CloudFormation Ref & GetAtt cheatsheet

After joining my current company Sourced Group, and I need to deal a lot with CloudFormation in my daily working life, I manage to find a full list of Ref and GetAtt cheatsheet which help me a lot when I working on CloudFormation.

Please bear in mind that difference resources type in AWS, there will be a difference value return when you using Fn::Ref (!Ref) and FN::GetAtt (!GetAtt).

Resource TypeRefGetAtt
Alexa::ASK::SkillId 
AWS::AmazonMQ::BrokerIdAmqpEndpoints, Arn, ConfigurationId, ConfigurationRevision, IpAddresses, MqttEndpoints, OpenWireEndpoints, StompEndpoints, WssEndpoints
AWS::AmazonMQ::ConfigurationIdArn, Id, Revision
AWS::AmazonMQ::ConfigurationAssociationId 
AWS::Amplify::AppAppId, AppName, Arn, DefaultDomain
AWS::Amplify::BranchArn, BranchName
AWS::Amplify::DomainArn, CertificateRecord, DomainName, DomainStatus, StatusReason
AWS::ApiGateway::AccountId 
AWS::ApiGateway::ApiKeyId 
AWS::ApiGateway::AuthorizerId 
AWS::ApiGateway::BasePathMapping 
AWS::ApiGateway::ClientCertificateName 
AWS::ApiGateway::DeploymentId 
AWS::ApiGateway::DocumentationPartId 
AWS::ApiGateway::DocumentationVersion 
AWS::ApiGateway::DomainNameDomainNameDistributionDomainName, DistributionHostedZoneId, RegionalDomainName, RegionalHostedZoneId
AWS::ApiGateway::GatewayResponse 
AWS::ApiGateway::MethodId 
AWS::ApiGateway::ModelName 
AWS::ApiGateway::RequestValidatorId 
AWS::ApiGateway::ResourceId 
AWS::ApiGateway::RestApiIdRootResourceId
AWS::ApiGateway::StageName 
AWS::ApiGateway::UsagePlanId 
AWS::ApiGateway::UsagePlanKey 
AWS::ApiGateway::VpcLinkId 
AWS::ApiGatewayV2::ApiId 
AWS::ApiGatewayV2::ApiMappingId 
AWS::ApiGatewayV2::AuthorizerId 
AWS::ApiGatewayV2::DeploymentId 
AWS::ApiGatewayV2::DomainNameDomainNameRegionalDomainName, RegionalHostedZoneId
AWS::ApiGatewayV2::IntegrationId 
AWS::ApiGatewayV2::IntegrationResponseId 
AWS::ApiGatewayV2::ModelId 
AWS::ApiGatewayV2::RouteId 
AWS::ApiGatewayV2::RouteResponseId 
AWS::ApiGatewayV2::StageName 
AWS::ApplicationAutoScaling::ScalableTargetId 
AWS::ApplicationAutoScaling::ScalingPolicyArn 
AWS::AppMesh::MeshArnArn, MeshName, Uid
AWS::AppMesh::RouteArnArn, MeshName, Uid, VirtualRouterName
AWS::AppMesh::VirtualNodeArnArn, MeshName, Uid, VirtualNodeName
AWS::AppMesh::VirtualRouterArnArn, MeshName, Uid, VirtualRouterName
AWS::AppMesh::VirtualServiceArnArn, MeshName, Uid, VirtualServiceName
AWS::AppSync::ApiKeyArnApiKey, Arn
AWS::AppSync::DataSourceArnDataSourceArn, Name
AWS::AppSync::FunctionConfigurationArnDataSourceName, FunctionArn, FunctionId, Name
AWS::AppSync::GraphQLApiArnApiId, Arn, GraphQLUrl
AWS::AppSync::GraphQLSchemaId 
AWS::AppSync::ResolverArnFieldName, ResolverArn, TypeName
AWS::Athena::NamedQueryName 
AWS::AutoScaling::AutoScalingGroupName 
AWS::AutoScaling::LaunchConfigurationName 
AWS::AutoScaling::LifecycleHookName 
AWS::AutoScaling::ScalingPolicyArn 
AWS::AutoScaling::ScheduledActionName 
