CloudFormation Ref & GetAtt cheatsheet

Resource TypeRefGetAtt
Alexa::ASK::SkillId
AWS::AmazonMQ::BrokerIdAmqpEndpoints, Arn, ConfigurationId, ConfigurationRevision, IpAddresses, MqttEndpoints, OpenWireEndpoints, StompEndpoints, WssEndpoints
AWS::AmazonMQ::ConfigurationIdArn, Id, Revision
AWS::AmazonMQ::ConfigurationAssociationId
AWS::Amplify::AppAppId, AppName, Arn, DefaultDomain
AWS::Amplify::BranchArn, BranchName
AWS::Amplify::DomainArn, CertificateRecord, DomainName, DomainStatus, StatusReason
AWS::ApiGateway::AccountId
AWS::ApiGateway::ApiKeyId
AWS::ApiGateway::AuthorizerId
AWS::ApiGateway::BasePathMapping
AWS::ApiGateway::ClientCertificateName
AWS::ApiGateway::DeploymentId
AWS::ApiGateway::DocumentationPartId
AWS::ApiGateway::DocumentationVersion
AWS::ApiGateway::DomainNameDomainNameDistributionDomainName, DistributionHostedZoneId, RegionalDomainName, RegionalHostedZoneId
AWS::ApiGateway::GatewayResponse
AWS::ApiGateway::MethodId
AWS::ApiGateway::ModelName
AWS::ApiGateway::RequestValidatorId
AWS::ApiGateway::ResourceId
AWS::ApiGateway::RestApiIdRootResourceId
AWS::ApiGateway::StageName
AWS::ApiGateway::UsagePlanId
AWS::ApiGateway::UsagePlanKey
AWS::ApiGateway::VpcLinkId
AWS::ApiGatewayV2::ApiId
AWS::ApiGatewayV2::ApiMappingId
AWS::ApiGatewayV2::AuthorizerId
AWS::ApiGatewayV2::DeploymentId
AWS::ApiGatewayV2::DomainNameDomainNameRegionalDomainName, RegionalHostedZoneId
AWS::ApiGatewayV2::IntegrationId
AWS::ApiGatewayV2::IntegrationResponseId
AWS::ApiGatewayV2::ModelId
AWS::ApiGatewayV2::RouteId
AWS::ApiGatewayV2::RouteResponseId
AWS::ApiGatewayV2::StageName
AWS::ApplicationAutoScaling::ScalableTargetId
AWS::ApplicationAutoScaling::ScalingPolicyArn
AWS::AppMesh::MeshArnArn, MeshName, Uid
AWS::AppMesh::RouteArnArn, MeshName, Uid, VirtualRouterName
AWS::AppMesh::VirtualNodeArnArn, MeshName, Uid, VirtualNodeName
AWS::AppMesh::VirtualRouterArnArn, MeshName, Uid, VirtualRouterName
AWS::AppMesh::VirtualServiceArnArn, MeshName, Uid, VirtualServiceName
AWS::AppSync::ApiKeyArnApiKey, Arn
AWS::AppSync::DataSourceArnDataSourceArn, Name
AWS::AppSync::FunctionConfigurationArnDataSourceName, FunctionArn, FunctionId, Name
AWS::AppSync::GraphQLApiArnApiId, Arn, GraphQLUrl
AWS::AppSync::GraphQLSchemaId
AWS::AppSync::ResolverArnFieldName, ResolverArn, TypeName
AWS::Athena::NamedQueryName
AWS::AutoScaling::AutoScalingGroupName
AWS::AutoScaling::LaunchConfigurationName
AWS::AutoScaling::LifecycleHookName
AWS::AutoScaling::ScalingPolicyArn
AWS::AutoScaling::ScheduledActionName
AWS::AutoScalingPlans::ScalingPlanArn
AWS::Backup::BackupPlanIdBackupPlanArn, BackupPlanId, VersionId
AWS::Backup::BackupSelectionIdBackupPlanId, SelectionId
AWS::Backup::BackupVaultNameBackupVaultArn, BackupVaultName
AWS::Batch::ComputeEnvironmentArn
AWS::Batch::JobDefinitionArn
AWS::Batch::JobQueueArn
AWS::Budgets::BudgetName
AWS::CertificateManager::CertificateArn
