Import
The Import declaration is used to create a cross-module reference. By default, these references are resolved by CloudFormation at deployment time. However, they can also be redirected to a different module or be given a specific value instead. This capability allows for a default behavior that is mostly convenient, while enabling modules to be re-wired to import values from other modules, or to be given specific values for testing or legacy purposes.
Syntax
Import: String
Module: String
Description: String
Scope: ScopeDefinition
Type: String
Allow: AllowDefinition
EncryptionContext:
Key-Value Mapping
Properties
Allow-
The
Allowattribute can be either a comma-separated, single string value, or a list of string values. String values that contain a colon (:) are interpreted as IAM permission and used as is (e.g.dynamodb:GetItem,s3:GetObject*, etc.). Otherwise, the value is interpreted as a LambdaSharp shorthand (see LambdaSharp Shorthand by Resource Type). Both notations can be used simultaneously within a singleAllowsection. Duplicate IAM permissions, after LambdaSharp shorthand resolution, are removed.Required: No
Type: Either String or List of String
Description-
The
Descriptionattribute specifies the import parameter description. The description is shown as part of the module's exported values when theScopeincludesstackorpublic.Required: No
Type: String
EncryptionContext-
The
EncryptionContextsection is an optional mapping of key-value pairs used for decrypting a variable of typeSecret. For all other types, specifyingEncryptionContextwill produce a compilation error.Required: No
Type: Key-Value Pair Mapping
Import-
The
Importattribute specifies the import parameter name. The name must start with a letter and followed only by letters or digits. Punctuation marks are not allowed. All names are case-sensitive.Required: Yes
Type: String
Module-
The
Moduleattribute specifies the name of the module from which to import the value from. The name of imported value can optionally be specified by appending it to the module reference, separated by a double-colon (::). For example,Other.Module::Some::Variableimports theSome::Variablevalue from theOther.Modulemodule. When omitted, the value of theattribute is used instead. Note that the module reference cannot have a version or source bucket specification.Required: Yes
Type: String
Scope-
The
Scopeattribute specifies which functions need to have access to this item. TheScopeattribute can be a comma-separated list or a YAML list of function names. If all functions need the item, thenallcan be used as a wildcard. In addition,publiccan be used to export the item from the module. Alternatively,stackcan be used to make the item available only in a nested stack.Required: No
Type: Comma-delimited String or List of String
Type-
The
Typeattribute identifies the AWS resource type that is being imported. For example,AWS::SNS::Topicdeclares an SNS topic. For a list of all resource types, see AWS Resource Types Reference. When omitted, the type isString. Encrypted values must have typeSecretand can optionally specify anEncryptionContextsection. These values can be shared as is, or decrypted, when using the::Plaintextsuffix on the full name.For example, the decrypted value of a variable called
Passwordwith typeSecretcan be accessed by using!Ref Password::Plaintext.Required: Conditional. The
Typeattribute is required for new resources and when using the LambdaSharp shorthand notation in theAllowattribute. TheTypeattribute can be omitted for referenced resources that only list native IAM permissions in theirAllowattribute.Type: String
Examples
Import a public module value
- Import: ImportedMessageTitle
Module: My.OtherModule
Description: Imported title for messages
Type: String
Import a public module value with a custom name and associate IAM permissions
- Import: ImportedTopic
Module: My.OtherModule::Topic
Description: Topic ARN for sending notifications
Type: AWS::SNS::Topic
Allow: Publish