AWS::AutoScalingPlans::ScalingPlanArn 
AWS::Backup::BackupPlanIdBackupPlanArn, BackupPlanId, VersionId
AWS::Backup::BackupSelectionIdBackupPlanId, SelectionId
AWS::Backup::BackupVaultNameBackupVaultArn, BackupVaultName
AWS::Batch::ComputeEnvironmentArn 
AWS::Batch::JobDefinitionArn 
AWS::Batch::JobQueueArn 
AWS::Budgets::BudgetName 
AWS::CertificateManager::CertificateArn 
AWS::CloudFormation::CustomResource 
AWS::CloudFormation::MacroName 
AWS::CloudFormation::StackId 
AWS::CloudFormation::WaitConditionNameData
AWS::CloudFormation::WaitConditionHandle 
AWS::CloudFront::CloudFrontOriginAccessIdentityOriginAccessIdentityS3CanonicalUserId
AWS::CloudFront::DistributionIdDomainName
AWS::CloudFront::StreamingDistributionIdDomainName
AWS::CloudTrail::TrailNameArn, SnsTopicArn
AWS::CloudWatch::AlarmNameArn
AWS::CloudWatch::AnomalyDetector 
AWS::CloudWatch::DashboardName 
AWS::CodeBuild::ProjectNameArn
AWS::CodeCommit::RepositoryIdArn, CloneUrlHttp, CloneUrlSsh, Name
AWS::CodeDeploy::ApplicationName 
AWS::CodeDeploy::DeploymentConfigName 
AWS::CodeDeploy::DeploymentGroupName 
AWS::CodePipeline::CustomActionTypeName 
AWS::CodePipeline::PipelineNameVersion
AWS::CodePipeline::WebhookNameUrl
AWS::Cognito::IdentityPoolIdName
AWS::Cognito::IdentityPoolRoleAttachmentId 
AWS::Cognito::UserPoolIdArn, ProviderName, ProviderURL
AWS::Cognito::UserPoolClientId 
AWS::Cognito::UserPoolGroupName 
AWS::Cognito::UserPoolUserName 
AWS::Cognito::UserPoolUserToGroupAttachmentId 
AWS::Config::AggregationAuthorizationArn 
AWS::Config::ConfigRuleNameArn, Compliance.Type, ConfigRuleId
AWS::Config::ConfigurationAggregatorName 
AWS::Config::ConfigurationRecorderName 
AWS::Config::DeliveryChannelName 
AWS::Config::RemediationConfigurationRemediationAction 
AWS::DataPipeline::PipelineId 
AWS::DAX::ClusterNameArn, ClusterDiscoveryEndpoint
AWS::DAX::ParameterGroupName 
AWS::DAX::SubnetGroupName 
AWS::DLM::LifecyclePolicyIdArn
AWS::DMS::CertificateArn 
AWS::DMS::EndpointArnExternalId
AWS::DMS::EventSubscriptionName 
AWS::DMS::ReplicationInstanceArnReplicationInstancePrivateIpAddresses, ReplicationInstancePublicIpAddresses
AWS::DMS::ReplicationSubnetGroupName 
AWS::DMS::ReplicationTaskArn 
AWS::DocDB::DBClusterDBClusterIdentifierClusterResourceId, Endpoint, Port, ReadEndpoint
AWS::DocDB::DBClusterParameterGroupName 
AWS::DocDB::DBInstanceNameEndpoint, Port
AWS::DocDB::DBSubnetGroupName 
AWS::DynamoDB::TableNameArn, StreamArn
AWS::EC2::CapacityReservationIdAvailabilityZone, AvailableInstanceCount, InstanceType, Tenancy, TotalInstanceCount
AWS::EC2::ClientVpnAuthorizationRule 
AWS::EC2::ClientVpnEndpointId 
AWS::EC2::ClientVpnRoute 
AWS::EC2::ClientVpnTargetNetworkAssociationId 
AWS::EC2::CustomerGatewayId 
AWS::EC2::DHCPOptionsName 
AWS::EC2::EC2FleetId 
AWS::EC2::EgressOnlyInternetGatewayId 
AWS::EC2::EIPElasticIpAddressAllocationId
AWS::EC2::EIPAssociationName 
AWS::EC2::FlowLogId 
AWS::EC2::HostId 
AWS::EC2::InstanceIdAvailabilityZone, PrivateDnsName, PrivateIp, PublicDnsName, PublicIp
