This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::MWAAServerless::Workflow
Creates a new workflow in Amazon Managed Workflows for Apache Airflow Serverless. This operation initializes a workflow with the specified configuration including the workflow definition, execution role, and optional settings for encryption, logging, and networking. You must provide the workflow definition as a YAML file stored in Amazon S3 that defines the DAG structure using supported AWS operators. Amazon Managed Workflows for Apache Airflow Serverless automatically creates the first version of the workflow and sets up the necessary execution environment with multi-tenant isolation and security controls.
Syntax
To declare this entity in your CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::MWAAServerless::Workflow", "Properties" : { "DefinitionS3Location" :S3Location, "Description" :String, "EncryptionConfiguration" :EncryptionConfiguration, "LoggingConfiguration" :LoggingConfiguration, "Name" :String, "NetworkConfiguration" :NetworkConfiguration, "RoleArn" :String, "Tags" :{, "TriggerMode" :Key:Value, ...}String} }
YAML
Type: AWS::MWAAServerless::Workflow Properties: DefinitionS3Location:S3LocationDescription:StringEncryptionConfiguration:EncryptionConfigurationLoggingConfiguration:LoggingConfigurationName:StringNetworkConfiguration:NetworkConfigurationRoleArn:StringTags:TriggerMode:Key:ValueString
Properties
DefinitionS3Location-
The Amazon S3 location of the workflow definition file for this version.
Required: Yes
Type: S3Location
Update requires: No interruption
Description-
The description of the workflow.
Required: No
Type: String
Pattern:
^.+$Minimum:
1Maximum:
1024Update requires: No interruption
EncryptionConfiguration-
The configuration for encrypting workflow data at rest and in transit. Specifies the encryption type and optional KMS key for customer-managed encryption.
Required: No
Type: EncryptionConfiguration
Update requires: Replacement
LoggingConfiguration-
The configuration for workflow logging. Specifies the CloudWatch log group where workflow execution logs are stored. Amazon Managed Workflows for Apache Airflow Serverless automatically exports worker logs and task-level information to the specified log group in your account using remote logging functionality. This provides comprehensive observability for debugging and monitoring workflow execution across the distributed, serverless environment.
Required: No
Type: LoggingConfiguration
Update requires: No interruption
Name-
The name of the workflow.
Required: No
Type: String
Pattern:
^[a-zA-Z0-9]+[a-zA-Z0-9\.\-_]*$Minimum:
1Maximum:
255Update requires: Replacement
NetworkConfiguration-
Network configuration for the workflow execution environment, including VPC security groups and subnets for secure network access. When specified, Amazon Managed Workflows for Apache Airflow Serverless deploys ECS worker tasks in your customer VPC to provide secure connectivity to your resources. If not specified, tasks run in the service's default worker VPC with network isolation from other customers. This configuration enables secure access to VPC-only resources like RDS databases or private endpoints.
Required: No
Type: NetworkConfiguration
Update requires: No interruption
RoleArn-
The Amazon Resource Name (ARN) of the IAM role that Amazon Managed Workflows for Apache Airflow Serverless assumes when executing the workflow. This role must have the necessary permissions to access the required AWS services and resources that your workflow tasks will interact with. The role is used for task execution in the isolated, multi-tenant environment and should follow the principle of least privilege. Amazon Managed Workflows for Apache Airflow Serverless validates role access during workflow creation but runtime permission checks are performed by the target services.
Required: Yes
Type: String
Pattern:
^arn:aws(?:-(?:cn|us-gov|iso|iso-b|iso-e|iso-f))?:iam::[0-9]{12}:role(/[a-zA-Z0-9+=,.@_-]{1,512})*?/[a-zA-Z0-9+=,.@_-]{1,64}$Minimum:
1Maximum:
2048Update requires: No interruption
-
A map of tags to assign to the workflow resource. Tags are key-value pairs that are used for resource organization and cost allocation.
Required: No
Type: Object of String
Pattern:
^[\w\d+\-\.\:/@]{1,128}$Minimum:
0Maximum:
256Update requires: No interruption
TriggerMode-
The trigger mode for the workflow execution.
Required: No
Type: String
Minimum:
1Maximum:
255Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the workflow ARN.
For more information about using the Ref function, see Ref.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
CreatedAt-
The timestamp when the workflow was created, in ISO 8601 date-time format.
ModifiedAt-
The timestamp when the workflow was last modified, in ISO 8601 date-time format.
WorkflowArn-
The Amazon Resource Name (ARN) of the workflow.
WorkflowStatus-
The current status of the workflow.
WorkflowVersion-
The version identifier of the workflow.
