DefaultStackSynthesizerProps

class aws_cdk.DefaultStackSynthesizerProps(*, bootstrap_stack_version_ssm_parameter=None, bucket_prefix=None, cloud_formation_execution_role=None, deploy_role_additional_options=None, deploy_role_arn=None, deploy_role_external_id=None, docker_tag_prefix=None, file_asset_publishing_external_id=None, file_asset_publishing_role_additional_options=None, file_asset_publishing_role_arn=None, file_assets_bucket_name=None, generate_bootstrap_version_rule=None, image_asset_publishing_external_id=None, image_asset_publishing_role_additional_options=None, image_asset_publishing_role_arn=None, image_assets_repository_name=None, lookup_role_additional_options=None, lookup_role_arn=None, lookup_role_external_id=None, qualifier=None, use_lookup_role_for_stack_operations=None)

Bases: object

Configuration properties for DefaultStackSynthesizer.

Parameters:
  • bootstrap_stack_version_ssm_parameter (Optional[str]) – Bootstrap stack version SSM parameter. The placeholder ${Qualifier} will be replaced with the value of qualifier. Default: DefaultStackSynthesizer.DEFAULT_BOOTSTRAP_STACK_VERSION_SSM_PARAMETER

  • bucket_prefix (Optional[str]) – bucketPrefix to use while storing S3 Assets. Default: - DefaultStackSynthesizer.DEFAULT_FILE_ASSET_PREFIX

  • cloud_formation_execution_role (Optional[str]) – The role CloudFormation will assume when deploying the Stack. You must supply this if you have given a non-standard name to the execution role. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_CLOUDFORMATION_ROLE_ARN

  • deploy_role_additional_options (Optional[Mapping[str, Any]]) – Additional options to pass to STS when assuming the deploy role. - RoleArn should not be used. Use the dedicated deployRoleArn property instead. - ExternalId should not be used. Use the dedicated deployRoleExternalId instead. - TransitiveTagKeys defaults to use all keys (if any) specified in Tags. E.g, all tags are transitive by default. Default: - No additional options.

  • deploy_role_arn (Optional[str]) – The role to assume to initiate a deployment in this environment. You must supply this if you have given a non-standard name to the publishing role. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_DEPLOY_ROLE_ARN

  • deploy_role_external_id (Optional[str]) – External ID to use when assuming role for cloudformation deployments. Default: - No external ID

  • docker_tag_prefix (Optional[str]) – A prefix to use while tagging and uploading Docker images to ECR. This does not add any separators - the source hash will be appended to this string directly. Default: - DefaultStackSynthesizer.DEFAULT_DOCKER_ASSET_PREFIX

  • file_asset_publishing_external_id (Optional[str]) – External ID to use when assuming role for file asset publishing. Default: - No external ID

  • file_asset_publishing_role_additional_options (Optional[Mapping[str, Any]]) – Additional options to pass to STS when assuming the file asset publishing. - RoleArn should not be used. Use the dedicated fileAssetPublishingRoleArn property instead. - ExternalId should not be used. Use the dedicated fileAssetPublishingExternalId instead. - TransitiveTagKeys defaults to use all keys (if any) specified in Tags. E.g, all tags are transitive by default. Default: - No additional options.

  • file_asset_publishing_role_arn (Optional[str]) – The role to use to publish file assets to the S3 bucket in this environment. You must supply this if you have given a non-standard name to the publishing role. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_FILE_ASSET_PUBLISHING_ROLE_ARN

  • file_assets_bucket_name (Optional[str]) – Name of the S3 bucket to hold file assets. You must supply this if you have given a non-standard name to the staging bucket. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_FILE_ASSETS_BUCKET_NAME

  • generate_bootstrap_version_rule (Optional[bool]) – Whether to add a Rule to the stack template verifying the bootstrap stack version. This generally should be left set to true, unless you explicitly want to be able to deploy to an unbootstrapped environment. Default: true

  • image_asset_publishing_external_id (Optional[str]) – External ID to use when assuming role for image asset publishing. Default: - No external ID

  • image_asset_publishing_role_additional_options (Optional[Mapping[str, Any]]) – Additional options to pass to STS when assuming the image asset publishing. - RoleArn should not be used. Use the dedicated imageAssetPublishingRoleArn property instead. - ExternalId should not be used. Use the dedicated imageAssetPublishingExternalId instead. - TransitiveTagKeys defaults to use all keys (if any) specified in Tags. E.g, all tags are transitive by default. Default: - No additional options.

