cfn-signal
Description
The cfn-signal helper script signals CloudFormation to indicate whether Amazon EC2 instances have been successfully created or updated. If you install and configure software applications on instances, you can signal CloudFormation when those software applications are ready.
You use the cfn-signal script in conjunction with a CreationPolicy or an Auto Scaling group with a WaitOnResourceSignals update policy. When CloudFormation creates or updates resources with those policies, it suspends work on the stack until the resource receives the requisite number of signals or until the timeout period is exceeded. For each valid signal that CloudFormation receives, CloudFormation publishes the signals to the stack events so that you track each signal. For a walkthrough that uses a creation policy and cfn-signal, see Deploying applications on Amazon EC2 with AWS CloudFormation.
cfn-signal doesn't require credentials, so you don't need to use the
--access-key, --secret-key, --role, or
--credential-file options. However, if no credentials are specified,
CloudFormation checks for stack membership and limits the scope of the call to the
stack
that the instance belongs to.
Syntax for resource signaling (recommended)
If you want to signal CloudFormation resources, use the following syntax.
cfn-signal --success|-ssignal.to.send\ --access-keyaccess.key\ --credential-file|-fcredential.file\ --exit-code|-eexit.code\ --http-proxyHTTP.proxy\ --https-proxyHTTPS.proxy\ --id|-iunique.id\ --regionAWS.region\ --resourceresource.logical.ID\ --roleIAM.role.name\ --secret-keysecret.key\ --stackstack.name.or.stack.ID\ --urlAWS CloudFormation.endpoint
Syntax for use with wait condition handle
If you want to signal a wait condition handle, use the following syntax.
cfn-signal --success|-ssignal.to.send\ --reason|-rresource.status.reason\ --data|-ddata\ --id|-iunique.id\ --exit-code|-eexit.code\waitconditionhandle.url
Options
The options that you can use depend on whether you're signaling a creation policy or a wait condition handle. Some options that apply to a creation policy might not apply to a wait condition handle.
| Name | Description | Required |
|---|---|---|
|
|
AWS access key for an account with permission to
call the CloudFormation Type: String |
No |
|
|
Data to send back with the
Type: String Default: blank |
No |
|
|
The error code from a process that can be used to
determine success or failure. If specified, the
Type: String Examples: |
No |
|
|
A file that contains both a secret access key and an access key. The credential file parameter supersedes the --role, --access-key, and --secret-key parameters. Type: String |
No |
|
|
An HTTP proxy (non-SSL). Use the following format:
Type: String |
No |
|
|
An HTTPS proxy. Use the following format:
Type: String |
No |
|
|
The unique ID to send. Type: String Default: The ID of the Amazon EC2 instance. If the ID cannot be resolved, the machine's Fully Qualified Domain Name (FQDN) is returned. |
No |
|
|
A status reason for the resource event (currently only used on failure) - defaults to 'Configuration failed' if success is false. Type: String |
No |
--region (resource signaling
only)
|
The CloudFormation regional endpoint to use. Type: String Default:
|
No |
--resource (resource signaling
only)
|
The logical ID of the resource that contains the creations policy you want to signal. Type: String |
Yes |
|
|
The name of an IAM role that is associated with the instance. Type: String Condition: The credential file parameter supersedes this parameter. |
No |
|
|
If true, signal Type: Boolean Default:
|
No |
|
|
AWS secret access key that corresponds to the specified AWS access key. Type: String |
No |
|
|
The stack name or stack ID that contains the resource you want to signal. Type: String |
Yes |
-u, --url (resource signaling
only)
|
The CloudFormation endpoint to use. Type: String |
No |
|
|
A presigned URL that you can use to signal success
or failure to an associated
Type: String |
Yes |
Example
Amazon Linux example
A common usage pattern is to use cfn-init and cfn-signal together. The cfn-signal call uses the return status of the call to cfn-init (using the $? shell construct). If the application fails to install, the instance will fail to create and the stack will rollback. For Windows stacks, see Bootstrapping AWS CloudFormation Windows stacks.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "Simple EC2 instance", "Resources": { "MyInstance": { "Type": "AWS::EC2::Instance", "Metadata": { "AWS::CloudFormation::Init": { "config": { "files": { "/tmp/test.txt": { "content": "Hello world!", "mode": "000755", "owner": "root", "group": "root" } } } } }, "Properties": { "ImageId": "ami-a4c7edb2", "InstanceType": "t2.micro", "UserData": { "Fn::Base64": { "Fn::Join": [ "", [ "#!/bin/bash -x\n", "# Install the files and packages from the metadata\n", "/opt/aws/bin/cfn-init -v ", " --stack ", { "Ref": "AWS::StackName" }, " --resource MyInstance ", " --region ", { "Ref": "AWS::Region" }, "\n", "# Signal the status from cfn-init\n", "/opt/aws/bin/cfn-signal -e $? ", " --stack ", { "Ref": "AWS::StackName" }, " --resource MyInstance ", " --region ", { "Ref": "AWS::Region" }, "\n" ] ] } } }, "CreationPolicy": { "ResourceSignal": { "Timeout": "PT5M" } } } } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Description: Simple EC2 instance Resources: MyInstance: Type: AWS::EC2::Instance Metadata: 'AWS::CloudFormation::Init': config: files: /tmp/test.txt: content: Hello world! mode: '000755' owner: root group: root Properties: ImageId: ami-a4c7edb2 InstanceType: t2.micro UserData: !Base64 'Fn::Join': - '' - - | #!/bin/bash -x - | # Install the files and packages from the metadata - '/opt/aws/bin/cfn-init -v ' - ' --stack ' - !Ref 'AWS::StackName' - ' --resource MyInstance ' - ' --region ' - !Ref 'AWS::Region' - |+ - | # Signal the status from cfn-init - '/opt/aws/bin/cfn-signal -e $? ' - ' --stack ' - !Ref 'AWS::StackName' - ' --resource MyInstance ' - ' --region ' - !Ref 'AWS::Region' - |+ CreationPolicy: ResourceSignal: Timeout: PT5M
Examples
Several CloudFormation sample templates use cfn-signal, including the following templates.
