CloudFormation Resource Attributes Reference
Search AWS CloudFormation resource types and the attributes available through Fn::GetAtt for each resource.
Generated CloudFormation attribute data
Generated from the AWS CloudFormation resource specification for searchable Fn::GetAtt lookups.
200 of 1,572 matching rows shown
| Resource type | GetAtt attributes |
|---|---|
AWS::ACMPCA::Certificate | Arn, Certificate |
AWS::ACMPCA::CertificateAuthority | Arn, CertificateSigningRequest |
AWS::ACMPCA::CertificateAuthorityActivation | CompleteCertificateChain |
AWS::ACMPCA::Permission | No attributes |
AWS::AIOps::InvestigationGroup | Arn, CreatedAt, CreatedBy, LastModifiedAt, LastModifiedBy |
AWS::APS::AnomalyDetector | Arn |
AWS::APS::ResourcePolicy | No attributes |
AWS::APS::RuleGroupsNamespace | Arn |
AWS::APS::Scraper | Arn, RoleArn, ScraperId |
AWS::APS::Workspace | Arn, PrometheusEndpoint, WorkspaceId |
AWS::ARCRegionSwitch::Plan | Arn, Owner, PlanHealthChecks, Version |
AWS::ARCZonalShift::AutoshiftObserverNotificationStatus | AccountId, Region |
AWS::ARCZonalShift::ZonalAutoshiftConfiguration | No attributes |
AWS::AccessAnalyzer::Analyzer | Arn |
AWS::AmazonMQ::Broker | AmqpEndpoints, Arn, ConfigurationId, ConfigurationRevision, ConsoleURLs, EngineVersionCurrent, Id, IpAddresses, MqttEndpoints, OpenWireEndpoints, StompEndpoints, WssEndpoints |
AWS::AmazonMQ::Configuration | Arn, Id, Revision |
AWS::AmazonMQ::ConfigurationAssociation | Id |
AWS::Amplify::App | AppId, AppName, Arn, DefaultDomain |
AWS::Amplify::Branch | Arn, BranchName |
AWS::Amplify::Domain | Arn, AutoSubDomainCreationPatterns, AutoSubDomainIAMRole, Certificate, Certificate.CertificateArn, Certificate.CertificateType, Certificate.CertificateVerificationDNSRecord, CertificateRecord, DomainName, DomainStatus, EnableAutoSubDomain, StatusReason, UpdateStatus |
AWS::AmplifyUIBuilder::Component | CreatedAt, Id, ModifiedAt |
AWS::AmplifyUIBuilder::Form | Id |
AWS::AmplifyUIBuilder::Theme | CreatedAt, Id, ModifiedAt |
AWS::ApiGateway::Account | Id |
AWS::ApiGateway::ApiKey | APIKeyId |
AWS::ApiGateway::Authorizer | AuthorizerId |
AWS::ApiGateway::BasePathMapping | No attributes |
AWS::ApiGateway::BasePathMappingV2 | BasePathMappingArn |
AWS::ApiGateway::ClientCertificate | ClientCertificateId |
AWS::ApiGateway::Deployment | DeploymentId |
AWS::ApiGateway::DocumentationPart | DocumentationPartId |
AWS::ApiGateway::DocumentationVersion | No attributes |
AWS::ApiGateway::DomainName | DistributionDomainName, DistributionHostedZoneId, DomainNameArn, RegionalDomainName, RegionalHostedZoneId |
AWS::ApiGateway::DomainNameAccessAssociation | DomainNameAccessAssociationArn |
AWS::ApiGateway::DomainNameV2 | DomainNameArn, DomainNameId |
AWS::ApiGateway::GatewayResponse | Id |
AWS::ApiGateway::Method | No attributes |
AWS::ApiGateway::Model | No attributes |
AWS::ApiGateway::RequestValidator | RequestValidatorId |
AWS::ApiGateway::Resource | ResourceId |