  • image_asset_publishing_role_arn (Optional[str]) – The role to use to publish image assets to the ECR repository in this environment. You must supply this if you have given a non-standard name to the publishing role. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_IMAGE_ASSET_PUBLISHING_ROLE_ARN

  • image_assets_repository_name (Optional[str]) – Name of the ECR repository to hold Docker Image assets. You must supply this if you have given a non-standard name to the ECR repository. The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively. Default: DefaultStackSynthesizer.DEFAULT_IMAGE_ASSETS_REPOSITORY_NAME

  • lookup_role_additional_options (Optional[Mapping[str, Any]]) – Additional options to pass to STS when assuming the lookup role. - RoleArn should not be used. Use the dedicated lookupRoleArn property instead. - ExternalId should not be used. Use the dedicated lookupRoleExternalId instead. - TransitiveTagKeys defaults to use all keys (if any) specified in Tags. E.g, all tags are transitive by default. Default: - No additional options.

  • lookup_role_arn (Optional[str]) – The role to use to look up values from the target AWS account during synthesis. Default: - None

  • lookup_role_external_id (Optional[str]) – External ID to use when assuming lookup role. Default: - No external ID

  • qualifier (Optional[str]) – Qualifier to disambiguate multiple environments in the same account. You can use this and leave the other naming properties empty if you have deployed the bootstrap environment with standard names but only different qualifiers. Default: - Value of context key @aws-cdk/core:bootstrapQualifier’ if set, otherwise DefaultStackSynthesizer.DEFAULT_QUALIFIER

  • use_lookup_role_for_stack_operations (Optional[bool]) – Use the bootstrapped lookup role for (read-only) stack operations. Use the lookup role when performing a cdk diff. If set to false, the deploy role credentials will be used to perform a cdk diff. Requires bootstrap stack version 8. Default: true

ExampleMetadata:

infused

Example:

MyStack(app, "MyStack",
    synthesizer=DefaultStackSynthesizer(
        file_assets_bucket_name="my-orgs-asset-bucket"
    )
)

Attributes

bootstrap_stack_version_ssm_parameter

Bootstrap stack version SSM parameter.

The placeholder ${Qualifier} will be replaced with the value of qualifier.

Default:

DefaultStackSynthesizer.DEFAULT_BOOTSTRAP_STACK_VERSION_SSM_PARAMETER

bucket_prefix

bucketPrefix to use while storing S3 Assets.

Default:
  • DefaultStackSynthesizer.DEFAULT_FILE_ASSET_PREFIX

cloud_formation_execution_role

The role CloudFormation will assume when deploying the Stack.

You must supply this if you have given a non-standard name to the execution role.

The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively.

Default:

DefaultStackSynthesizer.DEFAULT_CLOUDFORMATION_ROLE_ARN

deploy_role_additional_options

Additional options to pass to STS when assuming the deploy role.

  • RoleArn should not be used. Use the dedicated deployRoleArn property instead.

  • ExternalId should not be used. Use the dedicated deployRoleExternalId instead.

  • TransitiveTagKeys defaults to use all keys (if any) specified in Tags. E.g, all tags are transitive by default.

Default:
  • No additional options.

See:

https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property

deploy_role_arn

The role to assume to initiate a deployment in this environment.

You must supply this if you have given a non-standard name to the publishing role.

The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively.

Default:

DefaultStackSynthesizer.DEFAULT_DEPLOY_ROLE_ARN

deploy_role_external_id

External ID to use when assuming role for cloudformation deployments.

Default:
  • No external ID

docker_tag_prefix

A prefix to use while tagging and uploading Docker images to ECR.

