Amazon VPC and RDS console to CloudFormation Property Mapping

A quick guide I put together for myself showing AWS Console parameters and how they map across to CloudFormation properties. This is useful if you’re moving away from using the AWS console and click-ops and starting to use CloudFormation.

Table Legend
Table text in bold – Recommended values to be set 
Table text strikethrough – Backward compatibility only (do not use for new implementations)

AWS CloudFormation Documentation
CloudFormation can and does change so refer to the following CloudFormation User guide links for latest info on EC2 and RDS properties:
EC2 – https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_EC2.html
RDS – https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_RDS.html

EC2 CLOUDFORMATION TEMPLATE 

AWS::EC2::VPC
Specifies a VPC with the specified IPv4 CIDR block. The smallest VPC you can create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16 netmask (65,536 IPv4 addresses). For more information about how large to make your VPC, see Your VPC and Subnets in the Amazon Virtual Private Cloud User Guide.

AWS Console Parameters Property Property Type

VPC name (this is a Tag)

Tags

List of Tag

IPv4 CIDR block

CidrBlock

String

Edit DNS Host Names (Actions menu dropdown)

EnableDnsHostnames

Boolean

Edit DNS Resolution (Actions menu dropdown)

EnableDnsSupport

Boolean

Tenancy[1] InstanceTenancy String
Name tag – optional Tags List of Tag

AWS::EC2::SUBNET
Specifies a subnet for a VPC. When you create each subnet, you provide the VPC ID and IPv4 CIDR block for the subnet. After you create a subnet, you can’t change its CIDR block. The size of the subnet’s IPv4 CIDR block can be the same as a VPC’s IPv4 CIDR block, or a subset of a VPC’s IPv4 CIDR block. If you create more than one subnet in a VPC, the subnets’ CIDR blocks must not overlap. The smallest IPv4 subnet (and VPC) you can create uses a /28 netmask (16 IPv4 addresses), and the largest uses a /16 netmask (65,536 IPv4 addresses).

AWS Console Parameters Property Property Type
Subnet name (this is a Tag) Tags List of Tag
VPC ID VpcID String
IPv4 CIDR block CidrBlock String
IPv6 CIDR block AssignIpv6AddressOnCreation Boolean
Availability Zone AvailabilityZone String
Modify auto-assign IP settings (Actions menu dropdown) MapPublicIpOnLaunch Boolean
Not available in AWS console OutpostArn String
Name tag – optional Tags List of Tag

AWS::EC2::RouteTable
Specifies a route table for a specified VPC. After you create a route table, you can add routes and associate the table with a subnet. For more information, see Route Tables in the Amazon Virtual Private Cloud User Guide.

AWS Console Parameters Property Property Type
Name Tag Tags List of Tag
VPC ID VpcID String

AWS::EC2::SubnetRouteTableAssociation
Associates a subnet with a route table. The subnet and route table must be in the same VPC. This association causes traffic originating from the subnet to be routed according to the routes in the route table. A route table can be associated with multiple subnets.

AWS Console Parameters Property Property Type
Route Table > Subnet Associations > Edit Subnet Associations RouteTableId String
Select subnets as required from above console location SubnetId String

AWS::EC2::InternetGateway
Allocates an internet gateway for use with a VPC. After creating the Internet gateway, you then attach it to a VPC.

AWS Console Parameters Property Property Type
Name Tag (the name of the Internet Gateway) Tags List of Tag
Name tag – optional Tags List of Tag

AWS::EC2::VPCGatewayAttachment
Attaches an internet gateway, or a virtual private gateway to a VPC, enabling connectivity between the internet and the VPC.

AWS Console Parameters Property Property Type
Internet Gateways > Attach to VPC InternetGatewayID[2] String
VPC ID VpcID String
Not available in AWS console VpnGatewayId String

AWS::EC2::ROUTE
Specifies a route in a route table within a VPC. You must specify either DestinationCidrBlock or DestinationIpv6CidrBlock, plus the ID of one of the target resources.

AWS Console Parameters Property Property Type
 Carrier Gateways   CarrierGatewayId String
Route Tables > Edit Routes > Destination   DestinationCidrBlock String
Route Tables > Edit Routes > Target   DestinationIpv6CidrBlock String
Route Tables > Edit Routes > Target   EgressOnlyInternetGatewayId String
Route Tables > Edit Routes > Target   GatewayId String
Route Tables > Edit Routes > Target   InstanceId String
Route Tables > Edit Routes > Target   LocalGatewayId String
Route Tables > Edit Routes > Target   NatGatewayId String
Route Tables > Edit Routes > Target   NetworkInterfaceId String
Route Tables > Edit Routes > Target   RouteTableId String
Route Tables > Edit Routes > Target   TransitGatewayId String
Route Tables > Edit Routes > Target   VpcEndpointId String
Route Tables > Edit Routes > Target   VpcPeeringConnectionId String

RDS CLOUDFORMATION TEMPLATE
Mapping of AWS RDS Console parameters to CloudFormation Resources – Property/Property Type. For users new to AWS note that the required VPC the DB instance resides in is not referenced directly, but is referenced through the SubnetIds property within AWS::RDS::DBSubnetGroup.