AWS::CloudFormation::CustomResource
AWS::CloudFormation::MacroName
AWS::CloudFormation::StackId
AWS::CloudFormation::WaitConditionNameData
AWS::CloudFormation::WaitConditionHandle
AWS::CloudFront::CloudFrontOriginAccessIdentityOriginAccessIdentityS3CanonicalUserId
AWS::CloudFront::DistributionIdDomainName
AWS::CloudFront::StreamingDistributionIdDomainName
AWS::CloudTrail::TrailNameArn, SnsTopicArn
AWS::CloudWatch::AlarmNameArn
AWS::CloudWatch::AnomalyDetector
AWS::CloudWatch::DashboardName
AWS::CodeBuild::ProjectNameArn
AWS::CodeCommit::RepositoryIdArn, CloneUrlHttp, CloneUrlSsh, Name
AWS::CodeDeploy::ApplicationName
AWS::CodeDeploy::DeploymentConfigName
AWS::CodeDeploy::DeploymentGroupName
AWS::CodePipeline::CustomActionTypeName
AWS::CodePipeline::PipelineNameVersion
AWS::CodePipeline::WebhookNameUrl
AWS::Cognito::IdentityPoolIdName
AWS::Cognito::IdentityPoolRoleAttachmentId
AWS::Cognito::UserPoolIdArn, ProviderName, ProviderURL
AWS::Cognito::UserPoolClientId
AWS::Cognito::UserPoolGroupName
AWS::Cognito::UserPoolUserName
AWS::Cognito::UserPoolUserToGroupAttachmentId
AWS::Config::AggregationAuthorizationArn
AWS::Config::ConfigRuleNameArn, Compliance.Type, ConfigRuleId
AWS::Config::ConfigurationAggregatorName
AWS::Config::ConfigurationRecorderName
AWS::Config::DeliveryChannelName
AWS::Config::RemediationConfigurationRemediationAction
AWS::DataPipeline::PipelineId
AWS::DAX::ClusterNameArn, ClusterDiscoveryEndpoint
AWS::DAX::ParameterGroupName
AWS::DAX::SubnetGroupName
AWS::DLM::LifecyclePolicyIdArn
AWS::DMS::CertificateArn
AWS::DMS::EndpointArnExternalId
AWS::DMS::EventSubscriptionName
AWS::DMS::ReplicationInstanceArnReplicationInstancePrivateIpAddresses, ReplicationInstancePublicIpAddresses
AWS::DMS::ReplicationSubnetGroupName
AWS::DMS::ReplicationTaskArn
AWS::DocDB::DBClusterDBClusterIdentifierClusterResourceId, Endpoint, Port, ReadEndpoint
AWS::DocDB::DBClusterParameterGroupName
AWS::DocDB::DBInstanceNameEndpoint, Port
AWS::DocDB::DBSubnetGroupName
AWS::DynamoDB::TableNameArn, StreamArn
AWS::EC2::CapacityReservationIdAvailabilityZone, AvailableInstanceCount, InstanceType, Tenancy, TotalInstanceCount
AWS::EC2::ClientVpnAuthorizationRule
AWS::EC2::ClientVpnEndpointId
AWS::EC2::ClientVpnRoute
AWS::EC2::ClientVpnTargetNetworkAssociationId
AWS::EC2::CustomerGatewayId
AWS::EC2::DHCPOptionsName
AWS::EC2::EC2FleetId
AWS::EC2::EgressOnlyInternetGatewayId
AWS::EC2::EIPElasticIpAddressAllocationId
AWS::EC2::EIPAssociationName
AWS::EC2::FlowLogId
AWS::EC2::HostId
AWS::EC2::InstanceIdAvailabilityZone, PrivateDnsName, PrivateIp, PublicDnsName, PublicIp
AWS::EC2::InternetGatewayName
AWS::EC2::LaunchTemplateIdDefaultVersionNumber, LatestVersionNumber
AWS::EC2::NatGatewayName
AWS::EC2::NetworkAclName
AWS::EC2::NetworkAclEntryName
AWS::EC2::NetworkInterfaceNamePrimaryPrivateIpAddress, SecondaryPrivateIpAddresses
AWS::EC2::NetworkInterfaceAttachmentName
AWS::EC2::NetworkInterfacePermissionName
AWS::EC2::PlacementGroupName
AWS::EC2::RouteId
AWS::EC2::RouteTableId
AWS::EC2::SecurityGroupNameGroupId, VpcId
AWS::EC2::SecurityGroupEgressRuleName
AWS::EC2::SecurityGroupIngress
AWS::EC2::SpotFleetId
AWS::EC2::SubnetIdAvailabilityZone, Ipv6CidrBlocks, NetworkAclAssociationId, VpcId
AWS::EC2::SubnetCidrBlockCidrBlock
AWS::EC2::SubnetNetworkAclAssociationIdAssociationId
AWS::EC2::SubnetRouteTableAssociationId
AWS::EC2::TransitGatewayId
AWS::EC2::TransitGatewayAttachmentName
AWS::EC2::TransitGatewayRouteName
AWS::EC2::TransitGatewayRouteTableName
AWS::EC2::TransitGatewayRouteTableAssociationId
AWS::EC2::TransitGatewayRouteTablePropagationRouteTableId
AWS::EC2::VolumeName
AWS::EC2::VolumeAttachment
AWS::EC2::VPCIdCidrBlock, CidrBlockAssociations, DefaultNetworkAcl, DefaultSecurityGroup, Ipv6CidrBlocks
AWS::EC2::VPCCidrBlockCidrBlock
AWS::EC2::VPCDHCPOptionsAssociationId
AWS::EC2::VPCEndpointIdCreationTimestamp, DnsEntries, NetworkInterfaceIds
AWS::EC2::VPCEndpointConnectionNotificationId
AWS::EC2::VPCEndpointServiceId
AWS::EC2::VPCEndpointServicePermissionsId
AWS::EC2::VPCGatewayAttachmentId
AWS::EC2::VPCPeeringConnectionId
AWS::EC2::VPNConnectionId
AWS::EC2::VPNConnectionRouteId
AWS::EC2::VPNGatewayId
AWS::EC2::VPNGatewayRoutePropagationVpnGatewayId
AWS::ECR::RepositoryNameArn
AWS::ECS::ClusterNameArn
AWS::ECS::ServiceArnName
AWS::ECS::TaskDefinitionArn
AWS::EFS::FileSystemId
AWS::EFS::MountTargetIdIpAddress
AWS::EKS::ClusterNameArn, CertificateAuthorityData, Endpoint
AWS::ElastiCache::CacheClusterNameConfigurationEndpoint.Address, ConfigurationEndpoint.Port, RedisEndpoint.Address, RedisEndpoint.Port
AWS::ElastiCache::ParameterGroupName
AWS::ElastiCache::ReplicationGroupNameConfigurationEndPoint.Address, ConfigurationEndPoint.Port, PrimaryEndPoint.Address, PrimaryEndPoint.Port, ReadEndPoint.Addresses, ReadEndPoint.Addresses.List, ReadEndPoint.Ports, ReadEndPoint.Ports.List
AWS::ElastiCache::SecurityGroupName
AWS::ElastiCache::SecurityGroupIngressName
AWS::ElastiCache::SubnetGroupName
AWS::ElasticBeanstalk::ApplicationName
AWS::ElasticBeanstalk::ApplicationVersionName
AWS::ElasticBeanstalk::ConfigurationTemplateName
AWS::ElasticBeanstalk::EnvironmentNameEndpointURL
AWS::ElasticLoadBalancing::LoadBalancerNameCanonicalHostedZoneName, CanonicalHostedZoneNameID, DNSName, SourceSecurityGroup.GroupName, SourceSecurityGroup.OwnerAlias
AWS::ElasticLoadBalancingV2::ListenerArn
AWS::ElasticLoadBalancingV2::ListenerCertificate
AWS::ElasticLoadBalancingV2::ListenerRuleArn
AWS::ElasticLoadBalancingV2::LoadBalancerArnCanonicalHostedZoneID, DNSName, LoadBalancerFullName, LoadBalancerName, SecurityGroups
AWS::ElasticLoadBalancingV2::TargetGroupArnLoadBalancerArns, TargetGroupFullName, TargetGroupName
AWS::Elasticsearch::DomainNameArn, DomainArn, DomainEndpoint
AWS::EMR::ClusterIdMasterPublicDNS
AWS::EMR::InstanceFleetConfigInstanceFleetId
AWS::EMR::InstanceGroupConfigInstanceGroupId
AWS::EMR::SecurityConfigurationName
AWS::EMR::StepId
AWS::Events::EventBusNameArn, Name, Policy
AWS::Events::EventBusPolicyId
AWS::Events::RuleIdArn
AWS::Glue::ClassifierName
AWS::Glue::ConnectionName
AWS::Glue::CrawlerName
AWS::Glue::DatabaseName
AWS::Glue::DataCatalogEncryptionSettings
AWS::Glue::DevEndpointName
AWS::Glue::JobName
AWS::Glue::PartitionName
AWS::Glue::SecurityConfiguration
AWS::Glue::TableName
AWS::Glue::TriggerName
AWS::GuardDuty::DetectorId
AWS::GuardDuty::FilterName
AWS::GuardDuty::IPSetId
AWS::GuardDuty::MasterAccountId
AWS::GuardDuty::MemberAccountId
AWS::GuardDuty::ThreatIntelSetId
AWS::IAM::AccessKeyAccessKeyIdSecretAccessKey
AWS::IAM::GroupNameArn
AWS::IAM::InstanceProfileNameArn
AWS::IAM::ManagedPolicyArn
AWS::IAM::PolicyName
AWS::IAM::RoleNameArn, RoleId
AWS::IAM::ServiceLinkedRole
AWS::IAM::UserUserNameArn
AWS::IAM::UserToGroupAdditionName
AWS::Inspector::AssessmentTargetArn
AWS::Inspector::AssessmentTemplateArn
AWS::Inspector::ResourceGroupArn
AWS::IoT::CertificateIdArn
AWS::IoT::PolicyNameArn
AWS::IoT::PolicyPrincipalAttachment
AWS::IoT::ThingName
AWS::IoT::ThingPrincipalAttachment
AWS::IoT::TopicRuleNameArn
AWS::IoT1Click::DeviceArnArn, DeviceId, Enabled
AWS::IoT1Click::PlacementIdPlacementName, ProjectName
AWS::IoT1Click::ProjectArnArn, ProjectName
AWS::IoTAnalytics::Channel
AWS::IoTAnalytics::Dataset
AWS::IoTAnalytics::Datastore
AWS::IoTAnalytics::Pipeline
AWS::IoTEvents::DetectorModelName
AWS::IoTEvents::InputName
AWS::IoTThingsGraph::FlowTemplateUrn
AWS::Kinesis::StreamNameArn
AWS::Kinesis::StreamConsumerConsumerArnConsumerARN, ConsumerCreationTimestamp, ConsumerName, ConsumerStatus, StreamARN
AWS::KinesisAnalytics::Application
AWS::KinesisAnalytics::ApplicationOutput
AWS::KinesisAnalytics::ApplicationReferenceDataSource
AWS::KinesisAnalyticsV2::Application
AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption
AWS::KinesisAnalyticsV2::ApplicationOutput
AWS::KinesisAnalyticsV2::ApplicationReferenceDataSource
AWS::KinesisFirehose::DeliveryStreamNameArn
AWS::KMS::AliasName
AWS::KMS::KeyIdArn
AWS::Lambda::AliasArn
AWS::Lambda::EventSourceMappingName
AWS::Lambda::FunctionNameArn
AWS::Lambda::LayerVersionArn
AWS::Lambda::LayerVersionPermissionArn
AWS::Lambda::Permission
AWS::Lambda::VersionArnVersion
AWS::Logs::DestinationNameArn
AWS::Logs::LogGroupNameArn
AWS::Logs::LogStreamName
AWS::Logs::MetricFilter
AWS::Logs::SubscriptionFilterName
AWS::RDS::DBClusterNameEndpoint.Address, Endpoint.Port, ReadEndpoint.Address
AWS::RDS::DBClusterParameterGroupName
AWS::RDS::DBInstanceNameEndpoint.Address, Endpoint.Port
AWS::RDS::DBParameterGroupName
AWS::RDS::DBSecurityGroupName
AWS::RDS::DBSecurityGroupIngressDBSecurityGroup
AWS::RDS::DBSubnetGroupName
AWS::RDS::EventSubscriptionName
AWS::RDS::OptionGroupName
AWS::Route53::HealthCheckHealthCheckId
AWS::Route53::HostedZoneHosteadZoneIdNameServers
AWS::Route53::RecordSetDomainName
AWS::Route53::RecordSetGroupName
AWS::Route53Resolver::ResolverEndpointResolverEndpointArn, Direction, HostVPCId, IpAddressCount, Name, ResolverEndpointId
AWS::Route53Resolver::ResolverRuleResolverRuleArn, DomainName, ResolverEndpointId, ResolverRuleId, TargetIps
AWS::Route53Resolver::ResolverRuleAssociationResolverRuleAssociationIdName, ResolverRuleAssociationId, ResolverRuleId, VPCId
AWS::S3::BucketNameArn, DomainName, DualStackDomainName, RegionalDomainName, WebsiteURL
AWS::SageMaker::CodeRepositoryArnCodeRepositoryName
AWS::SageMaker::EndpointArnEndpointName
AWS::SageMaker::EndpointConfigArnEndpointConfigName
AWS::SageMaker::ModelArnModelName
AWS::SageMaker::NotebookInstanceArnNotebookInstanceName
AWS::SageMaker::NotebookInstanceLifecycleConfigArnNotebookInstanceLifecycleConfigName
AWS::SecretsManager::ResourcePolicyArn
AWS::SecretsManager::RotationScheduleArn
AWS::SecretsManager::SecretArn
AWS::SecretsManager::SecretTargetAttachmentArn
AWS::ServiceDiscovery::HttpNamespaceIdArn, Id
AWS::ServiceDiscovery::InstanceId
AWS::ServiceDiscovery::PrivateDnsNamespaceIdArn, Id
AWS::ServiceDiscovery::PublicDnsNamespaceIdArn, Id
AWS::ServiceDiscovery::ServiceIdArn, Id, Name
AWS::SES::ConfigurationSetName
AWS::SES::ConfigurationSetEventDestination
AWS::SES::ReceiptFilter
AWS::SES::ReceiptRuleName
AWS::SES::ReceiptRuleSetName
AWS::SES::Template
AWS::SNS::TopicArnTopicName
AWS::SQS::QueueQueueURLArn, QueueName
AWS::SSM::Association
AWS::SSM::DocumentName
AWS::SSM::MaintenanceWindowId
AWS::SSM::MaintenanceWindowTargetId
AWS::SSM::MaintenanceWindowTaskId
AWS::SSM::ParameterNameType, Value
AWS::SSM::PatchBaselineId
AWS::SSM::ResourceDataSyncName
AWS::StepFunctions::ActivityArnName
AWS::StepFunctions::StateMachineArnName
AWS::Transfer::ServerIdArn, ServerId
AWS::Transfer::UserUserNameArn, ServerId, UserName
AWS::WAF::ByteMatchSetId
AWS::WAF::IPSetId
AWS::WAF::RuleId
AWS::WAF::SizeConstraintSetId
AWS::WAF::SqlInjectionMatchSetId
AWS::WAF::WebACLName
AWS::WAF::XssMatchSetId
AWS::WAFRegional::ByteMatchSetId
AWS::WAFRegional::GeoMatchSetId
AWS::WAFRegional::IPSetId
AWS::WAFRegional::RateBasedRuleId
AWS::WAFRegional::RegexPatternSetId
AWS::WAFRegional::RuleId
AWS::WAFRegional::SizeConstraintSetId
AWS::WAFRegional::SqlInjectionMatchSetId
AWS::WAFRegional::WebACLName
AWS::WAFRegional::WebACLAssociation

Learn to build Production-Ready Serverless applications

Want to learn how to build Serverless applications and follow best practices? Subscribe to my newsletter and join over 3,000 AWS & Serverless enthusiasts who have signed up already.

As a BONUS, you will receive early access and discount for my new AppSync course.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close