Fn::GetAtt
The Fn::GetAtt intrinsic function returns the value of an attribute from a
resource in the template.
Declaration
JSON
{ "Fn::GetAtt" : [ "logicalNameOfResource", "attributeName" ] }
YAML
Syntax for the full function name:
Fn::GetAtt: [logicalNameOfResource,attributeName]
Syntax for the short form:
!GetAttlogicalNameOfResource.attributeName
Parameters
logicalNameOfResource-
The logical name (also called logical ID) of the resource that contains the attribute that you want.
attributeName-
The name of the resource-specific attribute whose value you want. See the resource's reference page for details about the attributes available for that resource type.
Return Value
The attribute value.
Examples
Return a String
This example snippet returns a string containing the DNS name of the load balancer
with
the logical name myELB.
JSON
"Fn::GetAtt" : [ "myELB" , "DNSName" ]
YAML
!GetAtt myELB.DNSName
Return Multiple Strings
The following example template returns the SourceSecurityGroup.OwnerAlias
and SourceSecurityGroup.GroupName of the load balancer with the logical name
myELB.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "myELB": { "Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Properties": { "AvailabilityZones": [ "eu-west-1a" ], "Listeners": [ { "LoadBalancerPort": "80", "InstancePort": "80", "Protocol": "HTTP" } ] } }, "myELBIngressGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "ELB ingress group", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": "80", "ToPort": "80", "SourceSecurityGroupOwnerId": { "Fn::GetAtt": [ "myELB", "SourceSecurityGroup.OwnerAlias" ] }, "SourceSecurityGroupName": { "Fn::GetAtt": [ "myELB", "SourceSecurityGroup.GroupName" ] } } ] } } } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Resources: myELB: Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: AvailabilityZones: - eu-west-1a Listeners: - LoadBalancerPort: '80' InstancePort: '80' Protocol: HTTP myELBIngressGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: ELB ingress group SecurityGroupIngress: - IpProtocol: tcp FromPort: '80' ToPort: '80' SourceSecurityGroupOwnerId: !GetAtt myELB.SourceSecurityGroup.OwnerAlias SourceSecurityGroupName: !GetAtt myELB.SourceSecurityGroup.GroupName
Supported Functions
For the Fn::GetAtt logical resource name, you cannot use functions. You must
specify a string that is a resource's logical ID.
For the Fn::GetAtt attribute name, you can use the Ref
function.
Attributes
You can retrieve the following attributes using Fn::GetAtt.
| Resource TypeName | Attribute | Description |
|---|---|---|
| AWS::AmazonMQ::Broker | Arn |
The Amazon Resource Name (ARN) of the Amazon MQ broker. Example:arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 |
| AWS::AmazonMQ::Broker | ConfigurationId |
The unique ID that Amazon MQ generates for the configuration. Example:c-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 |
| AWS::AmazonMQ::Broker | ConfigurationRevision |
The revision number of the Amazon MQ configuration. Example:1 |
| AWS::AmazonMQ::Configuration | Arn |
The Amazon Resource Name (ARN) of the Amazon MQ configuration. Example:arn:aws:mq:us-east-2:123456789012:configuration:MyConfigurationDevelopment:c-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 |
| AWS::AmazonMQ::Configuration | Revision |
The revision number of the Amazon MQ configuration. Example:1 |
|
|
The Amazon CloudFront distribution domain name that is mapped to the custom domain name. Example: |
|
|
|
The root resource ID for a Example: |
|
|
|
The domain name associated with the regional endpoint for this custom domain name. You set up this association by adding a DNS record that points the custom domain name to this regional domain name. |
|
|
|
The region-specific Amazon Route 53 Hosted Zone ID of the regional endpoint. |
|
|
|
The full Amazon Resource Name (ARN) for the mesh. |
|
|
|
The name of the service mesh. |
|
|
|
The unique identifier for the mesh. |
|
|
|
The full Amazon Resource Name (ARN) for the route. |
|
|
|
The name of the service mesh that the route resides in. |
|
|
|
The name of the route. |
|
|
|
The unique identifier for the route. |
|
|
|
The name of the virtual router that the route is associated with. |
|
|
|
The full Amazon Resource Name (ARN) for the virtual node. |
|
|
|
The name of the service mesh that the virtual node resides in. |
|
|
|
The unique identifier for the virtual node. |
