CloudFormation Parameters Reference
Complete technical reference for CloudFormation template parameters and deployment configuration
CloudFormation Parameters Reference
Complete technical reference for all parameters in the Ohlala SmartOps CloudFormation template (ohlala-smartops-ecs-deployment.yaml).
This is a technical reference. For step-by-step deployment instructions, see the Getting Started Guide.
📋 Parameter Overview
The template supports two deployment modes:
- NewVPC: Creates complete network infrastructure (recommended)
- ExistingVPC: Integrates with your existing VPC
🔑 Required Parameters
Deployment Configuration
DeploymentMode
- Type: String
- Default:
NewVPC - Allowed Values:
NewVPC,ExistingVPC - Description: Choose to create a new VPC or use existing VPC infrastructure
ContainerImageTag
- Type: String
- Default:
v1.0.0 - Description: Container image tag version (e.g., v1.0.0, v1.1.0)
- Example:
v1.0.0
Microsoft Teams Configuration
MicrosoftAppId
- Type: String
- Description: Microsoft Teams Bot App ID
- Format: GUID format
- Example:
12345678-90ab-cdef-1234-567890abcdef - Where to find: Azure Portal → Bot Resource → Configuration
- NoEcho: false
MicrosoftAppPassword
- Type: String
- Description: Microsoft Teams Bot App Password
- Format: String with special characters
- Example:
abcDEF123~hijKLM456-nopQRS789.tuvWXY012 - Where to find: Created during bot registration (save immediately!)
- NoEcho: true (hidden in console)
MicrosoftAppTenantId
- Type: String
- Description: Microsoft Teams Tenant ID
- Format: GUID format
- Example:
87654321-abcd-efgh-4321-0987654321fe - Where to find: Azure Portal → Azure Active Directory → Overview
- NoEcho: false
🏗️ Existing VPC Parameters
These parameters are required only when DeploymentMode: ExistingVPC:
ExistingVPCId
- Type: String
- Default:
""(empty) - Description: ID of existing VPC (e.g., vpc-12345678)
- Pattern:
^(vpc-[0-9a-f]{8,17})?$ - Example:
vpc-0123456789abcdef0 - Constraint: Must be a valid VPC ID or empty for NewVPC mode
ExistingPrivateSubnet1Id
- Type: String
- Default:
""(empty) - Description: ID of first private subnet (e.g., subnet-12345678)
- Pattern:
^(subnet-[0-9a-f]{8,17})?$ - Example:
subnet-0123456789abcdef0 - Requirement: Must be in different AZ from ExistingPrivateSubnet2Id
ExistingPrivateSubnet2Id
- Type: String
- Default:
""(empty) - Description: ID of second private subnet in different AZ (e.g., subnet-87654321)
- Pattern:
^(subnet-[0-9a-f]{8,17})?$ - Example:
subnet-0fedcba9876543210 - Requirement: Must be in different AZ from ExistingPrivateSubnet1Id
ExistingPublicSubnet1Id
- Type: String
- Default:
""(empty) - Description: ID of first public subnet (e.g., subnet-abcd1234)
- Pattern:
^(subnet-[0-9a-f]{8,17})?$ - Example:
subnet-0abcd1234efgh5678 - Requirement: Must be in different AZ from ExistingPublicSubnet2Id
ExistingPublicSubnet2Id
- Type: String
- Default:
""(empty) - Description: ID of second public subnet in different AZ (e.g., subnet-dcba4321)
- Pattern:
^(subnet-[0-9a-f]{8,17})?$ - Example:
subnet-0dcba4321hgfe8765 - Requirement: Must be in different AZ from ExistingPublicSubnet1Id
🌐 NewVPC Network Configuration
These parameters are optional and only used when DeploymentMode: NewVPC:
VPCCIDR
- Type: String
- Default:
10.0.0.0/16 - Description: CIDR block for the VPC
- Pattern: Valid IP CIDR range (x.x.x.x/x)
- Example:
10.0.0.0/16
PublicSubnet1CIDR
- Type: String
- Default:
10.0.1.0/24 - Description: CIDR block for public subnet 1
- Pattern: Valid IP CIDR range (x.x.x.x/x)
- Example:
10.0.1.0/24
PublicSubnet2CIDR
- Type: String
- Default:
10.0.2.0/24 - Description: CIDR block for public subnet 2
- Pattern: Valid IP CIDR range (x.x.x.x/x)
- Example:
10.0.2.0/24
PrivateSubnet1CIDR
- Type: String
- Default:
10.0.10.0/24 - Description: CIDR block for private subnet 1
- Pattern: Valid IP CIDR range (x.x.x.x/x)
- Example:
10.0.10.0/24
PrivateSubnet2CIDR
- Type: String