AWS::ApiGateway::RestApi | RestApiId, RootResourceId |
AWS::ApiGateway::Stage | No attributes |
AWS::ApiGateway::UsagePlan | Id |
AWS::ApiGateway::UsagePlanKey | Id |
AWS::ApiGateway::VpcLink | VpcLinkId |
AWS::ApiGatewayV2::Api | ApiEndpoint, ApiId |
AWS::ApiGatewayV2::ApiGatewayManagedOverrides | No attributes |
AWS::ApiGatewayV2::ApiMapping | ApiMappingId |
AWS::ApiGatewayV2::Authorizer | AuthorizerId |
AWS::ApiGatewayV2::Deployment | DeploymentId |
AWS::ApiGatewayV2::DomainName | DomainNameArn, RegionalDomainName, RegionalHostedZoneId |
AWS::ApiGatewayV2::Integration | IntegrationId |
AWS::ApiGatewayV2::IntegrationResponse | IntegrationResponseId |
AWS::ApiGatewayV2::Model | ModelId |
AWS::ApiGatewayV2::Route | RouteId |
AWS::ApiGatewayV2::RouteResponse | RouteResponseId |
AWS::ApiGatewayV2::RoutingRule | RoutingRuleArn, RoutingRuleId |
AWS::ApiGatewayV2::Stage | No attributes |
AWS::ApiGatewayV2::VpcLink | VpcLinkId |
AWS::AppConfig::Application | ApplicationId |
AWS::AppConfig::ConfigurationProfile | ConfigurationProfileId, KmsKeyArn |
AWS::AppConfig::Deployment | DeploymentNumber, State |
AWS::AppConfig::DeploymentStrategy | Id |
AWS::AppConfig::Environment | EnvironmentId |
AWS::AppConfig::Extension | Arn, Id, VersionNumber |
AWS::AppConfig::ExtensionAssociation | Arn, ExtensionArn, Id, ResourceArn |
AWS::AppConfig::HostedConfigurationVersion | VersionNumber |
AWS::AppFlow::Connector | ConnectorArn |
AWS::AppFlow::ConnectorProfile | ConnectorProfileArn, CredentialsArn |
AWS::AppFlow::Flow | FlowArn |
AWS::AppIntegrations::Application | ApplicationArn, Id |
AWS::AppIntegrations::DataIntegration | DataIntegrationArn, Id |
AWS::AppIntegrations::EventIntegration | EventIntegrationArn |
AWS::AppMesh::GatewayRoute | Arn, GatewayRouteName, MeshName, MeshOwner, ResourceOwner, Uid, VirtualGatewayName |
AWS::AppMesh::Mesh | Arn, MeshName, MeshOwner, ResourceOwner, Uid |
AWS::AppMesh::Route | Arn, MeshName, MeshOwner, ResourceOwner, RouteName, Uid, VirtualRouterName |
AWS::AppMesh::VirtualGateway | Arn, MeshName, MeshOwner, ResourceOwner, Uid, VirtualGatewayName |
AWS::AppMesh::VirtualNode | Arn, MeshName, MeshOwner, ResourceOwner, Uid, VirtualNodeName |
AWS::AppMesh::VirtualRouter | Arn, MeshName, MeshOwner, ResourceOwner, Uid, VirtualRouterName |
AWS::AppMesh::VirtualService | Arn, MeshName, MeshOwner, ResourceOwner, Uid, VirtualServiceName |
AWS::AppRunner::AutoScalingConfiguration | AutoScalingConfigurationArn, AutoScalingConfigurationRevision, Latest |
AWS::AppRunner::ObservabilityConfiguration | Latest, ObservabilityConfigurationArn, ObservabilityConfigurationRevision |
AWS::AppRunner::Service | ServiceArn, ServiceId, ServiceUrl, Status |
AWS::AppRunner::VpcConnector | VpcConnectorArn, VpcConnectorRevision |
AWS::AppRunner::VpcIngressConnection | DomainName, Status, VpcIngressConnectionArn |
AWS::AppStream::AppBlock | Arn, CreatedTime |
AWS::AppStream::AppBlockBuilder | Arn, CreatedTime |
