Import Definition

The Import definition is used to create a cross-module reference. By default, these references are resolved by CloudFormation at deployment time. However, they can also be redirected to a different module or be given a specific value instead. This capability allows for a default behavior that is mostly convenient, while enabling modules to be re-wired to import values from other modules, or to be given specific values for testing or legacy purposes.

Syntax

Import: String
Module: String
Description: String
Scope: ScopeDefinition
Type: String
Allow: AllowDefinition
EncryptionContext:
  Key-Value Mapping

Properties

Allow

The Allow attribute can be either a comma-separated, single string value, or a list of string values. String values that contain a colon (:) are interpreted as IAM permission and used as is (e.g. dynamodb:GetItem, s3:GetObject*, etc.). Otherwise, the value is interpreted as a LambdaSharp shorthand (see LambdaSharp Shorthand by Resource Type). Both notations can be used simultaneously within a single Allow section. Duplicate IAM permissions, after LambdaSharp shorthand resolution, are removed.

Required: No

Type: Either String or List of String

Description

The Description attribute specifies the import parameter description. The description is shown as part of the module's exported values when the Scope includes public.

Required: No

Type: String

EncryptionContext

The EncryptionContext section is an optional mapping of key-value pairs used for decrypting a variable of type Secret. For all other types, specifying EncryptionContext will produce a compilation error.

Required: No

Type: Key-Value Pair Mapping

Import

The Import attribute specifies the import parameter name. The name must start with a letter and followed only by letters or digits. Punctuation marks are not allowed. All names are case-sensitive.

Required: Yes

Type: String

Module

The Module attribute specifies the name of the module from which to import the value from. The name of imported value can optionally be specified by appending it to the module reference, separated by a double-colon (::). For example, Other.Module::Some::Variable imports the Some::Variable value from the Other.Module module. When omitted, the value of the attribute is used instead. Note that the module reference cannot have a version or source bucket specification.

Required: Yes

Type: String

Scope

The Scope attribute specifies which functions need to have access to this item. The Scope attribute can be a comma-separated list or a YAML list of function names. If all function need the item, then all can be used as a wildcard. In addition, the public can be used to export the item from the module.

Required: No

Type: Comma-delimited String or List of String

Type

The Type attribute identifies the AWS resource type that is being imported. For example, AWS::SNS::Topic declares an SNS topic. For a list of all resource types, see AWS Resource Types Reference. When omitted, the type is String. Encrypted values must have type Secret and can optionally specify an EncryptionContext section. These values can be shared as is, or decrypted, when using the ::Plaintext suffix on the their full name.

For example, the decrypted value of a variable called Password with type Secret can be accessed by using !Ref Password::Plaintext.

Required: Conditional. The Type attribute is required for new resources and when using the LambdaSharp shorthand notation in the Allow attribute. The Type attribute can be omitted for referenced resources that only list native IAM permissions in their Allow attribute.

Type: String

Examples

Import a module

- Import: ImportedMessageTitle
  Module: My.OtherModule::MessageTitle
  Description: Imported title for messages
  Type: String

Import a module output and associate IAM permissions

- Import: ImportedTopic
  Module: My.OtherModule::Topic
  Description: Topic ARN for sending notifications
  Type: AWS::SNS::Topic
  Allow: Publish