The Custom::AMI resource is a lookup resource which returns the AMI id.
To obtain the AMI id in your AWS CloudFormation template, use the following syntax:
Type : "Custom::AMI",
Properties:
Filters:
'<filter-key>': '<filter-value> | [ <filter-value> ... ]'
'<filter-key>': '<filter-value> | [ <filter-value> ... ]'
Owners:
- <owner>
- <owner>
ExecutableUsers:
- <user>
- <user>
ImageIds:
- <id>
- <id>
EnsureNumberOfKmsKeys: <integer>
ServiceToken: StringAfter creation, the AMI id is returned.
You can specify the following properties:
Filters- specifying the AMI you want the id of. See describe-images --filters. required.Owners- Filters the images by the owner (optional).ImageIds- Scopes the selection to one or more image IDs (optional).ExecutableUsers- Scopes the images by users with explicit launch permissions (optional).ServiceToken- ARN pointing to the lambda function implementing this resourceExpectedNumberOfKmsKeys- The number of KMS keys that you expect to be associated with the AMI.
The custom resource wraps the EC2 describe-images function.
Note that the Filters argument has been turned into an object, to avoid the tedious repetition. Instead of:
Filters:
- Name: name
Values:
- amzn-ami-2017.09.k-amazon-ecs-optimized
- Name: architecture
Values:
- x86_64you can simply write:
Filters:
name: amzn-ami-2017.09.k-amazon-ecs-optimized
architecture: x86_64If ExpectedNumberOfKmsKeys is specified than the resource will check that this number is actually in use.
Normally just one KMS key is used per image, but it is possible to have multiple snapshots each encrypted
with their own KMS key. To create KMS grants for the AMIs using the KMS grant
you can use this property to ensure you have made all the KMS grants required.
With 'Fn::GetAtt' the following values are available:
KmsKeyIds- array of lengthExpectedNumberOfKmsKeyswith KMS key ids associated with machine imageKmsKeyId- the first KMS key id, ifKmsKeyIdshas at least one.