AWS CloudFormation Community Registry Extensions
This repository hosts registry extensions
that are published under the AwsCommunity:: namespace in AWS CloudFormation.
The CloudFormation Registry allows customers to create public and private
resources
types,
modules,
and
hooks.
Modules are authored as templates in either JSON or YAML. Resource types can be authored in Java, Go, Python, or Typescript, using the
CloudFormation Command Line Interface (CFN
CLI)
for project setup and testing.
Discord
Join us on Discord! Connect & interact with CloudFormation developers & experts, find channels to discuss the CloudFormation registry, StackSets, cfn-lint, Guard and more:
How to use these extensions
Log in to your AWS account and go to the CloudFormation console. Under Registry
in the menu, select Public extensions. Search under Third Party publishers for
the AwsCommunity:: namespace. These extensions can be used from any template
you author in a region where they are available and activated. Unlike public
extensions under the AWS:: namespace, each of these community extensions must
first be activated using the instructions
here.
Catalog of community extensions
| Name | Type | Version | Description |
|---|---|---|---|
| AwsCommunity::Account::AlternateContact | Resource | Prod | An alternate contact attached to an Amazon Web Services account |
| AwsCommunity::ApplicationAutoscaling::ScheduledAction | Resource | Prod | Application Autoscaling Scheduled Action |
| AwsCommunity::AppSync::BreakingChangeDetection | Hook | Prod | Detect breaking changes to appsync schemas |
| AwsCommunity::CloudFront::LoggingEnabled | Hook | Alpha | Validate that a CloudFront distribution has logging enabled |
| AwsCommunity::CloudFront::S3Website::MODULE | Module | Prod | CloudFront backed by an S3 bucket with Route53 integration |
| AwsCommunity::DynamoDB::Item | Resource | Prod | Manage the lifecycle of items in a DynamoDB table |
| AwsCommunity::EC2::SecurityGroupRestrictedSSH | Hook | Prod | Restrict SSH traffic from 0.0.0.0/0 |
| AwsCommunity::KMS::EncryptionSettings | Hook | Prod | Validates AWS KMS encryption-related, user-provided configuration settings for a number of AWS resources |
| AwsCommunity::Resource::Lookup | Resource | Prod | Uses AWS Cloud Control API to lookup a resource of a given type (such as, AWS::EC2::VPC) |
| AwsCommunity::S3::Bucket::MODULE | Module | Prod | Create a standard S3 bucket |
| AwsCommunity::SSM::ResizeVolume::MODULE | Module | Prod | Create AWS SSM document to resize EBS volume and grow the filesystem on them |
| AwsCommunity::IotAnalytics::Pipeline::MODULE | Module | Prod | Create an IOT analytics pipeline |
| AwsCommunity::S3::BucketAccessControlsRestricted | Hook | Prod | Validates S3 Bucket is configured to block public access |
| AwsCommunity::S3::BucketNotification | Resource | Alpha | Configure bucket notifications |
| AwsCommunity::S3::BucketVersioningEnabled | Hook | Prod | Validate that an AWS::S3::Bucket has versioning enabled |
| AwsCommunity::S3::DeleteBucketContents | Resource | Prod | Delete all objects in a bucket |
| AwsCommunity::Time::Offset | Resource | Prod | Creates a time based resource with an offset from the provided time or now |
| AwsCommunity::Time::Sleep | Resource | Prod | Sleep a provided number of seconds between create, update, or delete operations. |
| AwsCommunity::Time::Static | Resource | Prod | Creates a static time stamp |
Contributing
See the contributer guide: ./CONTRIBUTING.md
Also check out how our release process works here: ./RELEASE.md
Related Repositories
CloudFormation CLI and language plugins
The CloudFormation CLI (cfn), not to be confused with the aws cloudformation commands, is used to initialize, build, test, and publish
registry extensions.
https://github.com/aws-cloudformation/cloudformation-cli
https://github.com/aws-cloudformation/cloudformation-cli-python-plugin
https://github.com/aws-cloudformation/cloudformation-cli-typescript-plugin
https://github.com/aws-cloudformation/cloudformation-cli-go-plugin
https://github.com/aws-cloudformation/cloudformation-cli-java-plugin
cfn-lint
The CloudFormation linter is an indespensible tool for developing templates. It does static analysis on your template to make sure it's valid before submitting it, which saves a lot of wasted time waiting for the service to tell you the same thing.
https://github.com/aws-cloudformation/cfn-lint
rain
Rain is what happens when you have cloud formations... Rain is a CLI helper for
CloudFormation that makes it a lot easier to author and deploy stacks. Instead
of needing to string together aws cloudformation commands to check the status
of a stack before either creating or updating, rain does all of this with a
simple deploy command.
https://github.com/aws-cloudformation/rain
3p resources
These third party resources are also published from our publisher account using the release process in this repo.
https://github.com/aws-ia/cloudformation-okta-resource-providers
https://github.com/aws-ia/cloudformation-github-resource-providers
https://github.com/aws-ia/cloudformation-rollbar-resource-providers
https://github.com/aws-ia/cloudformation-fastly-resource-providers
https://github.com/aws-ia/cloudformation-cloudflare-resource-providers
https://github.com/aws-ia/cloudformation-snowflake-resource-providers
https://github.com/aws-ia/cloudformation-pagerduty-resource-providers
https://github.com/aws-ia/cloudformation-gitlab-resource-providers
https://github.com/aws-ia/cloudformation-dynatrace-resource-providers
https://github.com/aws-ia/cloudformation-bigid-resource-providers
cdk-import
Generates CDK constructs from external sources such as public CloudFormation Registry types and modules (L1s) as well as AWS Service Catalog product versions.
https://github.com/cdklabs/cdk-import
cdk-cloudformation
A collection of L1 constructs created with cdk-import, based on registry resource types.
https://github.com/cdklabs/cdk-cloudformation
Publishing packages
(Note that we decided to move these out to a separate repo, so they won't be here much longer)
We publish our python packages in packages/ to pypi. When we publish a release a workflow is triggered to do the publishing. See the CD.yml workflows here
For cfn-guard-rs we tag the release with cfn-guard-rs-vX.X.X
For cfn-guard-rs-hook we tag the release with cfn-guard-rs-hook-vX.X.X
Maintainers