- Default:
10.0.11.0/24 - Description: CIDR block for private subnet 2
- Pattern: Valid IP CIDR range (x.x.x.x/x)
- Example:
10.0.11.0/24
EnableNATGateway
- Type: String
- Default:
"true" - Allowed Values:
"true","false" - Description: Enable NAT Gateway for private subnets
- Cost Impact: NAT Gateway adds ~$32/month
- Recommendation: Set to
"false"for cost savings if outbound internet not needed
📤 Stack Outputs
The template provides these outputs after successful deployment:
APIGatewayEndpoint
- Description: API Gateway endpoint URL
- Format:
https://{ApiGateway}.execute-api.{Region}.amazonaws.com/prod-{StackName} - Usage: Base URL for API access
TeamsWebhookURL
- Description: URL to configure in Microsoft Teams Bot Framework
- Format:
https://{ApiGateway}.execute-api.{Region}.amazonaws.com/prod-{StackName}/api/messages - Usage: Set this as the messaging endpoint in Azure Bot Configuration
ECSCluster
- Description: ECS Cluster Name
- Format:
OhlalaSmartOps-Cluster-{StackName} - Usage: For monitoring and management
ECSService
- Description: ECS Service Name
- Format:
OhlalaSmartOps-Service-{StackName} - Usage: For monitoring and scaling
VPCId
- Description: VPC ID (created or existing)
- Format:
vpc-xxxxxxxxx - Usage: For reference and additional resource creation
🚀 Deployment Examples
Simple NewVPC Deployment
Parameters:
DeploymentMode: NewVPC
ContainerImageTag: v1.0.0
MicrosoftAppId: "12345678-90ab-cdef-1234-567890abcdef"
MicrosoftAppPassword: "your-secret-password"
MicrosoftAppTenantId: "87654321-abcd-efgh-4321-0987654321fe"
EnableNATGateway: "false" # Cost optimization
Custom NewVPC with Different CIDR
Parameters:
DeploymentMode: NewVPC
VPCCIDR: "172.16.0.0/16"
PublicSubnet1CIDR: "172.16.1.0/24"
PublicSubnet2CIDR: "172.16.2.0/24"
PrivateSubnet1CIDR: "172.16.10.0/24"
PrivateSubnet2CIDR: "172.16.11.0/24"
EnableNATGateway: "true"
# ... Teams parameters
ExistingVPC Deployment
Parameters:
DeploymentMode: ExistingVPC
ExistingVPCId: "vpc-0123456789abcdef0"
ExistingPrivateSubnet1Id: "subnet-0123456789abcdef0"
ExistingPrivateSubnet2Id: "subnet-0fedcba9876543210"
ExistingPublicSubnet1Id: "subnet-0abcd1234efgh5678"
ExistingPublicSubnet2Id: "subnet-0dcba4321hgfe8765"
# ... Teams parameters
🔍 Parameter Validation
The template includes validation rules:
Pattern Validation
- VPC IDs: Must match
vpc-followed by 8-17 hex characters - Subnet IDs: Must match
subnet-followed by 8-17 hex characters - CIDR Blocks: Must be valid IP CIDR format
Logical Validation
- ExistingVPC mode requires all four subnet IDs
- Subnets must be in at least 2 different availability zones
- CIDR blocks must not overlap
Cross-Parameter Rules
- If
DeploymentMode: ExistingVPC, all existing VPC parameters are required - If
DeploymentMode: NewVPC, existing VPC parameters are ignored
💰 Cost Impact by Parameter
| Parameter | Cost Impact | Notes |
|---|---|---|
EnableNATGateway: "true" |
+$32/month | Only for NewVPC mode |
EnableNATGateway: "false" |
$0 | Saves money but no outbound internet |
DeploymentMode: ExistingVPC |
$0 | Uses existing network infrastructure |
ContainerImageTag |
$0 | No cost difference between versions |
🚨 Common Parameter Errors
Missing Required Parameters
Template validation error: Parameter 'MicrosoftAppId' must have a value
Solution: Provide all required Teams configuration parameters
Invalid VPC ID Format
Parameter validation failed: vpc-invalid does not match pattern
Solution: Use correct format: vpc- + 8-17 hex characters
Subnet AZ Requirements Not Met
The subnet IDs must be in at least two different availability zones
Solution: Choose subnets from different AZs in your region
ExistingVPC Missing Parameters
When using ExistingVPC mode, you must provide all subnet IDs
Solution: Provide all four subnet parameters for ExistingVPC mode
📚 Additional Resources
- Getting Started Guide - Step-by-step deployment
- AWS CloudFormation User Guide ↗️
- VPC Configuration Best Practices ↗️