Fn::FindInMap - AWS CloudFormation

Fn::FindInMap

The intrinsic function Fn::FindInMap returns the value corresponding to keys in a two-level map that's declared in the Mappings section.

Declaration

JSON

{ "Fn::FindInMap" : [ "MapName", "TopLevelKey", "SecondLevelKey"] }

YAML

Syntax for the full function name:

Fn::FindInMap: [ MapName, TopLevelKey, SecondLevelKey ]

Syntax for the short form:

!FindInMap [ MapName, TopLevelKey, SecondLevelKey ]
Note

You can't nest two instances of two functions in short form.

Parameters

MapName

The logical name of a mapping declared in the Mappings section that contains the keys and values.

TopLevelKey

The top-level key name. Its value is a list of key-value pairs.

SecondLevelKey

The second-level key name, which is set to one of the keys from the list assigned to TopLevelKey.

Return value

The value that's assigned to SecondLevelKey.

Examples

The following examples demonstrate how to use the Fn::FindInMap function.

Use Fn::FindInMap with region-specific values

The following example shows how to use Fn::FindInMap for a template with a Mappings section that contains a single map, RegionMap, that associates AMIs with AWS Regions.

  • The map has 5 top-level keys that correspond to various AWS Regions.

  • Each top-level key is assigned a list with two second level keys, "HVM64" and "HVMG2", that correspond to the AMI's architecture.

  • Each of the second-level keys is assigned an appropriate AMI name.

The example template contains an AWS::EC2::Instance resource whose ImageId property is set by the FindInMap function.

MapName is set to the map of interest, "RegionMap" in this example. TopLevelKey is set to the Region where the stack is created, which is determined by using the "AWS::Region" pseudo parameter. SecondLevelKey is set to the desired architecture, "HVM64" for this example.

FindInMap returns the AMI assigned to FindInMap. For a HVM64 instance in us-east-1, FindInMap would return "ami-0ff8a91507f77f867".

Note

Consider AWS Systems Manager parameters as an alternative to the Mappings section. To avoid updating all your templates with a new ID each time the AMI that you want to use changes, use the AWS::SSM::Parameter::Value<AWS::EC2::Image::Id> parameter type to retrieve the latest AMI ID when the stack is created or updated. The latest versions of commonly used AMIs are also available as public parameters in Systems Manager. For more information, see Reference existing resources and Systems Manager parameters with CloudFormation-supplied parameter types.

JSON

{ ... "Mappings" : { "RegionMap" : { "us-east-1" : { "HVM64" : "ami-0ff8a91507f77f867", "HVMG2" : "ami-0a584ac55a7631c0c" }, "us-west-1" : { "HVM64" : "ami-0bdb828fd58c52235", "HVMG2" : "ami-066ee5fd4a9ef77f1" }, "eu-west-1" : { "HVM64" : "ami-047bb4163c506cd98", "HVMG2" : "ami-0a7c483d527806435" }, "ap-southeast-1" : { "HVM64" : "ami-08569b978cc4dfa10", "HVMG2" : "ami-0be9df32ae9f92309" }, "ap-northeast-1" : { "HVM64" : "ami-06cd52961ce9f0d85", "HVMG2" : "ami-053cdd503598e4a9d" } } }, "Resources" : { "myEC2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "HVM64" ] }, "InstanceType" : "t2.micro" } } } }

YAML

Mappings: RegionMap: us-east-1: HVM64: "ami-0ff8a91507f77f867" HVMG2: "ami-0a584ac55a7631c0c" us-west-1: HVM64: "ami-0bdb828fd58c52235" HVMG2: "ami-066ee5fd4a9ef77f1" eu-west-1: HVM64: "ami-047bb4163c506cd98" HVMG2: "ami-0a7c483d527806435" ap-southeast-1: HVM64: "ami-08569b978cc4dfa10" HVMG2: "ami-0be9df32ae9f92309" ap-northeast-1: HVM64: "ami-06cd52961ce9f0d85" HVMG2: "ami-053cdd503598e4a9d" Resources: myEC2Instance: Type: "AWS::EC2::Instance" Properties: ImageId: !FindInMap - RegionMap - !Ref 'AWS::Region' - HVM64 InstanceType: t2.micro

Use Fn::FindInMap for environment-specific configurations

The following example shows how to use Fn::FindInMap for a template with a Mappings section that contains a single map, SecurityGroups. It also contains an EnvironmentType parameter that allows you to specify whether the environment is Dev or Prod. It defaults to Dev but can be overridden during stack creation.

Fn::FindInMap returns the appropriate SecurityGroupIds based on the EnvironmentType parameter. Fn::Split then splits the comma-separated string of security group IDs into a list, which is the expected format for SecurityGroupIds.

If you deploy this stack with EnvironmentType set to Dev, the SecurityGroupIds for EC2Instance will be sg-12345678. If you set EnvironmentType to Prod, it will use sg-abcdef01 and sg-ghijkl23.

JSON

{ ... "Parameters":{ "EnvironmentType":{ "Description":"The environment type (Dev or Prod)", "Type":"String", "Default":"Dev", "AllowedValues":[ "Dev", "Prod" ] } }, "Mappings":{ "SecurityGroups":{ "Dev":{ "SecurityGroupIds":"sg-12345678" }, "Prod":{ "SecurityGroupIds":"sg-abcdef01,sg-ghijkl23" } } }, "Resources":{ "Ec2Instance":{ "Type":"AWS::EC2::Instance", "Properties":{ "ImageId": "ami-0a70b9d193ae8a799", "InstanceType": "t2.micro", "SecurityGroupIds":{ "Fn::Split":[ ",", { "Fn::FindInMap":[ "SecurityGroups", { "Ref":"EnvironmentType" }, "SecurityGroupIds" ] } ] } } } } }

YAML

Parameters: EnvironmentType: Description: The environment type (Dev or Prod) Type: String Default: Dev AllowedValues: - Dev - Prod Mappings: SecurityGroups: Dev: SecurityGroupIds: sg-12345678 Prod: SecurityGroupIds: sg-abcdef01,sg-ghijkl23 Resources: Ec2Instance: Type: 'AWS::EC2::Instance' Properties: ImageId: ami-0a70b9d193ae8a799 InstanceType: t2.micro SecurityGroupIds: Fn::Split: - "," - Fn::FindInMap: [ SecurityGroups, !Ref EnvironmentType, SecurityGroupIds ]

Supported functions

You can use the following functions in a Fn::FindInMap function:

  • Fn::FindInMap

  • Ref

Related resources

To use other intrinsic functions or a default value in a Fn::FindInMap function, you must declare the AWS::LanguageExtensions transform within your template. For more information, see Fn::FindInMap enhancements.

These related topics can be helpful as you develop templates that use the Fn::FindInMap function.