AWS::AppConfig::ConfigurationProfile
The AWS::AppConfig::ConfigurationProfile resource creates a configuration
profile that enables AWS AppConfig to access the configuration source. Valid
configuration sources include AWS Systems Manager (SSM) documents, SSM Parameter Store
parameters, and Amazon S3. A configuration profile includes the following
information.
-
The Uri location of the configuration data.
-
The AWS Identity and Access Management (IAM) role that provides access to the configuration data.
-
A validator for the configuration data. Available validators include either a JSON Schema or the Amazon Resource Name (ARN) of an AWS Lambda function.
AWS AppConfig requires that you create resources and deploy a configuration in the following order:
-
Create an application
-
Create an environment
-
Create a configuration profile
-
Choose a pre-defined deployment strategy or create your own
-
Deploy the configuration
For more information, see AWS AppConfig in the AWS AppConfig User Guide.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::AppConfig::ConfigurationProfile", "Properties" : { "ApplicationId" :String, "Description" :String, "KmsKeyIdentifier" :String, "LocationUri" :String, "Name" :String, "RetrievalRoleArn" :String, "Tags" :[ Tags, ... ], "Type" :String, "Validators" :[ Validators, ... ]} }
YAML
Type: AWS::AppConfig::ConfigurationProfile Properties: ApplicationId:StringDescription:StringKmsKeyIdentifier:StringLocationUri:StringName:StringRetrievalRoleArn:StringTags:- TagsType:StringValidators:- Validators
Properties
ApplicationId-
The application ID.
Required: Yes
Type: String
Pattern:
[a-z0-9]{4,7}Update requires: Replacement
Description-
A description of the configuration profile.
Required: No
Type: String
Minimum:
0Maximum:
1024Update requires: No interruption
KmsKeyIdentifier-
The AWS Key Management Service key identifier (key ID, key alias, or key ARN) provided when the resource was created or updated.
Required: No
Type: String
Pattern:
^[\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12}|alias/[a-zA-Z0-9/_-]{1,250}|arn:aws[a-zA-Z-]*:kms:[a-z]{2}(-gov|-iso(b?))?-[a-z]+-\d{1}:\d{12}:(key/[0-9a-f-]{36}|alias/[a-zA-Z0-9/_-]{1,250})$Update requires: No interruption
LocationUri-
A URI to locate the configuration. You can specify the following:
-
For the AWS AppConfig hosted configuration store and for feature flags, specify
hosted. -
For an AWS Systems Manager Parameter Store parameter, specify either the parameter name in the format
ssm-parameter://<parameter name>or the ARN. -
For an AWS CodePipeline pipeline, specify the URI in the following format:
codepipeline://<pipeline name>. -
For an AWS Secrets Manager secret, specify the URI in the following format:
secretsmanager://<secret name>. -
For an Amazon S3 object, specify the URI in the following format:
s3://<bucket>/<objectKey>. Here is an example:s3://amzn-s3-demo-bucket/my-app/us-east-1/my-config.json -
For an SSM document, specify either the document name in the format
ssm-document://<document name>or the Amazon Resource Name (ARN).
Required: Yes
Type: String
Minimum:
1Maximum:
2048Update requires: Replacement
-
Name-
A name for the configuration profile.
Required: Yes
Type: String
Minimum:
1Maximum:
128Update requires: No interruption
RetrievalRoleArn-
The ARN of an IAM role with permission to access the configuration at the specified
LocationUri.Important
A retrieval role ARN is not required for configurations stored in the AWS AppConfig hosted configuration store. It is required for all other sources that store your configuration.
Required: No
Type: String
Pattern:
^((arn):(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):(iam)::\d{12}:role[/].*)$Minimum:
20Maximum:
2048Update requires: No interruption
-
Metadata to assign to the configuration profile. Tags help organize and categorize your AWS AppConfig resources. Each tag consists of a key and an optional value, both of which you define.
Required: No
Update requires: No interruption
Type-
The type of configurations contained in the profile. AWS AppConfig supports
feature flagsandfreeformconfigurations. We recommend you create feature flag configurations to enable or disable new features and freeform configurations to distribute configurations to an application. When calling this API, enter one of the following values forType:AWS.AppConfig.FeatureFlagsAWS.FreeformRequired: No
Type: String
Pattern:
^[a-zA-Z\.]+Update requires: Replacement
Validators-
A list of methods for validating the configuration.
Required: No
Type: Array of Validators
Maximum:
2Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the configuration profile ID.
Fn::GetAtt
ConfigurationProfileId-
The configuration profile ID.
KmsKeyArn-
The Amazon Resource Name of the AWS Key Management Service key to encrypt new configuration data versions in the AWS AppConfig hosted configuration store. This attribute is only used for
hostedconfiguration types. To encrypt data managed in other configuration stores, see the documentation for how to specify an AWS KMS key for that particular service.
Examples
AWS AppConfig feature flag
The following example creates an AWS AppConfig configuration profile of type
HostedConfigurationVersion. The feature flag created by this example
enables cryptocurrency at checkout. AWS AppConfig stores the configuration data
for this profile in the AWS AppConfig hosted configuration store.
