AWS CloudFormation
User Guide (Version )


Creates a service mesh. A service mesh is a logical boundary for network traffic between the services that reside within it.

After you create your service mesh, you can create virtual services, virtual nodes, virtual routers, and routes to distribute traffic between the applications in your mesh.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Type" : "AWS::AppMesh::Mesh", "Properties" : { "MeshName" : String, "Spec" : MeshSpec, "Tags" : [ Tag, ... ] } }


Type: AWS::AppMesh::Mesh Properties: MeshName: String Spec: MeshSpec Tags: - Tag



The name to use for the service mesh.

Required: Yes

Type: String

Update requires: Replacement


The service mesh specification to apply.

Required: No

Type: MeshSpec

Update requires: No interruption


Optional metadata that you can apply to the service mesh to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

Required: No

Type: List of Tag

Update requires: No interruption

Return Values


When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource ARN. For example:

{ "Ref": "myMesh" }

When you pass the logical ID of an AWS::AppMesh::Mesh resource to the intrinsic Ref function, the function returns the mesh ARN, such as arn:aws:appmesh:us-east-1:555555555555:mesh/myMesh .

For more information about using the Ref function, see Ref.


The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.


The full Amazon Resource Name (ARN) for the mesh.


The name of the service mesh.


The unique identifier for the mesh.


Create a Service Mesh

This example creates a service mesh that allows all egress traffic.


{ "Description": "Basic Test Mesh", "Resources": { "BasicMesh": { "Type": "AWS::AppMesh::Mesh", "Properties": { "MeshName": "BasicMesh1", "Spec": { "EgressFilter": { "Type": "ALLOW_ALL" } }, "Tags": [ { "Key": "Key1", "Value": "Value1" }, { "Key": "Key2", "Value": "Value2" } ] } } }, "Outputs": { "MeshName": { "Description": "Name of the Mesh", "Value": { "Fn::GetAtt": [ "BasicMesh", "MeshName" ] } }, "Arn": { "Description": "Arn of the Mesh created", "Value": { "Fn::GetAtt": [ "BasicMesh", "Arn" ] } }, "Uid": { "Description": "Uid of the Mesh created", "Value": { "Fn::GetAtt": [ "BasicMesh", "Uid" ] } } } }


Description: "Basic Test Mesh" Resources: BasicMesh: Type: "AWS::AppMesh::Mesh" Properties: MeshName: "BasicMesh1" Spec: EgressFilter: Type: "ALLOW_ALL" Tags: - Key: "Key1" Value: "Value1" - Key: "Key2" Value: "Value2" Outputs: MeshName: Description: Name of the Mesh Value: Fn::GetAtt: - BasicMesh - MeshName Arn: Description: Arn of the Mesh created Value: Fn::GetAtt: - BasicMesh - Arn Uid: Description: Uid of the Mesh created Value: Fn::GetAtt: - BasicMesh - Uid

See Also