Fn::GetAtt - AWS CloudFormation
DeclarationParametersReturn valueExamplesSupported functions

Fn::GetAtt

The Fn::GetAtt intrinsic function returns the value of an attribute from a resource in the template. For more information about GetAtt return values for a particular resource, refer to the documentation for that resource in the Resource and property reference.

Declaration

JSON

{ "Fn::GetAtt" : [ "logicalNameOfResource", "attributeName" ] }

YAML

Syntax for the full function name:

Fn::GetAtt: [ logicalNameOfResource, attributeName ]

Syntax for the short form:

!GetAtt logicalNameOfResource.attributeName

Parameters

logicalNameOfResource

The logical name (also called logical ID) of the resource that contains the attribute that you want.

attributeName

The name of the resource-specific attribute whose value you want. See the resource's reference page for details about the attributes available for that resource type.

Return value

The attribute value.

Examples

Return a string

This example snippet returns a string containing the DNS name of the load balancer with the logical name myELB.

JSON

"Fn::GetAtt" : [ "myELB" , "DNSName" ]

YAML

!GetAtt myELB.DNSName

Return multiple strings

The following example template returns the SourceSecurityGroup.OwnerAlias and SourceSecurityGroup.GroupName of the load balancer with the logical name myELB.

JSON
{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Resources": {
        "myELB": {
            "Type": "AWS::ElasticLoadBalancing::LoadBalancer",
            "Properties": {
                "AvailabilityZones": [
                    "eu-west-1a"
                ],
                "Listeners": [
                    {
                        "LoadBalancerPort": "80",
                        "InstancePort": "80",
                        "Protocol": "HTTP"
                    }
                ]
            }
        },
        "myELBIngressGroup": {
            "Type": "AWS::EC2::SecurityGroup",
            "Properties": {
                "GroupDescription": "ELB ingress group",
                "SecurityGroupIngress": [
                    {
                        "IpProtocol": "tcp",
                        "FromPort": 80,
                        "ToPort": 80,
                        "SourceSecurityGroupOwnerId": {
                            "Fn::GetAtt": [
                                "myELB",
                                "SourceSecurityGroup.OwnerAlias"
                            ]
                        },
                        "SourceSecurityGroupName": {
                            "Fn::GetAtt": [
                                "myELB",
                                "SourceSecurityGroup.GroupName"
                            ]
                        }
                    }
                ]
            }
        }
    }
}
YAML
AWSTemplateFormatVersion: 2010-09-09
Resources:
  myELB:
    Type: AWS::ElasticLoadBalancing::LoadBalancer
    Properties:
      AvailabilityZones:
        - eu-west-1a
      Listeners:
        - LoadBalancerPort: '80'
          InstancePort: '80'
          Protocol: HTTP
  myELBIngressGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: ELB ingress group
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          SourceSecurityGroupOwnerId: !GetAtt myELB.SourceSecurityGroup.OwnerAlias
          SourceSecurityGroupName: !GetAtt myELB.SourceSecurityGroup.GroupName

Supported functions

For the Fn::GetAtt logical resource name, you can't use functions. You must specify a string that's a resource's logical ID.

For the Fn::GetAtt attribute name, you can use the Ref function.