Hooks structure
A hook schema is a JSON-formatted text file that defines properties and attributes for a specific hook. The following is an example of a hook schema and its structure.
Hooks schema
A hook includes a hook specification represented by a JSON schema and handlers that are invoked at each hook invocation point.
The first step in creating a hook is modeling a schema that defines the hook, its
properties, and their attributes. When you initialize a hook project using the
CloudFormation CLI init command, a
hook schema file is created for you. Use this schema file as a starting point for
defining the shape and semantics of your hook.
The following schema is the structure for a hook.
{ "typeName": "string", "description": "string", "sourceUrl": "string", "documentationUrl": "string", "definitions": { "definitionName": { . . . } }, "typeConfiguration": { "properties": { "propertyName": { "description": "string", "type": "string", . . . }, }, "required": [ "propertyName" . . . ], "additionalProperties": false }, "handlers": { "preCreate": { "targetNames": [ ], "permissions": [ ] }, "preUpdate": { "targetNames": [ ], "permissions": [ ] }, "preDelete": { "targetNames": [ ], "permissions": [ ] } }, "additionalProperties": false }
Properties
typeName-
The unique name for your hook. Specifies a three-part namespace for your hook, with a recommended pattern of
Organization::Service::Hook.Note The following organization namespaces are reserved and can't be used in your hook type names:
-
Alexa -
AMZN -
Amazon -
ASK -
AWS -
Custom -
Dev
Required: Yes
Pattern:
^[a-zA-Z0-9]{2,64}::[a-zA-Z0-9]{2,64}::[a-zA-Z0-9]{2,64}$Minimum:
10Maximum:
196 -
description-
A short description of the hook that's displayed in the CloudFormation console.
Required: Yes
sourceUrl-
The URL of the source code for the hook, if public.
Required: No
Maximum:
4096 documentationUrl-
The URL of a page providing detailed documentation for the hook.
Required: Yes
Pattern:
^https\:\/\/[0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])(\:[0-9]*)*([\?/#].*)?$Maximum:
4096Note Although the hook schema should include complete and accurate property descriptions, you can use the
documentationURLproperty to provide users with more details, including examples, use cases, and other detailed information. definitions-
Use the
definitionsblock to provide shared hook property schemas.It's considered a best practice to use the
definitionssection to define schema elements that can be used at multiple points in your hook type schema. You can then use a JSON pointer to reference that element at the appropriate places in your hook type schema.Required: No
typeConfiguration-
The definition of a hook’s configuration data.
Required: Yes
properties-
The properties of the hook. All properties of a hook must be expressed in the schema. Align the hook schema properties with the hook type configuration properties.
Note Nested properties aren't allowed. Instead, define any nested properties in the
definitionselement, and use a$refpointer to reference them in the desired property. additionalProperties-
additionalPropertiesmust be set tofalse. All properties of a hook must be expressed in the schema: arbitrary inputs aren't allowed.Required: Yes
Valid values:
false handlers-
Handlers specify the operations which can initiate the hook defined in the schema, such as hook invocation points. For example, a
preUpdatehandler is invoked before the update operations for all specified targets in the handler.Valid values:
preCreate|preUpdate|preDeleteNote At least one value must be specified for the handler.
Important Stacks operations that result in the status of
UpdateCleanupwill not invoke a hook. For example, during the following two scenarios, the hook'spreDeletehandler will not be invoked:-
the stack is updated after removing one resource from the template.
-
a resource with the update type of replacement is deleted.
-
targetNames-
A string array of type names that hook targets. For example, if a
preCreatehandler has anAWS::S3::Buckettarget, the hook initiates for Amazon S3 buckets during the preprovisioning phase.-
TargetNameSpecify at least one target name for each implemented handler.
Pattern:
^[a-zA-Z0-9]{2,64}::[a-zA-Z0-9]{2,64}::[a-zA-Z0-9]{2,64}$Minimum:
1Required: Yes
-
permissions-
A string array that specifies the AWS permissions needed to invoke the handler.
Required: Yes
additionalProperties-
additionalPropertiesmust be set tofalse. All properties of a hook must be expressed in the schema: arbitrary inputs aren't allowed.Required: Yes
Valid values:
false
Example hooks schema
The Java and the Python walkthroughs use the following code example. The following
is an example structure for a hook called
mycompany-testing-mytesthook.json.
{ "typeName":"MyCompany::Testing::MyTestHook", "description":"Verifies S3 bucket and SQS queues properties before create and update", "sourceUrl":"https://mycorp.com/my-repo.git", "documentationUrl":"https://mycorp.com/documentation", "typeConfiguration":{ "properties":{ "minBuckets":{ "description":"Minimum number of compliant buckets", "type":"string" }, "minQueues":{ "description":"Minimum number of compliant queues", "type":"string" }, "encryptionAlgorithm":{ "description":"Encryption algorithm for SSE", "default":"AES256", "type":"string" } }, "required":[ ], "additionalProperties":false }, "handlers":{ "preCreate":{ "targetNames":[ "AWS::S3::Bucket", "AWS::SQS::Queue" ], "permissions":[ ] }, "preUpdate":{ "targetNames":[ "AWS::S3::Bucket", "AWS::SQS::Queue" ], "permissions":[ ] }, "preDelete":{ "targetNames":[ "AWS::S3::Bucket", "AWS::SQS::Queue" ], "permissions":[ "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetEncryptionConfiguration", "sqs:ListQueues", "sqs:GetQueueAttributes", "sqs:GetQueueUrl" ] } }, "additionalProperties":false }
Hook configuration schema
CloudFormation supports hook configurations which are set by the hook users.
CloudFormation refers to this configuration schema at runtime when invoking a hook in an
AWS account. Hooks are configured when the type configuration is
set to initiate from the stacks. To enable your hook to proactively inspect the
configuration of your stack, you must set the TargetStacks to
ALL, after the hook has been registered and activated in your
account. The maximum amount of data that a hook’s configuration can store is 300 KB.
This is in addition to all the constraints imposed on Configuration
request parameter of SetTypeConfiguration operation.
The following is an example of a hook configuration schema.
{ "CloudFormationConfiguration": { "HookConfiguration": { "TargetStacks": "ALL", "FailureMode": "FAIL", "Properties": { ... } } } }
HookConfiguration-
Hook configuration supports activating or deactivating hooks at stack level, failure modes, and hook properties values.
The hook configuration supports the following properties.
TargetStacks-
If the mode is set to
ALL, the hook applies to all stacks in your account during aCREATE,UPDATE, orDELETEoperation.If the mode is set to
NONE, the hook won't apply to stacks in your account.Valid values:
ALL|NONE FailureMode-
This field tells the service how to treat hook failures.
-
If the mode is set to
FAIL, and the hook fails, then the fail configuration stops provisioning resources. -
If the mode is set to
WARNand the hook fails, then the warn configuration allows provisioning to continue with a warning message.
Valid values:
FAIL|WARN -
Properties-
Specifies hook runtime properties. These should match the shape of the properties supported by hooks schema.
To activate a hook in your account, use the set-type-configuration operation, and specify
ALL for the TargetStack property. This operation
enables the hook’s properties that are defined in the hook’s schema
properties section.
aws cloudformation --region us-west-2 set-type-configuration \ --configuration "{\"CloudFormationConfiguration\":{\"HookConfiguration\":{\"TargetStacks\":\"ALL\",\"FailureMode\":\"FAIL\",\"Properties\":{}}}}" \ --type-arn $HOOK_TYPE_ARN