|
|
|
The name of the virtual node. |
|
|
|
The full Amazon Resource Name (ARN) for the virtual router. |
|
|
|
The name of the service mesh that the virtual router resides in. |
|
|
|
The unique identifier for the virtual router. |
|
|
|
The name of the virtual router. |
|
|
|
The full Amazon Resource Name (ARN) for the virtual service. |
|
|
|
The name of the service mesh that the virtual service resides in. |
|
|
|
The unique identifier for the virtual service. |
|
|
|
The name of the virtual service. |
|
|
|
The URL to start an Amazon AppStream 2.0 image builder streaming session |
|
|
|
The Amazon Resource Name (ARN) of the AWS Cloud9 development environment. Example:
|
|
|
|
An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50. |
|
|
|
Uniquely identifies a backup plan. |
|
|
|
Unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. Version Ids cannot be edited. |
|
|
|
Uniquely identifies a backup plan. |
|
|
|
Uniquely identifies a request to assign a set of resources to a backup plan. |
|
|
|
An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault. |
|
|
|
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens. |
|
|
|
The name of the AWS Cloud9 development environment. Example: |
|
|
|
A JSON-format string containing the Example of a wait condition with two signals:
|
|
|
|
The output value from the nested stack that you specified, where
|
|
|
|
Example: |
|
|
|
Example: |
|
|
|
Example:
|
|
|
|
The Amazon Resource Name (ARN) of the Amazon SNS topic that is associated with the CloudTrail trail. Example:
|
|
|
|
Example:
|
|
|
|
Example:
|
|
|
|
Example:
|
|
|
|
Example:
|
|
|
|
Example:
|
|
|
|
Example: |
|
|
|
The pipeline version. Example: |
|
|
|
Example: |
|
|
|
Example:
|
|
|
|
Example: |
|
|
|
Example: |
|
|
|
Example:
|
|
|
|
Example:
|
|
|
AWS::DirectoryService::MicrosoftAD and AWS::DirectoryService::SimpleAD |
|
The alias for a directory. Examples: |
|
AWS::DirectoryService::MicrosoftAD and AWS::DirectoryService::SimpleAD |
|
The IP addresses of the DNS servers for the directory. Example: |
|
|
Example:
|
|
|
|
The resource id for the DB cluster. The cluster ID uniquely identifies the cluster and is used in things like IAM authentication policies. Example: |
|
|
|
The connection endpoint for the DB cluster. Example: |
|
|
|
The port number on which the DB cluster accepts connections. Example: |
|
|
|
The read-only connection endpoint for the cluster. Example: |
|
|
|
The connection endpoint for the DB instance. Example: |
|
|
|
The port number on which the DB cluster accepts connections. Example: |
|
|
|
Example:
|
|
|
|
The Amazon Resource Name (ARN) of the DynamoDB table stream. To use this attribute,
you must specify the DynamoDB table Example:
|
|
|
|
The Availability Zone in which the capacity is reserved. Example: |
|
|
|
The remaining capacity, which indicates the number of instances that can be launched in the Capacity Reservation. Example: |
|
|
|
The type of instance for which the capacity is reserved. Example: |
|
|
|
The tenancy of the Capacity Reservation. Example: |
|
|
|
The total number of instances for which the Capacity Reservation reserves capacity. Example: |
|
|
|
The ID that AWS assigns to represent the allocation of the address for use with Amazon VPC. It is returned only for VPC Elastic IP addresses. Example: |
|
|
|
The Availability Zone where the instance that you specified is launched. Example: |
|
|
|
The private DNS name of the instance that you specified. Example: |
|
|
|
The public DNS name of the instance that you specified. Example: |
|
|
|
The private IP address of the instance that you specified. Example: |
|
|
|
The public IP address of the instance that you specified. Example: |
|
|
|
The primary private IP address of the network interface that you specified. Example: |
|
|
|
The secondary private IP addresses of the network interface that you specified. Example: |
|
|
|
The group ID of the specified security group. Example: |
|
|
|
The ID of the VPC. Example: |
|
|
|
The Availability Zone of the subnet. Example: |
|
|
|
A list of IPv6 CIDR blocks that are associated with the subnet. Example: |
|
|
|
The ID of the network ACL that is associated with the subnet's VPC. Example: |
|
|
|
The ID of the subnet's VPC. Example: |
|
|
|
The |
|
|
|
The set of IP addresses for the VPC. Example: |
|
|
|
A list of IPv4 CIDR block association IDs for the VPC. Example: |