This does not add any separators - the source hash will be appended to this string directly.

Default:
  • DefaultStackSynthesizer.DEFAULT_DOCKER_ASSET_PREFIX

file_asset_publishing_external_id

External ID to use when assuming role for file asset publishing.

Default:
  • No external ID

file_asset_publishing_role_additional_options

Additional options to pass to STS when assuming the file asset publishing.

  • RoleArn should not be used. Use the dedicated fileAssetPublishingRoleArn property instead.

  • ExternalId should not be used. Use the dedicated fileAssetPublishingExternalId instead.

  • TransitiveTagKeys defaults to use all keys (if any) specified in Tags. E.g, all tags are transitive by default.

Default:
  • No additional options.

See:

https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property

file_asset_publishing_role_arn

The role to use to publish file assets to the S3 bucket in this environment.

You must supply this if you have given a non-standard name to the publishing role.

The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively.

Default:

DefaultStackSynthesizer.DEFAULT_FILE_ASSET_PUBLISHING_ROLE_ARN

file_assets_bucket_name

Name of the S3 bucket to hold file assets.

You must supply this if you have given a non-standard name to the staging bucket.

The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively.

Default:

DefaultStackSynthesizer.DEFAULT_FILE_ASSETS_BUCKET_NAME

generate_bootstrap_version_rule

Whether to add a Rule to the stack template verifying the bootstrap stack version.

This generally should be left set to true, unless you explicitly want to be able to deploy to an unbootstrapped environment.

Default:

true

image_asset_publishing_external_id

External ID to use when assuming role for image asset publishing.

Default:
  • No external ID

image_asset_publishing_role_additional_options

Additional options to pass to STS when assuming the image asset publishing.

  • RoleArn should not be used. Use the dedicated imageAssetPublishingRoleArn property instead.

  • ExternalId should not be used. Use the dedicated imageAssetPublishingExternalId instead.

  • TransitiveTagKeys defaults to use all keys (if any) specified in Tags. E.g, all tags are transitive by default.

Default:
  • No additional options.

See:

https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property

image_asset_publishing_role_arn

The role to use to publish image assets to the ECR repository in this environment.

You must supply this if you have given a non-standard name to the publishing role.

The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively.

Default:

DefaultStackSynthesizer.DEFAULT_IMAGE_ASSET_PUBLISHING_ROLE_ARN

image_assets_repository_name

Name of the ECR repository to hold Docker Image assets.

You must supply this if you have given a non-standard name to the ECR repository.

The placeholders ${Qualifier}, ${AWS::AccountId} and ${AWS::Region} will be replaced with the values of qualifier and the stack’s account and region, respectively.

Default:

DefaultStackSynthesizer.DEFAULT_IMAGE_ASSETS_REPOSITORY_NAME

lookup_role_additional_options

Additional options to pass to STS when assuming the lookup role.

  • RoleArn should not be used. Use the dedicated lookupRoleArn property instead.

  • ExternalId should not be used. Use the dedicated lookupRoleExternalId instead.

  • TransitiveTagKeys defaults to use all keys (if any) specified in Tags. E.g, all tags are transitive by default.

Default:
  • No additional options.

See:

https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html#assumeRole-property

lookup_role_arn

The role to use to look up values from the target AWS account during synthesis.

Default:
  • None

lookup_role_external_id

External ID to use when assuming lookup role.

Default:
  • No external ID

qualifier

Qualifier to disambiguate multiple environments in the same account.

You can use this and leave the other naming properties empty if you have deployed the bootstrap environment with standard names but only different qualifiers.

Default:
  • Value of context key @aws-cdk/core:bootstrapQualifier’ if set, otherwise DefaultStackSynthesizer.DEFAULT_QUALIFIER

use_lookup_role_for_stack_operations

Use the bootstrapped lookup role for (read-only) stack operations.

Use the lookup role when performing a cdk diff. If set to false, the deploy role credentials will be used to perform a cdk diff.

Requires bootstrap stack version 8.

Default:

true