AWS::EC2::InternetGatewayName 
AWS::EC2::LaunchTemplateIdDefaultVersionNumber, LatestVersionNumber
AWS::EC2::NatGatewayName 
AWS::EC2::NetworkAclName 
AWS::EC2::NetworkAclEntryName 
AWS::EC2::NetworkInterfaceNamePrimaryPrivateIpAddress, SecondaryPrivateIpAddresses
AWS::EC2::NetworkInterfaceAttachmentName 
AWS::EC2::NetworkInterfacePermissionName 
AWS::EC2::PlacementGroupName 
AWS::EC2::RouteId 
AWS::EC2::RouteTableId 
AWS::EC2::SecurityGroupNameGroupId, VpcId
AWS::EC2::SecurityGroupEgressRuleName 
AWS::EC2::SecurityGroupIngress 
AWS::EC2::SpotFleetId 
AWS::EC2::SubnetIdAvailabilityZone, Ipv6CidrBlocks, NetworkAclAssociationId, VpcId
AWS::EC2::SubnetCidrBlockCidrBlock 
AWS::EC2::SubnetNetworkAclAssociationIdAssociationId
AWS::EC2::SubnetRouteTableAssociationId 
AWS::EC2::TransitGatewayId 
AWS::EC2::TransitGatewayAttachmentName 
AWS::EC2::TransitGatewayRouteName 
AWS::EC2::TransitGatewayRouteTableName 
AWS::EC2::TransitGatewayRouteTableAssociationId 
AWS::EC2::TransitGatewayRouteTablePropagationRouteTableId 
AWS::EC2::VolumeName 
AWS::EC2::VolumeAttachment 
AWS::EC2::VPCIdCidrBlock, CidrBlockAssociations, DefaultNetworkAcl, DefaultSecurityGroup, Ipv6CidrBlocks
AWS::EC2::VPCCidrBlockCidrBlock 
AWS::EC2::VPCDHCPOptionsAssociationId 
AWS::EC2::VPCEndpointIdCreationTimestamp, DnsEntries, NetworkInterfaceIds
AWS::EC2::VPCEndpointConnectionNotificationId 
AWS::EC2::VPCEndpointServiceId 
AWS::EC2::VPCEndpointServicePermissionsId 
AWS::EC2::VPCGatewayAttachmentId 
AWS::EC2::VPCPeeringConnectionId 
AWS::EC2::VPNConnectionId 
AWS::EC2::VPNConnectionRouteId 
AWS::EC2::VPNGatewayId 
AWS::EC2::VPNGatewayRoutePropagationVpnGatewayId 
AWS::ECR::RepositoryNameArn
AWS::ECS::ClusterNameArn
AWS::ECS::ServiceArnName
AWS::ECS::TaskDefinitionArn 
AWS::EFS::FileSystemId 
AWS::EFS::MountTargetIdIpAddress
AWS::EKS::ClusterNameArn, CertificateAuthorityData, Endpoint
AWS::ElastiCache::CacheClusterNameConfigurationEndpoint.Address, ConfigurationEndpoint.Port, RedisEndpoint.Address, RedisEndpoint.Port
AWS::ElastiCache::ParameterGroupName 
AWS::ElastiCache::ReplicationGroupNameConfigurationEndPoint.Address, ConfigurationEndPoint.Port, PrimaryEndPoint.Address, PrimaryEndPoint.Port, ReadEndPoint.Addresses, ReadEndPoint.Addresses.List, ReadEndPoint.Ports, ReadEndPoint.Ports.List
AWS::ElastiCache::SecurityGroupName 
AWS::ElastiCache::SecurityGroupIngressName 
AWS::ElastiCache::SubnetGroupName 
AWS::ElasticBeanstalk::ApplicationName 
AWS::ElasticBeanstalk::ApplicationVersionName 
AWS::ElasticBeanstalk::ConfigurationTemplateName 
AWS::ElasticBeanstalk::EnvironmentNameEndpointURL
AWS::ElasticLoadBalancing::LoadBalancerNameCanonicalHostedZoneName, CanonicalHostedZoneNameID, DNSName, SourceSecurityGroup.GroupName, SourceSecurityGroup.OwnerAlias
AWS::ElasticLoadBalancingV2::ListenerArn 
AWS::ElasticLoadBalancingV2::ListenerCertificate 
AWS::ElasticLoadBalancingV2::ListenerRuleArn 