|
|
|
The default network ACL ID that is associated with the VPC, which AWS creates when you create a VPC. Example: |
|
|
|
The default security group ID that is associated with the VPC, which AWS creates when you create a VPC. Example: |
|
|
|
A list of IPv6 CIDR blocks that are associated with the VPC. Example: |
|
|
|
Example:
|
|
|
|
Example:
|
|
|
|
The name of an Amazon Elastic Container Service service. Example: |
|
|
|
The ARN of the cluster. Example:
|
|
|
|
The |
|
|
|
The endpoint for your Kubernetes API server. Example:
|
|
|
|
The DNS address of the configuration endpoint for the Memcached cache cluster. Example: |
|
|
|
The port number of the configuration endpoint for the Memcached cache cluster. |
|
|
|
The DNS address of the configuration endpoint for the Redis cache cluster. Example: |
|
|
|
The port number of the configuration endpoint for the Redis cache cluster. |
|
|
|
The DNS hostname of the cache node. |
|
|
|
The port number that the cache engine is listening on. |
|
|
|
The DNS address of the primary read-write cache node. |
|
|
|
The port number that the primary read-write cache engine is listening on. |
|
|
|
A string with a list of endpoints for the read-only replicas. The order of the
addresses maps to the order of the ports from the Example: |
|
|
|
A string with a list of ports for the read-only replicas. The order of the ports
maps to the order of the addresses from the Example: |
|
|
|
A list of endpoints for the read-only replicas. Example: |
|
|
|
A list of ports for the read-only replicas. Example: |
|
|
|
The URL to the load balancer for this environment. Example:
|
|
|
|
The name of the Route 53-hosted zone that is associated with the load balancer. Example:
|
|
|
|
The ID of the Route 53 hosted zone name that is associated with the l oad balancer. Example: |
|
|
|
The DNS name for the load balancer. Example:
|
|
|
|
The security group that you can use as part of your inbound rules for your load balancer's back-end Amazon EC2 application instances. Example: |
|
|
|
The owner of the source security group. Example: |
|
|
|
The DNS name for the application load balancer. Example:
|
|
|
|
The ID of the Amazon Route 53-hosted zone name that is associated with the load balancer. Example: |
|
|
|
The full name of the application load balancer. Example: |
|
|
|
The name of the application load balancer. Example: |
|
|
|
The IDs of the security groups for the application load balancer. Example: |
|
|
|
The Amazon Resource Names (ARNs) of the load balancers that route traffic to this target group. Example: |
|
|
|
The full name of the target group.
Example:
|
|
|
|
The name of the target group.
Example:
|
|
|
|
The Amazon Resource Name (ARN) of the domain. Example:
|
|
|
|
The domain-specific endpoint that is used to submit index, search, and data upload requests to an Amazon Elasticsearch Service domain. Example:
|
|
|
|
The public DNS name of the master node (instance). Example: |
|
|
|
Example:
|
|
|
|
The ARN of the Example:
|
|
|
|
The ID of the Example:
|
|
|
|
The ARN of the most recent Example:
|
|
|
|
The name of the Example:
|
|
|
|
The ARN of the Example:
|
|
|
|
The ID of the Example:
|
|
|
|
The ARN of the most recent Example:
|
|
|
|
The name of the Example:
|
|
|
|
The ARN of the Example:
|
|
|
|
The ID of the Example:
|
|
|
|
The ARN of the most recent Example:
|
|
|
|
The name of the Example:
|
|
|
ID |
The ID of the Example:
|
|
|
ARN |
The ARN of the Example:
|
|
|
|
The ARN of the Example:
|
|
|
|
The ID of the Example:
|
|
|
|
The ARN of the most recent Example:
|
|
|
|
The name of the Example:
|
|
|
|
The ARN of the IAM role attached to the >Example:
|
|
|
|
The time (in milliseconds since the epoch) when the group role was associated with
the |
|
|
|
The ARN of the Example:
|
|
|
|
The ID of the Example:
|
|
|
|
The ARN of the most recent Example:
|
|
|
|
The name of the Example:
|
|
|
|
The ARN of the Example:
|
|
|
|
The ID of the Example:
|
|
|
|
The ARN of the most recent Example:
|
|
|
|
The name of the Example:
|
|
|
|
The ARN of the Example:
|
|
|
|
The ID of the Example:
|
|
|
|
The ARN of the most recent Example:
|
|
|
|
The name of the Example:
|
|
|
|
The secret access key for the specified Example: |
|
|
|
Example:
|
|
|
|
Example:
|
|
|
|
Example: |
|
|
|
Example:
|
|
Arn |
Example:
arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2 |
|
|
|
Example:
|
|