AWS Console Parameters

Property

Property Type

Name

DBSubnetGroupName

String

Description

DBSubnetGroupDescription

String

Subnets

SubnetIds

String

AWS::RDS::DBSubnetGroup
The AWS::RDS::DBSubnetGroup resource creates a database subnet group. Subnet groups must contain at least two subnets in two different Availability Zones in the same region.

AWS::RDS::DBInstance
The AWS::RDS::DBInstance resource creates an Amazon RDS DB instance.

AWS Console Parameters

Property

Property Type

Engine type

Engine

String

Engine version

EngineVersion

String

Database instance identifier[3]

DBInstanceIdentifier

String

Master username

MasterUsername

String

Auto generate a password

   

Master password

MasterUserPassword

String

DB Instance class

DBInstanceClass

String

Storage type[4]

StorageType

String

Allocated Storage (in GiB)[5]

AllocatedStorage

String

Provisioned IOPS

Iops

Integer

Enable storage autoscaling

   

Maximum storage threshold

MaxAllocatedStorage

 

Multi-AZ deployment

MultiAZ

Boolean

VPC

   

DB Subnet group<[6]

DBSubnetGroupName

String

DB Security Group[7]

DBSecurityGroups

String

Public access

PubliclyAccessible

Boolean

VPC security group

VPCSecurityGroups

String

Availability Zone

AvailabilityZone

String

Database port

Port

String

Initial database name[8]

DBName

String

DB parameter group – default.mariadb10.4

DBParameterGroupName

String

Option group – default:mariadb-10-4

OptionGroupName

String

Backup – Enable automatic backups

   

Backup retention period

BackupRetentionPeriod

Integer

Backup window[9]

PreferredBackupWindow

String

Copy tags to snapshots

CopyTagsToSnapshot

Boolean

Enable encryption

StorageEncrypted

Boolean

Encryption master key (default is aws/rds)

KmsKeyId

String

Enable Performance Insights

   

Performance Insights – Retention period

PerformanceInsightsRetentionPeriod

Integer

Performance Insights – Master key

PerformanceInsightsKMSKeyId

String

Enable Enhanced monitoring[10]

   

Monitoring Granularity[11]

MonitoringInterval

Integer

Monitoring Role

MonitoringRoleArn

String

[1] The allowed tenancy of instances launched into the VPC. “default”: An instance launched into the VPC runs on shared hardware by default, unless you explicitly specify a different tenancy during instance launch. “dedicated”: An instance launched into the VPC is a Dedicated Instance by default, unless you explicitly specify a tenancy of host during instance launch. You cannot specify a tenancy of default during instance launch. Allowed values: dedicated | default | host

[2] You must specify either InternetGatewayId or VpnGatewayId, but not both.

[3] Note – This is not the name of the database, but the name of the Database instance

[4] Valid values: standard | gp2 | io1. The standard value is also known as magnetic. If you specify io1, you must also include a value for the Iops parameter. Default: io1 if the Iops parameter is specified, otherwise standard

[5] Constraints to the amount of storage for each storage type are the following – General Purpose (SSD) storage (gp2): Must be an integer from 20 to 65536. Provisioned IOPS storage (io1): Must be an integer from 100 to 65536. Magnetic storage (standard): Must be an integer from 5 to 3072.

[6] A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new VPC. If there’s no DB subnet group, then the DB instance isn’t a VPC DB instance.

[7] The DBSecurityGroups property exists only for backwards compatibility with older regions and is no longer recommended for providing security information to an RDS DB instance. Instead, use VPCSecurityGroups.

[8] The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance.

[9] Must be in the format hh24:mi-hh24:mi. Must be in Universal Coordinated Time (UTC). Must not conflict with the preferred maintenance window. Must be at least 30 minutes.

[10] agent on RDS instance rather than hypervisor, stored in CloudWatch logs $0.50/GB (us-east-1 pricing)

[11] If MonitoringRoleArn is specified, then you must also set MonitoringInterval to a value other than 0. Valid Values: 0, 1, 5, 10, 15, 30, 60.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.