AWS::ElasticLoadBalancingV2::LoadBalancerArnCanonicalHostedZoneID, DNSName, LoadBalancerFullName, LoadBalancerName, SecurityGroups
AWS::ElasticLoadBalancingV2::TargetGroupArnLoadBalancerArns, TargetGroupFullName, TargetGroupName
AWS::Elasticsearch::DomainNameArn, DomainArn, DomainEndpoint
AWS::EMR::ClusterIdMasterPublicDNS
AWS::EMR::InstanceFleetConfigInstanceFleetId 
AWS::EMR::InstanceGroupConfigInstanceGroupId 
AWS::EMR::SecurityConfigurationName 
AWS::EMR::StepId 
AWS::Events::EventBusNameArn, Name, Policy
AWS::Events::EventBusPolicyId 
AWS::Events::RuleIdArn
AWS::Glue::ClassifierName 
AWS::Glue::ConnectionName 
AWS::Glue::CrawlerName 
AWS::Glue::DatabaseName 
AWS::Glue::DataCatalogEncryptionSettings 
AWS::Glue::DevEndpointName 
AWS::Glue::JobName 
AWS::Glue::PartitionName 
AWS::Glue::SecurityConfiguration 
AWS::Glue::TableName 
AWS::Glue::TriggerName 
AWS::GuardDuty::DetectorId 
AWS::GuardDuty::FilterName 
AWS::GuardDuty::IPSetId 
AWS::GuardDuty::MasterAccountId 
AWS::GuardDuty::MemberAccountId 
AWS::GuardDuty::ThreatIntelSetId 
AWS::IAM::AccessKeyAccessKeyIdSecretAccessKey
AWS::IAM::GroupNameArn
AWS::IAM::InstanceProfileNameArn
AWS::IAM::ManagedPolicyArn 
AWS::IAM::PolicyName 
AWS::IAM::RoleNameArn, RoleId
AWS::IAM::ServiceLinkedRole 
AWS::IAM::UserUserNameArn
AWS::IAM::UserToGroupAdditionName 
AWS::Inspector::AssessmentTargetArn
AWS::Inspector::AssessmentTemplateArn
AWS::Inspector::ResourceGroupArn
AWS::IoT::CertificateIdArn
AWS::IoT::PolicyNameArn
AWS::IoT::PolicyPrincipalAttachment 
AWS::IoT::ThingName 
AWS::IoT::ThingPrincipalAttachment 
AWS::IoT::TopicRuleNameArn
AWS::IoT1Click::DeviceArnArn, DeviceId, Enabled
AWS::IoT1Click::PlacementIdPlacementName, ProjectName
AWS::IoT1Click::ProjectArnArn, ProjectName
AWS::IoTAnalytics::Channel 
AWS::IoTAnalytics::Dataset 
AWS::IoTAnalytics::Datastore 
AWS::IoTAnalytics::Pipeline 
AWS::IoTEvents::DetectorModelName 
AWS::IoTEvents::InputName 
AWS::IoTThingsGraph::FlowTemplateUrn 
AWS::Kinesis::StreamNameArn
AWS::Kinesis::StreamConsumerConsumerArnConsumerARN, ConsumerCreationTimestamp, ConsumerName, ConsumerStatus, StreamARN
AWS::KinesisAnalytics::Application 
AWS::KinesisAnalytics::ApplicationOutput 
AWS::KinesisAnalytics::ApplicationReferenceDataSource 
AWS::KinesisAnalyticsV2::Application 
AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption 
AWS::KinesisAnalyticsV2::ApplicationOutput 
AWS::KinesisAnalyticsV2::ApplicationReferenceDataSource 
AWS::KinesisFirehose::DeliveryStreamNameArn
AWS::KMS::AliasName 
AWS::KMS::KeyIdArn
AWS::Lambda::AliasArn 
AWS::Lambda::EventSourceMappingName 
AWS::Lambda::FunctionNameArn
AWS::Lambda::LayerVersionArn 
AWS::Lambda::LayerVersionPermissionArn 
AWS::Lambda::Permission 
AWS::Lambda::VersionArnVersion
AWS::Logs::DestinationNameArn
AWS::Logs::LogGroupNameArn
AWS::Logs::LogStreamName 
AWS::Logs::MetricFilter 
AWS::Logs::SubscriptionFilterName 
AWS::RDS::DBClusterNameEndpoint.Address, Endpoint.Port, ReadEndpoint.Address
