Custom
The Custom Resource Emulator allows you to use AWS CloudFormation Custom Resources directly in your Pulumi programs. It provides a way to invoke AWS Lambda functions that implement custom provisioning logic following the CloudFormation Custom Resource protocol.
Note: Currently, only Lambda-backed Custom Resources are supported. SNS-backed Custom Resources are not supported at this time.
Example Usage
import * as aws from "@pulumi/aws-native";
const bucket = new aws.s3.Bucket('custom-resource-emulator');
// Create a Custom Resource that invokes a Lambda function
const cr = new aws.cloudformation.CustomResourceEmulator('cr', {
bucketName: bucket.id,
bucketKeyPrefix: 'custom-resource-emulator',
customResourceProperties: {
hello: "world"
},
serviceToken: "arn:aws:lambda:us-west-2:123456789012:function:my-custom-resource",
resourceType: 'Custom::MyResource',
}, { customTimeouts: { create: '5m', update: '5m', delete: '5m' } });
// Access the response data
export const customResourceData = customResource.data;A full example of creating a CloudFormation Custom Resource Lambda function and using it in Pulumi can be found here.
About CloudFormation Custom Resources
CloudFormation Custom Resources allow you to write custom provisioning logic for resources that aren't directly available as AWS CloudFormation resource types. Common use cases include:
Implementing complex provisioning logic
Performing custom validations or transformations
Integrating with third-party services
Implementing organization-specific infrastructure patterns For more information about CloudFormation Custom Resources, see Custom Resources in the AWS CloudFormation User Guide.
Permissions
The IAM principal used by your Pulumi program must have the following permissions:
lambda:InvokeFunctionon the Lambda function specified inserviceTokenS3 permissions on the bucket specified in
bucketName:s3:PutObjects3:GetObjects3:HeadObject
Lambda Function Requirements
The Lambda function specified in serviceToken must implement the CloudFormation Custom Resource lifecycle. For detailed information about implementing Lambda-backed Custom Resources, see AWS Lambda-backed Custom Resources in the AWS CloudFormation User Guide.
Timeouts
Custom Resources have a default timeout of 60 minutes, matching the CloudFormation timeout for custom resource operations. You can customize it using the customTimeouts resource option.
Properties
The prefix to use for the bucket key when storing the response from the Custom Resource provider.
The name of the S3 bucket to use for storing the response from the Custom Resource. The IAM principal configured for the provider must have s3:PutObject, s3:HeadObject and s3:GetObject permissions on this bucket.
The properties to pass as an input to the Custom Resource. The properties are passed as a map of key-value pairs whereas all primitive values (number, boolean) are converted to strings for CloudFormation interoperability.
The CloudFormation type of the Custom Resource. For example, Custom::MyCustomResource. This is required for CloudFormation interoperability.
The service token to use for the Custom Resource. The service token is invoked when the resource is created, updated, or deleted. This can be a Lambda Function ARN with optional version or alias identifiers. The IAM principal configured for the provider must have lambda:InvokeFunction permissions on this service token.