AWS::AppStream::Application | Arn, CreatedTime |
AWS::AppStream::ApplicationEntitlementAssociation | No attributes |
AWS::AppStream::ApplicationFleetAssociation | No attributes |
AWS::AppStream::DirectoryConfig | No attributes |
AWS::AppStream::Entitlement | CreatedTime, LastModifiedTime |
AWS::AppStream::Fleet | No attributes |
AWS::AppStream::ImageBuilder | StreamingUrl |
AWS::AppStream::Stack | No attributes |
AWS::AppStream::StackFleetAssociation | No attributes |
AWS::AppStream::StackUserAssociation | No attributes |
AWS::AppStream::User | No attributes |
AWS::AppSync::Api | ApiArn, ApiId, Dns, Dns.Http, Dns.Realtime |
AWS::AppSync::ApiCache | No attributes |
AWS::AppSync::ApiKey | ApiKey, Arn |
AWS::AppSync::ChannelNamespace | ChannelNamespaceArn |
AWS::AppSync::DataSource | DataSourceArn, Name |
AWS::AppSync::DomainName | AppSyncDomainName, DomainName, DomainNameArn, HostedZoneId |
AWS::AppSync::DomainNameApiAssociation | ApiAssociationIdentifier |
AWS::AppSync::FunctionConfiguration | DataSourceName, FunctionArn, FunctionId, Name |
AWS::AppSync::GraphQLApi | ApiId, Arn, GraphQLDns, GraphQLEndpointArn, GraphQLUrl, RealtimeDns, RealtimeUrl |
AWS::AppSync::GraphQLSchema | No attributes |
AWS::AppSync::Resolver | FieldName, ResolverArn, TypeName |
AWS::AppSync::SourceApiAssociation | AssociationArn, AssociationId, LastSuccessfulMergeDate, MergedApiArn, MergedApiId, SourceApiArn, SourceApiAssociationStatus, SourceApiAssociationStatusDetail, SourceApiId |
AWS::AppTest::TestCase | CreationTime, LastUpdateTime, LatestVersion, LatestVersion.Status, LatestVersion.Version, Status, TestCaseArn, TestCaseId, TestCaseVersion |
AWS::ApplicationAutoScaling::ScalableTarget | Id |
AWS::ApplicationAutoScaling::ScalingPolicy | Arn |
AWS::ApplicationInsights::Application | ApplicationARN |
AWS::ApplicationSignals::Discovery | AccountId |
AWS::ApplicationSignals::GroupingConfiguration | AccountId, UpdatedAt |
AWS::ApplicationSignals::ServiceLevelObjective | Arn, CreatedTime, EvaluationType, LastUpdatedTime |
AWS::Athena::CapacityReservation | AllocatedDpus, Arn, CreationTime, LastSuccessfulAllocationTime, Status |
AWS::Athena::DataCatalog | No attributes |
AWS::Athena::NamedQuery | NamedQueryId |
AWS::Athena::PreparedStatement | No attributes |
AWS::Athena::WorkGroup | CreationTime, WorkGroupConfiguration.EngineVersion.EffectiveEngineVersion |
AWS::AuditManager::Assessment | Arn, AssessmentId, CreationTime |
AWS::AutoScaling::AutoScalingGroup | AutoScalingGroupARN |
AWS::AutoScaling::LaunchConfiguration | No attributes |
AWS::AutoScaling::LifecycleHook | No attributes |
AWS::AutoScaling::ScalingPolicy | Arn, PolicyName |
AWS::AutoScaling::ScheduledAction | ScheduledActionName |
AWS::AutoScaling::WarmPool | No attributes |
AWS::AutoScalingPlans::ScalingPlan | ScalingPlanName, ScalingPlanVersion |
AWS::B2BI::Capability | CapabilityArn, CapabilityId, CreatedAt, ModifiedAt |
AWS::B2BI::Partnership | CreatedAt, ModifiedAt, PartnershipArn, PartnershipId, TradingPartnerId |
