB::Domain resource"
} ]
]
}
},
"AvailabilityZone" : "us-east-1a",
"ImageId" : "ami-20b65349"
}
}Amazon EC2 Security Group Resource with Two CIDR Range Ingress Rules
This snippet shows an AWS::EC2::SecurityGroup resource that describes two ingress rules giving access to a specified CIDR range for the TCP protocol on the specified ports.
"ServerSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "allow connections from specified CIDR ranges",
"SecurityGroupIngress" : [
{
"IpProtocol" : "tcp",
"FromPort" : "80",
"ToPort" : "80",
"CidrIp" : "0.0.0.0/0"
},{
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"CidrIp" : "192.168.1.1/32"
}
]
}
}Amazon EC2 Security Group Resource with Two Security Group Ingress Rules
This snippet shows an AWS::EC2::SecurityGroup resource that describes two security group ingress rules.
The first ingress rule grants access to the existing security group myadminsecuritygroup, which is owned by
the 1234-5678-9012 AWS account, for the TCP protocol on port 22. The second ingress rule grants access to
the security group mysecuritygroupcreatedincfn for TCP on port 80. This ingress rule uses the Ref intrinsic
function to refer to a security group (whose logical name is mysecuritygroupcreatedincfn) created in the
same template. You must declare a value for both the SourceSecurityGroupName and
SourceSecurityGroupOwnerId properties.
"ServerSecurityGroupBySG" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "allow connections from specified source security group",
"SecurityGroupIngress" : [
{
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"SourceSecurityGroupName" : "myadminsecuritygroup",
"SourceSecurityGroupOwnerId" : "123456789012"
},
{
"IpProtocol" : "tcp",
"FromPort" : "80",
"ToPort" : "80",
"SourceSecurityGroupName" : {"Ref" : "mysecuritygroupcreatedincfn"}
}
]
}
}Amazon EC2 Security Group Resource with LoadBalancer Ingress Rule
This snippet shows an AWS::EC2::SecurityGroup resource that contains a security group ingress rule that
grants access to the LoadBalancer myELB for TCP on port 80. Note that the rule uses the
SourceSecurityGroup.OwnerAlias and
SourceSecurityGroup.GroupName properties of the myELB resource to specify the
source security group of the LoadBalancer.
"myELB" : {
"Type" : "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties" : {
"AvailabilityZones" : [ "us-east-1a" ],
"Listeners" : [ {
"LoadBalancerPort" : "80",
"InstancePort" : "80",
"Protocol" : "HTTP"
} ]
}
},
"ELBIngressGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "ELB ingress group",
"SecurityGroupIngress" : [
{
"IpProtocol" : "tcp",
"FromPort" : "80",
"ToPort" : "80",
"SourceSecurityGroupOwnerId" : {"Fn::GetAtt" : ["myELB", "SourceSecurityGroup.OwnerAlias"]},
"SourceSecurityGroupName" : {"Fn::GetAtt" : ["myELB", "SourceSecurityGroup.GroupName"]}
}
]
}Using AWS::EC2::SecurityGroupIngress to Create Mutually Referencing Amazon EC2 Security Group Resources
This snippet shows two AWS::EC2::SecurityGroupIngress resources that add mutual ingress rules to the EC2 security groups SGroup1 and SGroup2. The SGroup1Ingress resource enables ingress from SGroup2 through TCP/IP port 80 to SGroup1. The SGroup2Ingress resource enables ingress from SGroup1 through TCP/IP port 80 to SGroup2.
Note
If you are using an Amazon VPC, the SecurityGroupIngress
properties must include VpcId and you must use
GroupId and SourceSecurityGroupId
instead of GroupName and
SourceSecurityGroupName
"SGroup1" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "EC2 Instance access"
}
},
"SGroup2" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "EC2 Instance access"
}
},
"SGroup1Ingress" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "SGroup1" },
"IpProtocol" : "tcp",
"ToPort" : "80",
"FromPort" : "80",
"SourceSecurityGroupName" : { "Ref" : "SGroup2" }
}
},
"SGroup2Ingress" : {
"Type" : "AWS::EC2::SecurityGroupIngress",
"Properties" : {
"GroupName" : { "Ref" : "SGroup2" },
"IpProtocol" : "tcp",
"ToPort" : "80",
"FromPort" : "80",
"SourceSecurityGroupName" : { "Ref" : "SGroup1" }
}
}
Amazon EC2 Volume Resource
This snippet shows a simple Amazon EC2 volume resource with a DeletionPolicy attribute set to Snapshot. With
the Snapshot DeletionPolicy set, AWS CloudFormation will take a snapshot of this volume before deleting it during stack
deletion. Make sure you specify a value for SnapShotId, or a value for Size, but
not both. Remove the one you don't need.
"MyEBSVolume" : {
"Type" : "AWS::EC2::Volume",
"Properties" : {
"Size" : "specify a size if no SnapShotId",
"SnapshotId" : "specify a SnapShotId if no Size",
"AvailabilityZone" : { "Ref" : "AvailabilityZone" }
},
"DeletionPolicy" : "Snapshot"
}Amazon EC2 VolumeAttachment Resource
This snippet shows the following resources: an Amazon EC2 instance using an Amazon Linux AMI from the US-East (Northern Virginia) Region, an EC2 security group that allows SSH access to IP addresses, a new Amazon EBS volume sized at 100 GB and in the same Availability Zone as the EC2 instance, and a volume attachment that attaches the new volume to the EC2 instance.
"Resources" : {
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],
"ImageId" : "ami-76f0061f"
}
},
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable SSH access via port 22",
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"CidrIp" : "0.0.0.0/0"
} ]
}
},
"NewVolume" : {
"Type" : "AWS::EC2::Volume",
"Properties" : {
"Size" : "100",
"AvailabilityZone" : { "Fn::GetAtt" : [ "Ec2Instance", "AvailabilityZone" ]},
}
},
"MountPoint" : {
"Type" : "AWS::EC2::VolumeAttachment",
"Properties" : {
"InstanceId" : { "Ref" : "Ec2Instance" },
"VolumeId" : { "Ref" : "NewVolume" },
"Device" : "/dev/sdh"
}
}
}
