How can I reference a resource in another stack from an AWS CloudFormation template?

Last updated: 2019-07-23

How can I reference a resource in another AWS CloudFormation stack when I create a template?

Short Description

The following resolution provides an example of one method to create a cross-stack reference. For additional instructions, see Walkthrough: Refer to Resource Outputs in Another AWS CloudFormation Stack.

Note: To reference a resource in another AWS CloudFormation stack, you must create cross-stack references. To create a cross-stack reference, use the export field to flag the value of a resource output for export. Then, use the Fn::ImportValue intrinsic function to import the value in any stack within the same Region and account. Exported values are identified by the names specified in the template. These names must be unique to your Region and account.

Resolution

The following steps show how to create an AWS CloudFormation stack named NetworkStack. This stack creates network-related resources and exports named ${AWS::StackName}-SecurityGroupID and ${AWS::StackName}-SubnetID. The ${AWS::StackName} is replaced by NetworkStack after stack creation. The final export names are NetworkStack-SecurityGroupID and NetworkStack-SubnetID.

Create a stack to export output values

1.    Create an AWS CloudFormation stack using this template.

2.    Name the stack NetworkStack.

Note: NetworkStack exports the subnet and security group values.

Create an EC2 instance using an imported subnet and security group

1.    Open the AWS CloudFormation console.

2.    Choose Create Stack, and then choose Design template.

3.    In the Parameters tab of the code editor, choose Template.

4.    Copy and paste the following template into the code editor, and then update the template with appropriate values for InstanceType and ImageId.

{
  "Parameters": {
    "NetworkStackParameter": {
      "Type": "String"
    }
  },
  "Resources": {
    "WebServerInstance": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "InstanceType": "t2.micro",
        "ImageId": "ami-a1b23456",
        "NetworkInterfaces": [
          {
            "GroupSet": [
              {
                "Fn::ImportValue": {
                  "Fn::Sub": "${NetworkStackParameter}-SecurityGroupID"
                }
              }
            ],
            "AssociatePublicIpAddress": "true",
            "DeviceIndex": "0",
            "DeleteOnTermination": "true",
            "SubnetId": {
              "Fn::ImportValue": {
                "Fn::Sub": "${NetworkStackParameter}-SubnetID"
              }
            }
          }
        ]
      }
    }
  }
}

Important: In the template in step 4, use the NetworkStack resource stack as the value for NetworkStackParameter. The NetworkStack value replaces the correct stack name in the corresponding Fn::ImportValue functions.

Note: For examples of import and export templates, see Fn::ImportValue.

5.    Choose the Create stack icon, and then choose Next.

6.    For Stack name, enter a name for your stack.

7.    For Parameters, enter the network stack name (NetworkStack) that you want to cross-reference.

8.    Choose Next, choose Next again, and then choose Create.

9.    After the stack creation is complete, open the Amazon EC2 console.

10.    In the navigation pane, choose Instances, and then choose the instance that you created with the template in step 4.

11.    Choose the Description view, and then verify that the security group and subnet are configured.

Important: You can't delete the source stack or the source stack's export values, while another stack is importing these values. To update the source stack's export values, manually replace the actual values in the stacks that are importing the source stack's export values. Then, you can update the export values of the source stack.

To list all stacks that are importing an exported output value, run the list-imports command. To list all exports in an AWS Region, use the AWS CloudFormation console or run the list-exports command. The export name must be unique for the account per AWS Region.


Did this article help you?

Anything we could improve?


Need more help?