AWS::B2BI::Profile | CreatedAt, LogGroupName, ModifiedAt, ProfileArn, ProfileId |
AWS::B2BI::Transformer | CreatedAt, ModifiedAt, TransformerArn, TransformerId |
AWS::BCMDataExports::Export | Export.ExportArn, ExportArn |
AWS::Backup::BackupPlan | BackupPlanArn, BackupPlanId, VersionId |
AWS::Backup::BackupSelection | BackupPlanId, Id, SelectionId |
AWS::Backup::BackupVault | BackupVaultArn, BackupVaultName |
AWS::Backup::Framework | CreationTime, DeploymentStatus, FrameworkArn, FrameworkStatus |
AWS::Backup::LogicallyAirGappedBackupVault | BackupVaultArn, VaultState, VaultType |
AWS::Backup::ReportPlan | ReportPlanArn |
AWS::Backup::RestoreTestingPlan | RestoreTestingPlanArn |
AWS::Backup::RestoreTestingSelection | No attributes |
AWS::Backup::TieringConfiguration | CreationTime, LastUpdatedTime, TieringConfigurationArn |
AWS::BackupGateway::Hypervisor | HypervisorArn |
AWS::Batch::ComputeEnvironment | ComputeEnvironmentArn |
AWS::Batch::ConsumableResource | AvailableQuantity, ConsumableResourceArn, CreatedAt, InUseQuantity |
AWS::Batch::JobDefinition | JobDefinitionArn |
AWS::Batch::JobQueue | JobQueueArn |
AWS::Batch::QuotaShare | QuotaShareArn |
AWS::Batch::SchedulingPolicy | Arn |
AWS::Batch::ServiceEnvironment | ServiceEnvironmentArn |
AWS::BcmPricingCalculator::BillScenario | Arn, BillInterval, BillInterval.End, BillInterval.Start, CreatedAt, FailureMessage, Id, Status |
AWS::Bedrock::Agent | AgentArn, AgentId, AgentStatus, AgentVersion, CreatedAt, FailureReasons, PreparedAt, RecommendedActions, UpdatedAt |
AWS::Bedrock::AgentAlias | AgentAliasArn, AgentAliasHistoryEvents, AgentAliasId, AgentAliasStatus, CreatedAt, UpdatedAt |
AWS::Bedrock::ApplicationInferenceProfile | CreatedAt, InferenceProfileArn, InferenceProfileId, InferenceProfileIdentifier, Models, Status, Type, UpdatedAt |
AWS::Bedrock::AutomatedReasoningPolicy | CreatedAt, DefinitionHash, KmsKeyArn, PolicyArn, PolicyId, UpdatedAt, Version |
AWS::Bedrock::AutomatedReasoningPolicyVersion | CreatedAt, DefinitionHash, Description, Name, PolicyId, UpdatedAt, Version |
AWS::Bedrock::Blueprint | BlueprintArn, BlueprintStage, CreationTime, LastModifiedTime |
AWS::Bedrock::DataAutomationLibrary | CreationTime, EntityTypes, LibraryArn, Status |
AWS::Bedrock::DataAutomationProject | CreationTime, LastModifiedTime, ProjectArn, ProjectStage, Status |
AWS::Bedrock::DataSource | CreatedAt, DataSourceConfiguration.WebConfiguration.CrawlerConfiguration.UserAgentHeader, DataSourceId, DataSourceStatus, FailureReasons, UpdatedAt |
AWS::Bedrock::EnforcedGuardrailConfiguration | ConfigId, CreatedAt, CreatedBy, GuardrailArn, GuardrailId, Owner, UpdatedAt, UpdatedBy |
AWS::Bedrock::Flow | Arn, CreatedAt, Id, Status, UpdatedAt, Validations, Version |
AWS::Bedrock::FlowAlias | Arn, CreatedAt, FlowId, Id, UpdatedAt |
AWS::Bedrock::FlowVersion | CreatedAt, CustomerEncryptionKeyArn, Definition, Definition.Connections, Definition.Nodes, ExecutionRoleArn, FlowId, Name, Status, Version |