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Transform": "AWS::LanguageExtensions", "Resources": { "MySuperCoolApp": { "Type": "AWS::AppConfig::Application", "Properties": { "Name": "MySuperCoolApp" } }, "MyFeatureFlags": { "Type": "AWS::AppConfig::ConfigurationProfile", "Properties": { "Name": "MyFeatureFlags", "ApplicationId": "MySuperCoolApp", "LocationUri": "hosted", "Type": "AWS.AppConfig.FeatureFlags" } }, "MyFeatureFlagsVersion": { "Type": "AWS::AppConfig::HostedConfigurationVersion", "Properties": { "ApplicationId": "MySuperCoolApp", "ConfigurationProfileId": "MyFeatureFlags", "ContentType": "application/json", "VersionLabel": "v1.0.0", "Content": { "Fn::ToJsonString": { "flags": { "allow-cryptocurrency-at-checkout": { "attributes": { "allowed-currency": { "constraints": { "elements": { "enum": [ "BTC", "ETH", "XRP" ], "type": "string" }, "type": "array" } }, "bitcoin-discount-percentage": { "constraints": { "maximum": 25, "minimum": 0, "type": "number" } } }, "name": "Allow Cryptocurrency at Checkout" } }, "values": { "allow-cryptocurrency-at-checkout": { "allowed-currency": [ "BTC", "ETH" ], "bitcoin-discount-percentage": 5, "enabled": true } }, "version": "1" } } } } } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Transform: 'AWS::LanguageExtensions' Resources: MySuperCoolApp: Type: 'AWS::AppConfig::Application' Properties: Name: MySuperCoolApp MyFeatureFlags: Type: 'AWS::AppConfig::ConfigurationProfile' Properties: Name: MyFeatureFlags ApplicationId: !Ref MySuperCoolApp LocationUri: hosted Type: AWS.AppConfig.FeatureFlags MyFeatureFlagsVersion: Type: 'AWS::AppConfig::HostedConfigurationVersion' Properties: ApplicationId: !Ref MySuperCoolApp ConfigurationProfileId: !Ref MyFeatureFlags ContentType: application/json VersionLabel: "v1.0.0" Content: Fn::ToJsonString: flags: allow-cryptocurrency-at-checkout: attributes: allowed-currency: constraints: elements: enum: - BTC - ETH - XRP type: string type: array bitcoin-discount-percentage: constraints: maximum: 25 minimum: 0 type: number name: Allow Cryptocurrency at Checkout values: allow-cryptocurrency-at-checkout: allowed-currency: - BTC - ETH bitcoin-discount-percentage: 5 enabled: true version: '1'
AWS AppConfig configuration profile example - AWS CodePipeline
The following examples creates an AWS AppConfig configuration profile named
MyTestConfigurationProfile. A configuration profile includes source information for
accessing your configuration data. A configuration profile can also include optional
validators to ensure your configuration data is syntactically and semantically correct.
The following configuration profile example uses the specified LocationUri to
retrieve configuration data from AWS CodePipeline.
JSON
{ "Resources": { "CodePipelineConfigurationProfile": { "Type": "AWS::AppConfig::ConfigurationProfile", "DependsOn": "MyTestApplication", "Properties": { "ApplicationId": "MyTestApplication", "Name": "MyTestConfigurationProfile", "Description": "My test configuration profile", "LocationUri": "codepipeline://YourPipelineName", "Validators": [ { "Type": "LAMBDA", "Content": "MyLambdaValidator" } ], "Tags": [ { "Key": "Env", "Value": "test" } ] } } } }
YAML
Resources: CodePipelineConfigurationProfile: Type: AWS::AppConfig::ConfigurationProfile Properties: ApplicationId: !Ref MyTestApplication Name: "MyTestConfigurationProfile" Description: "My test configuration profile" LocationUri: "codepipeline://YourPipelineName" Validators: - Type: LAMBDA Content: !ImportValue MyLambdaValidator Tags: - Key: Env Value: test
AWS AppConfig configuration profile example - Parameter Store
The following examples creates an AWS AppConfig configuration profile named
MyTestConfigurationProfile. A configuration profile includes source information for
accessing your configuration data. A configuration profile can also include optional
validators to ensure your configuration data is syntactically and semantically correct.
The following configuration profile example uses the specified
RetrievalRoleArn and LocationUri to retrieve configuration
data from an SSM parameter.
JSON
{ "Type": "AWS::AppConfig::ConfigurationProfile", "DependsOn": "MyTestApplication", "Properties": { "ApplicationId": { "Ref": "MyTestApplication" }, "Name": "MyTestConfigurationProfile", "Description": "My test configuration profile", "RetrievalRoleArn": { "Fn::ImportValue": "ConfigurationRetrievalAndMonitoringRole" }, "LocationUri": { "Fn::Sub": [ "ssm-parameter://${ParameterName}", { "ParameterName": { "Fn::ImportValue": "SSMParameter" } } ] }, "Validators": [ { "Type": "LAMBDA", "Content": { "Fn::ImportValue": "MyLambdaValidator" } } ], "Tags": [ { "Key": "Env", "Value": "Test" } ] } }
YAML
Resources: BasicConfigurationProfile: Type: AWS::AppConfig::ConfigurationProfile Properties: ApplicationId: !Ref MyTestApplication Name: "MyTestConfigurationProfile" Description: "My test configuration profile" RetrievalRoleArn: !ImportValue ConfigurationRetrievalAndMonitoringRole LocationUri: Fn::Sub: - "ssm-parameter://${ParameterName}" - ParameterName: !ImportValue SSMParameter Validators: - Type: LAMBDA Content: !ImportValue MyLambdaValidator Tags: - Key: Env Value: test
See also
