Import
The Import
declaration is used to create a cross-module reference. By default, these references are resolved by CloudFormation at deployment time. However, they can also be redirected to a different module or be given a specific value instead. This capability allows for a default behavior that is mostly convenient, while enabling modules to be re-wired to import values from other modules, or to be given specific values for testing or legacy purposes.
Syntax
Import: String
Module: String
Description: String
Scope: ScopeDefinition
Type: String
Allow: AllowDefinition
EncryptionContext:
Key-Value Mapping
Properties
Allow
-
The
Allow
attribute can be either a comma-separated, single string value, or a list of string values. String values that contain a colon (:
) are interpreted as IAM permission and used as is (e.g.dynamodb:GetItem
,s3:GetObject*
, etc.). Otherwise, the value is interpreted as a LambdaSharp shorthand (see LambdaSharp Shorthand by Resource Type). Both notations can be used simultaneously within a singleAllow
section. Duplicate IAM permissions, after LambdaSharp shorthand resolution, are removed.Required: No
Type: Either String or List of String
Description
-
The
Description
attribute specifies the import parameter description. The description is shown as part of the module's exported values when theScope
includesstack
orpublic
.Required: No
Type: String
EncryptionContext
-
The
EncryptionContext
section is an optional mapping of key-value pairs used for decrypting a variable of typeSecret
. For all other types, specifyingEncryptionContext
will produce a compilation error.Required: No
Type: Key-Value Pair Mapping
Import
-
The
Import
attribute specifies the import parameter name. The name must start with a letter and followed only by letters or digits. Punctuation marks are not allowed. All names are case-sensitive.Required: Yes
Type: String
Module
-
The
Module
attribute specifies the name of the module from which to import the value from. The name of imported value can optionally be specified by appending it to the module reference, separated by a double-colon (::
). For example,Other.Module::Some::Variable
imports theSome::Variable
value from theOther.Module
module. When omitted, the value of theattribute is used instead. Note that the module reference cannot have a version or source bucket specification.
Required: Yes
Type: String
Scope
-
The
Scope
attribute specifies which functions need to have access to this item. TheScope
attribute can be a comma-separated list or a YAML list of function names. If all functions need the item, thenall
can be used as a wildcard. In addition,public
can be used to export the item from the module. Alternatively,stack
can be used to make the item available only in a nested stack.Required: No
Type: Comma-delimited String or List of String
Type
-
The
Type
attribute identifies the AWS resource type that is being imported. For example,AWS::SNS::Topic
declares an SNS topic. For a list of all resource types, see AWS Resource Types Reference. When omitted, the type isString
. Encrypted values must have typeSecret
and can optionally specify anEncryptionContext
section. These values can be shared as is, or decrypted, when using the::Plaintext
suffix on the full name.For example, the decrypted value of a variable called
Password
with typeSecret
can be accessed by using!Ref Password::Plaintext
.Required: Conditional. The
Type
attribute is required for new resources and when using the LambdaSharp shorthand notation in theAllow
attribute. TheType
attribute can be omitted for referenced resources that only list native IAM permissions in theirAllow
attribute.Type: String
Examples
Import a public module value
- Import: ImportedMessageTitle
Module: My.OtherModule
Description: Imported title for messages
Type: String
Import a public module value with a custom name and associate IAM permissions
- Import: ImportedTopic
Module: My.OtherModule::Topic
Description: Topic ARN for sending notifications
Type: AWS::SNS::Topic
Allow: Publish