AWS::Bedrock::Guardrail | CreatedAt, FailureRecommendations, GuardrailArn, GuardrailId, Status, StatusReasons, UpdatedAt, Version |
AWS::Bedrock::GuardrailVersion | GuardrailArn, GuardrailId, Version |
AWS::Bedrock::IntelligentPromptRouter | CreatedAt, PromptRouterArn, Status, Type, UpdatedAt |
AWS::Bedrock::KnowledgeBase | CreatedAt, FailureReasons, KnowledgeBaseArn, KnowledgeBaseId, Status, UpdatedAt |
AWS::Bedrock::Prompt | Arn, CreatedAt, Id, UpdatedAt, Version |
AWS::Bedrock::PromptVersion | Arn, CreatedAt, CustomerEncryptionKeyArn, DefaultVariant, Name, PromptId, UpdatedAt, Variants, Version |
AWS::Bedrock::ResourcePolicy | No attributes |
AWS::BedrockAgentCore::ApiKeyCredentialProvider | ApiKeySecretArn, ApiKeySecretArn.SecretArn, CreatedTime, CredentialProviderArn, LastUpdatedTime |
AWS::BedrockAgentCore::BrowserCustom | BrowserArn, BrowserId, CreatedAt, FailureReason, LastUpdatedAt, Status |
AWS::BedrockAgentCore::BrowserProfile | CreatedAt, LastSavedAt, LastSavedBrowserId, LastSavedBrowserSessionId, LastUpdatedAt, ProfileArn, ProfileId, Status |
AWS::BedrockAgentCore::CodeInterpreterCustom | CodeInterpreterArn, CodeInterpreterId, CreatedAt, FailureReason, LastUpdatedAt, Status |
AWS::BedrockAgentCore::Evaluator | CreatedAt, EvaluatorArn, EvaluatorId, Status, UpdatedAt |
AWS::BedrockAgentCore::Gateway | CreatedAt, GatewayArn, GatewayIdentifier, GatewayUrl, Status, StatusReasons, UpdatedAt, WorkloadIdentityDetails, WorkloadIdentityDetails.WorkloadIdentityArn |
AWS::BedrockAgentCore::GatewayTarget | CreatedAt, GatewayArn, LastSynchronizedAt, Status, StatusReasons, TargetId, UpdatedAt |
AWS::BedrockAgentCore::Memory | CreatedAt, FailureReason, MemoryArn, MemoryId, Status, UpdatedAt |
AWS::BedrockAgentCore::OAuth2CredentialProvider | CallbackUrl, ClientSecretArn, ClientSecretArn.SecretArn, CreatedTime, CredentialProviderArn, LastUpdatedTime, Oauth2ProviderConfigOutput, Oauth2ProviderConfigOutput.ClientId, Oauth2ProviderConfigOutput.OauthDiscovery, Oauth2ProviderConfigOutput.OauthDiscovery.AuthorizationServerMetadata, Oauth2ProviderConfigOutput.OauthDiscovery.DiscoveryUrl |
AWS::BedrockAgentCore::OnlineEvaluationConfig | CreatedAt, OnlineEvaluationConfigArn, OnlineEvaluationConfigId, OutputConfig, OutputConfig.CloudWatchConfig, OutputConfig.CloudWatchConfig.LogGroupName, Status, UpdatedAt |
AWS::BedrockAgentCore::Policy | CreatedAt, PolicyArn, PolicyId, Status, StatusReasons, UpdatedAt |
AWS::BedrockAgentCore::PolicyEngine | CreatedAt, PolicyEngineArn, PolicyEngineId, Status, StatusReasons, UpdatedAt |
AWS::BedrockAgentCore::Runtime | AgentRuntimeArn, AgentRuntimeId, AgentRuntimeVersion, CreatedAt, FailureReason, LastUpdatedAt, Status, WorkloadIdentityDetails, WorkloadIdentityDetails.WorkloadIdentityArn |
AWS::BedrockAgentCore::RuntimeEndpoint | AgentRuntimeArn, AgentRuntimeEndpointArn, CreatedAt, FailureReason, Id, LastUpdatedAt, LiveVersion, Status, TargetVersion |
AWS::BedrockAgentCore::WorkloadIdentity | CreatedTime, LastUpdatedTime, WorkloadIdentityArn |
AWS::BedrockMantle::Project | Arn, CreatedAt, Id |
AWS::Billing::BillingView | Arn, BillingViewType, CreatedAt, OwnerAccountId, UpdatedAt |
AWS::BillingConductor::BillingGroup | Arn, CreationTime, LastModifiedTime, Size, Status, StatusReason |
AWS::BillingConductor::CustomLineItem | Arn, AssociationSize, CreationTime, CurrencyCode, LastModifiedTime, ProductCode |
AWS::BillingConductor::PricingPlan | Arn, CreationTime, LastModifiedTime, Size |
AWS::BillingConductor::PricingRule | Arn, AssociatedPricingPlanCount, CreationTime, LastModifiedTime |
AWS::Braket::SpendingLimit | CreatedAt, QueuedSpend, SpendingLimitArn, TotalSpend, UpdatedAt |
AWS::Budgets::Budget | No attributes |
AWS::Budgets::BudgetsAction | ActionId |
AWS::CE::AnomalyMonitor | CreationDate, DimensionalValueCount, LastEvaluatedDate, LastUpdatedDate, MonitorArn |
AWS::CE::AnomalySubscription | AccountId, SubscriptionArn |
AWS::CE::CostCategory | Arn, EffectiveStart |
Why this CloudFormation GetAtt reference exists
Fn::GetAtt is one of the most essential intrinsic functions in AWS CloudFormation. It returns specific attributes from AWS resources in your templates, such as ARNs, DNS names, IP addresses, URLs, and status values.
The hard part is knowing which attributes exist for each resource type. The official AWS documentation spreads this information across many service pages, so this tool consolidates every resource type and its available Fn::GetAtt attributes into one searchable table.
If you use AWS CDK instead of raw CloudFormation, CDK handles many intrinsic references for you. Understanding Fn::GetAtt still helps when debugging synthesized templates or reading CloudFormation errors.
How to use the attributes table
- Search for your AWS resource type, such as
AWS::S3::Bucket. - Find the available attributes in the attributes column.
- Copy the attribute name into your CloudFormation template as
!GetAtt YourResourceName.AttributeName. - Open the resource documentation link when you need the official schema.
A dash in the attributes column means the resource type does not expose any Fn::GetAtt attributes.
GetAtt vs Ref: when to use each
One of the most common sources of CloudFormation confusion is knowing when to use Fn::GetAtt versus Ref. Both functions retrieve values from resources, but they return different things.
What Ref returns
Refreturns a resource's primary identifier. The exact value depends on the resource type.
| Resource type | What Ref returns |
|---|---|
| AWS::S3::Bucket | Bucket name |
| AWS::Lambda::Function | Function name |
| AWS::EC2::Instance | Instance ID |
| AWS::SNS::Topic | Topic ARN |
| AWS::SQS::Queue | Queue URL |
What GetAtt returns
Fn::GetAtt provides access to additional attributes beyond the primary identifier. Use it for values like ARNs, DNS names, IP addresses, endpoints, URLs, and resource status fields.
Quick decision guide
| Use case | Use Ref | Use GetAtt |
|---|---|---|
| Need the primary identifier | Yes | No |
| Need an ARN for an IAM policy | Sometimes | Usually via .Arn |
| Need DNS names or endpoints | No | Yes |
| Need IP addresses | No | Yes |
| Cross-stack exports | Either | Either |
Practical examples
S3 bucket attributes
S3 buckets expose several domain-related attributes. The most common mistake is using Ref when a policy or integration expects an ARN.
| Attribute | When to use it |
|---|---|
Arn | IAM policies and cross-account access. |
DomainName | CloudFront origins and general bucket DNS access. |
RegionalDomainName | Region-specific access when you want to avoid the global endpoint. |
WebsiteURL | Static website hosting endpoints. |
CloudFront distributions commonly use an S3 bucket's domain name as the origin:
Resources:
MyBucket:
Type: AWS::S3::Bucket
MyDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
- DomainName: !GetAtt MyBucket.DomainName
Id: S3Origin
S3OriginConfig:
OriginAccessIdentity: ""
Enabled: trueLambda function attributes
!Ref MyFunction gives you the function name. Use !GetAtt MyFunction.Arn when another service needs the full function ARN.
| Attribute | When to use it |
|---|---|
Arn | Event source mappings, IAM policies, API Gateway integrations, and Step Functions. |
SnapStartResponse.OptimizationStatus | Checking SnapStart optimization state. |
# API Gateway needs the function ARN for integration
IntegrationUri: !GetAtt MyFunction.Arn
# Lambda permission can use the function name
FunctionName: !Ref MyFunctionEC2 instance attributes
EC2 attributes are useful when a template needs networking details for outputs, DNS records, or security group rules.
| Attribute | What it returns |
|---|---|
InstanceId | The EC2 instance ID. |
PrivateIp | The private IPv4 address. |
PublicDnsName | The public DNS name when the instance has one. |
AvailabilityZone | The Availability Zone where the instance runs. |
Advanced GetAtt patterns
Combining GetAtt with Fn::Sub
You can use Fn::GetAtt inside Fn::Sub to build connection strings, ARN patterns, and configuration values:
Outputs:
DatabaseConnectionString:
Value: !Sub "mysql://admin@${MyRDSInstance.Endpoint.Address}:${MyRDSInstance.Endpoint.Port}/mydb"Using AWS::LanguageExtensions
The AWS::LanguageExtensions transform enables dynamic Fn::GetAtt references. This is useful when resource names or attribute names are generated from mappings, loops, or conditions.
Transform: AWS::LanguageExtensions
Outputs:
SelectedBucketArn:
Value: !GetAtt
- !Sub "${Environment}Bucket"
- ArnCross-stack references with GetAtt
Fn::GetAtt only works inside the same template. For multi-stack architectures, export the attribute from one stack and import it in another with Fn::ImportValue.
# network-stack.yaml
Outputs:
VPCCidrBlock:
Value: !GetAtt MyVPC.CidrBlock
Export:
Name: !Sub "${AWS::StackName}-VPCCidr"
# application-stack.yaml
Resources:
MySecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
VpcId: !ImportValue network-stack-VPCId
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: !ImportValue network-stack-VPCCidrIf you are doing this with CDK, the same idea applies through stack outputs and imports. The guide on sharing resources across AWS CDK stacks covers the CDK side of this pattern.
Related tools
CloudFormation Resource Properties Reference
Search AWS CloudFormation resource types and their configurable properties with direct AWS documentation links.
Amazon Resource Names (ARNs) Reference
Search AWS service prefixes and Amazon Resource Name formats for IAM policies and resource references.
AWS IAM Service Principals Reference
Search the complete AWS service principal reference for IAM trust policies, resource policies, and service-linked role setup.
Next step
Want AWS engineering that feels this practical?
I build these tools to make AWS easier to manage. If this level of quality is what you want in your own cloud platform, Towards The Cloud can help with landing zones, infrastructure as code, security reviews, migrations, and cost optimization.