|
|
Example:
|
|
|
|
The ARN of the AWS IoT 1-Click compatible device. Example:
|
|
|
|
The user specified device ID. Example: |
|
|
|
A Boolean value indicating if the device is enabled ( Example: |
|
|
|
The placement name associated with a project. Example: |
|
|
|
The name of the project for a given placement. Example: |
|
|
|
The name of the project. Example: |
|
|
|
The ARN of the project. Example:
|
|
|
|
Example:
|
|
|
|
Example:
|
|
|
|
Example: |
|
|
|
Example: |
|
|
|
Example: |
|
|
|
Example:
|
|
|
|
Example:
|
|
|
|
Example:
|
|
|
|
Example:
|
|
|
|
The version of a Lambda function. Example: |
|
|
|
Example:
|
|
|
|
Example:
|
|
|
|
||
|
|
The Availability Zone of an AWS OpsWorks instance. Example: |
|
|
|
The private DNS name of an AWS OpsWorks instance. |
|
|
|
The private IP address of an AWS OpsWorks instance. |
|
|
|
The public DNS name of an AWS OpsWorks instance. |
|
|
|
The public IP address of an AWS OpsWorks instance. Note To use this attribute, the AWS OpsWorks instance must be in an AWS OpsWorks layer that auto-assigns public IP addresses. Example: |
|
|
|
The SSH user name of an AWS OpsWorks instance. |
|
|
|
Example:
|
|
|
|
Example: |
|
|
|
The Amazon Resource Name (ARN) of the resource share. Example:
|
|
|
|
The connection endpoint for the cluster. Example:
|
|
|
|
The connection port for the cluster. Example: |
|
| AWS::RDS::DBCluster |
|
The connection endpoint for the DB cluster. Example:
|
|
|
The port number on which the DB cluster accepts connections. Example: |
|
|
|
The reader endpoint for the DB cluster. Example:
|
|
|
|
The connection endpoint for the database. Example:
|
|
|
|
The port number on which the database accepts connections. Example: |
|
|
|
The Amazon Resource Name (ARN) of the fleet. Example:
|
|
|
|
The Amazon Resource Name (ARN) of the robot application. Example:
|
|
|
|
The current revision ID. Example: |
|
|
|
The Amazon Resource Name (ARN) of the simulation application. Example:
|
|
|
|
The current revision ID. Example: |
|
|
|
The set of name servers for the specific hosted zone. Example: This attribute is not supported for private hosted zones. |
|
|
|
The ARN for the inbound or outbound endpoint. Example: |
|
|
|
Whether this is an inbound or outbound endpoint. Example: |
|
|
|
The ID of the VPC that you want to create the resolver endpoint in. Example: |
|
|
|
The number of IP addresses that the resolver endpoint can use for DNS queries. Example: |
|
|
|
The name for the inbound or outbound endpoint. Example: |
|
|
|
The ID that Resolver assigned to the endpoint when you created it. Example: |
|
|
|
The ARN for the rule. Example: |
|
|
|
The domain name for outbound DNS queries that you want to forward to DNS resolvers in your network. Example: |
|
|
|
The ID of the endpoint that the rule is associated with. Example: |
|
|
|
The ID that Resolver assigned to the rule when you created it. Example: |
|
|
|
The IPv4 IP addresses that you want Resolver to forward DNS queries to. Example: |
|
|
|
The name of an association between a resolver rule and a VPC. Example: |
|
|
|
The ID of the resolver rule association that you want to get information about. Example: |
|
|
|
The ID of the resolver rule that you associated with the VPC that is specified by
Example: |
|
|
|
The ID of the VPC that you associated the resolver rule with. Example: |
|
|
|
Example: |
|
|
|
The DNS name of the specified bucket. Example: |
|
|
|
The IPv6 DNS name of the specified bucket. Example:
|
|
|
|
The Amazon S3 website endpoint for the specified bucket. Example:
|
|
|
|
The ARN of an |
|
|
|
Example:
|
|
|
|
Example: |
|
|
|
Example:
|
|
|
|
Example: |
|
|
|
Example:
|
|
|
|
Example: |
|
|
|
Example:
|
|
|
|
Example: |
|
|
|
Example: |
|
| AWS::SNS::Topic | TopicName |
The name of an Amazon SNS topic. Example: |
| AWS::StepFunctions::Activity | Name |
The name of the AWS Step Functions activity. |
| AWS::StepFunctions::StateMachine | Name |
The name of the Step Functions state machine. |
|
|
Example:
|
|
|
|
The name of an Amazon SQS queue. Example: |
|
|
|
The ARN of the AWS Transfer for SFTP server Example: |
|
|
|
The service-assigned ID of the SFTP server. Example: |
|
|
|
The ARN of the AWS Transfer for SFTP user. Example: |
|
|
|
The ID of the SFTP server to which the user is attached. Example: |
|
|
|
A unique string that identifies a user account associated with an SFTP server. Example: |