AWS::RDS::DBClusterParameterGroupName 
AWS::RDS::DBInstanceNameEndpoint.Address, Endpoint.Port
AWS::RDS::DBParameterGroupName 
AWS::RDS::DBSecurityGroupName 
AWS::RDS::DBSecurityGroupIngressDBSecurityGroup 
AWS::RDS::DBSubnetGroupName 
AWS::RDS::EventSubscriptionName 
AWS::RDS::OptionGroupName 
AWS::Route53::HealthCheckHealthCheckId 
AWS::Route53::HostedZoneHosteadZoneIdNameServers
AWS::Route53::RecordSetDomainName 
AWS::Route53::RecordSetGroupName 
AWS::Route53Resolver::ResolverEndpointResolverEndpointArn, Direction, HostVPCId, IpAddressCount, Name, ResolverEndpointId
AWS::Route53Resolver::ResolverRuleResolverRuleArn, DomainName, ResolverEndpointId, ResolverRuleId, TargetIps
AWS::Route53Resolver::ResolverRuleAssociationResolverRuleAssociationIdName, ResolverRuleAssociationId, ResolverRuleId, VPCId
AWS::S3::BucketNameArn, DomainName, DualStackDomainName, RegionalDomainName, WebsiteURL
AWS::SageMaker::CodeRepositoryArnCodeRepositoryName
AWS::SageMaker::EndpointArnEndpointName
AWS::SageMaker::EndpointConfigArnEndpointConfigName
AWS::SageMaker::ModelArnModelName
AWS::SageMaker::NotebookInstanceArnNotebookInstanceName
AWS::SageMaker::NotebookInstanceLifecycleConfigArnNotebookInstanceLifecycleConfigName
AWS::SecretsManager::ResourcePolicyArn 
AWS::SecretsManager::RotationScheduleArn 
AWS::SecretsManager::SecretArn 
AWS::SecretsManager::SecretTargetAttachmentArn 
AWS::ServiceDiscovery::HttpNamespaceIdArn, Id
AWS::ServiceDiscovery::InstanceId 
AWS::ServiceDiscovery::PrivateDnsNamespaceIdArn, Id
AWS::ServiceDiscovery::PublicDnsNamespaceIdArn, Id
AWS::ServiceDiscovery::ServiceIdArn, Id, Name
AWS::SES::ConfigurationSetName 
AWS::SES::ConfigurationSetEventDestination  
AWS::SES::ReceiptFilter  
AWS::SES::ReceiptRuleName 
AWS::SES::ReceiptRuleSetName 
AWS::SES::Template  
AWS::SNS::TopicArnTopicName
AWS::SQS::QueueQueueURLArn, QueueName
AWS::SSM::Association  
AWS::SSM::DocumentName 
AWS::SSM::MaintenanceWindowId 
AWS::SSM::MaintenanceWindowTargetId 
AWS::SSM::MaintenanceWindowTaskId 
AWS::SSM::ParameterNameType, Value
AWS::SSM::PatchBaselineId 
AWS::SSM::ResourceDataSyncName 
AWS::StepFunctions::ActivityArnName
AWS::StepFunctions::StateMachineArnName
AWS::Transfer::ServerIdArn, ServerId
AWS::Transfer::UserUserNameArn, ServerId, UserName
AWS::WAF::ByteMatchSetId 
AWS::WAF::IPSetId 
AWS::WAF::RuleId 
AWS::WAF::SizeConstraintSetId 
AWS::WAF::SqlInjectionMatchSetId 
AWS::WAF::WebACLName 
AWS::WAF::XssMatchSetId 
AWS::WAFRegional::ByteMatchSetId 
AWS::WAFRegional::GeoMatchSetId 
AWS::WAFRegional::IPSetId 
AWS::WAFRegional::RateBasedRuleId 
AWS::WAFRegional::RegexPatternSetId 
AWS::WAFRegional::RuleId 
AWS::WAFRegional::SizeConstraintSetId 
AWS::WAFRegional::SqlInjectionMatchSetId 
AWS::WAFRegional::WebACLName 
AWS::WAFRegional::WebACLAssociation  

Credit to: https://theburningmonk.com/cloudformation-ref-and-getatt-cheatsheet/

Leave a Reply

google.com, pub-3772983857049267, DIRECT, f08c47fec0942fa0
%d bloggers like this: