How can I refer/specify VPC from AWS copilot addon file?

Question

I am creating an (AWS Copilot) addon (inside the environments folder) which has the following piece of script creating a security group:

  SGPostgresDb:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: sg-pgdb
      GroupDescription: Allows only postgres traffic
      VpcId: !Ref ?????????
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 5432
          ToPort: 5432
          CidrIp: 0.0.0.0/0

But I need to somehow refer to the VPC ID. How could I go about it? In general, how can I refer to the elements specified inside the manifest.yml? Besides the VPC, the copilot creates internet gateway, subnets, route table...., so when we create additional resources inside an addon file we might need to refer to VPC or a subnet created by the copilot by copilot env deploy command. How can we refer to those elements too?

score -2 · Accepted Answer · answered Mar 20 '23 at 19:51

@fade2black! Those environment resources are all Outputs of your environment's CloudFormation stack. So other stacks, including workload addons, and manifests can reference them.

Outputs:
  VpcId:
    Value: !Ref VPC
    Export:
      Name: !Sub ${AWS::StackName}-VpcId
  PublicSubnets:
    Value: !Join [ ',', [ !Ref PublicSubnet1, !Ref PublicSubnet2, ] ]
    Export:
      Name: !Sub ${AWS::StackName}-PublicSubnets
  PrivateSubnets:
    Value: !Join [ ',', [ !Ref PrivateSubnet1, !Ref PrivateSubnet2, ] ]
    Export:
      Name: !Sub ${AWS::StackName}-PrivateSubnets
  InternetGatewayID:
    Value: !Ref InternetGateway
    Export:
      Name: !Sub ${AWS::StackName}-InternetGatewayID
  PublicRouteTableID:
    Value: !Ref PublicRouteTable
    Export:
      Name: !Sub ${AWS::StackName}-PublicRouteTableID
  PrivateRouteTableIDs:
    Condition: CreateNATGateways
    Value: !Join [ ',', [ !Ref PrivateRouteTable1, !Ref PrivateRouteTable2, ] ]
    Export:
      Name: !Sub ${AWS::StackName}-PrivateRouteTableIDs
  ServiceDiscoveryNamespaceID:
    Value: !GetAtt ServiceDiscoveryNamespace.Id
    Export:
      Name: !Sub ${AWS::StackName}-ServiceDiscoveryNamespaceID
  EnvironmentSecurityGroup:
    Value: !Ref EnvironmentSecurityGroup
    Export:
      Name: !Sub ${AWS::StackName}-EnvironmentSecurityGroup
  PublicLoadBalancerDNSName:
    Condition: CreateALB
    Value: !GetAtt PublicLoadBalancer.DNSName
    Export:
      Name: !Sub ${AWS::StackName}-PublicLoadBalancerDNS
  PublicLoadBalancerFullName:
    Condition: CreateALB
    Value: !GetAtt PublicLoadBalancer.LoadBalancerFullName
    Export:
      Name: !Sub ${AWS::StackName}-PublicLoadBalancerFullName
  PublicLoadBalancerHostedZone:
    Condition: CreateALB
    Value: !GetAtt PublicLoadBalancer.CanonicalHostedZoneID
    Export:
      Name: !Sub ${AWS::StackName}-CanonicalHostedZoneID
  HTTPListenerArn:
    Condition: CreateALB
    Value: !Ref HTTPListener
    Export:
      Name: !Sub ${AWS::StackName}-HTTPListenerArn
  HTTPSListenerArn:
    Condition: ExportHTTPSListener
    Value: !Ref HTTPSListener
    Export:
      Name: !Sub ${AWS::StackName}-HTTPSListenerArn
  DefaultHTTPTargetGroupArn:
    Condition: CreateALB
    Value: !Ref DefaultHTTPTargetGroup
    Export:
      Name: !Sub ${AWS::StackName}-DefaultHTTPTargetGroup
  InternalLoadBalancerDNSName:
    Condition: CreateInternalALB
    Value: !GetAtt InternalLoadBalancer.DNSName
    Export:
      Name: !Sub ${AWS::StackName}-InternalLoadBalancerDNS
  InternalLoadBalancerFullName:
    Condition: CreateInternalALB
    Value: !GetAtt InternalLoadBalancer.LoadBalancerFullName
    Export:
      Name: !Sub ${AWS::StackName}-InternalLoadBalancerFullName
  InternalLoadBalancerHostedZone:
    Condition: CreateInternalALB
    Value: !GetAtt InternalLoadBalancer.CanonicalHostedZoneID
    Export:
      Name: !Sub ${AWS::StackName}-InternalLoadBalancerCanonicalHostedZoneID
  InternalWorkloadsHostedZone:
    Condition: CreateInternalALB
    Value: !Ref InternalWorkloadsHostedZone
    Export:
      Name: !Sub ${AWS::StackName}-InternalWorkloadsHostedZoneID
  InternalWorkloadsHostedZoneName:
    Condition: CreateInternalALB
    Value: !Sub ${EnvironmentName}.${AppName}.internal
    Export:
      Name: !Sub ${AWS::StackName}-InternalWorkloadsHostedZoneName
  InternalHTTPListenerArn:
    Condition: CreateInternalALB
    Value: !Ref InternalHTTPListener
    Export:
      Name: !Sub ${AWS::StackName}-InternalHTTPListenerArn
  InternalHTTPSListenerArn:
    Condition: ExportInternalHTTPSListener
    Value: !Ref InternalHTTPSListener
    Export:
      Name: !Sub ${AWS::StackName}-InternalHTTPSListenerArn
  InternalLoadBalancerSecurityGroup:
    Condition: CreateInternalALB
    Value: !Ref InternalLoadBalancerSecurityGroup
    Export:
      Name: !Sub ${AWS::StackName}-InternalLoadBalancerSecurityGroup
  ClusterId:
    Value: !Ref Cluster
    Export:
      Name: !Sub ${AWS::StackName}-ClusterId
  EnvironmentManagerRoleARN:
    Value: !GetAtt EnvironmentManagerRole.Arn
    Description: The role to be assumed by the ecs-cli to manage environments.
    Export:
      Name: !Sub ${AWS::StackName}-EnvironmentManagerRoleARN
  CFNExecutionRoleARN:
    Value: !GetAtt CloudformationExecutionRole.Arn
    Description: The role to be assumed by the Cloudformation service when it deploys application infrastructure.
    Export:
      Name: !Sub ${AWS::StackName}-CFNExecutionRoleARN
  EnvironmentHostedZone:
    Condition: DelegateDNS
    Value: !Ref EnvironmentHostedZone
    Description: The HostedZone for this environment's private DNS.
    Export:
      Name: !Sub ${AWS::StackName}-HostedZone
  EnvironmentSubdomain:
    Condition: DelegateDNS
    Value: !Sub ${EnvironmentName}.${AppName}.${AppDNSName}
    Description: The domain name of this environment.
    Export:
      Name: !Sub ${AWS::StackName}-SubDomain
  EnabledFeatures:
    Value: !Sub '${ALBWorkloads},${InternalALBWorkloads},${EFSWorkloads},${NATWorkloads},${Aliases},${AppRunnerPrivateWorkloads}'
    Description: Required output to force the stack to update if mutating feature params, like ALBWorkloads, does not change the template.
  ManagedFileSystemID:
    Condition: CreateEFS
    Value: !Ref FileSystem
    Description: The ID of the Copilot-managed EFS filesystem.
    Export:
      Name: !Sub ${AWS::StackName}-FilesystemID
  PublicALBAccessible:
    Condition: CreateALB
    Value: true
  LastForceDeployID:
    Value: "cdb2bccb-136d-4d14-ae90-ad7377cf464e"
    Description: Optionally force the template to update when no immediate resource change is present.
  AppRunnerVpcEndpointId:
    Condition: CreateAppRunnerVPCEndpoint
    Value: !Ref AppRunnerVpcEndpoint
    Description: VPC Endpoint to App Runner for private services
    Export:
      Name: !Sub ${AWS::StackName}-AppRunnerVpcEndpointId

See more here and here!

How can I refer/specify VPC from AWS copilot addon file?

1 Answers1