This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::MWAA::Environment
The AWS::MWAA::Environment resource creates an Amazon Managed Workflows for Apache Airflow (MWAA) environment. 
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::MWAA::Environment", "Properties" : { "AirflowConfigurationOptions" :Json, "AirflowVersion" :String, "DagS3Path" :String, "EndpointManagement" :String, "EnvironmentClass" :String, "ExecutionRoleArn" :String, "KmsKey" :String, "LoggingConfiguration" :LoggingConfiguration, "MaxWebservers" :Integer, "MaxWorkers" :Integer, "MinWebservers" :Integer, "MinWorkers" :Integer, "Name" :String, "NetworkConfiguration" :NetworkConfiguration, "PluginsS3ObjectVersion" :String, "PluginsS3Path" :String, "RequirementsS3ObjectVersion" :String, "RequirementsS3Path" :String, "Schedulers" :Integer, "SourceBucketArn" :String, "StartupScriptS3ObjectVersion" :String, "StartupScriptS3Path" :String, "Tags" :[, "WebserverAccessMode" :Tag, ... ]String, "WeeklyMaintenanceWindowStart" :String, "WorkerReplacementStrategy" :String} }
YAML
Type: AWS::MWAA::Environment Properties: AirflowConfigurationOptions:JsonAirflowVersion:StringDagS3Path:StringEndpointManagement:StringEnvironmentClass:StringExecutionRoleArn:StringKmsKey:StringLoggingConfiguration:LoggingConfigurationMaxWebservers:IntegerMaxWorkers:IntegerMinWebservers:IntegerMinWorkers:IntegerName:StringNetworkConfiguration:NetworkConfigurationPluginsS3ObjectVersion:StringPluginsS3Path:StringRequirementsS3ObjectVersion:StringRequirementsS3Path:StringSchedulers:IntegerSourceBucketArn:StringStartupScriptS3ObjectVersion:StringStartupScriptS3Path:StringTags:-WebserverAccessMode:TagStringWeeklyMaintenanceWindowStart:StringWorkerReplacementStrategy:String
Properties
- AirflowConfigurationOptions
- 
                    A list of key-value pairs containing the Airflow configuration options for your environment. For example, core.default_timezone: utc. To learn more, see Apache Airflow configuration options.Required: No Type: Json Update requires: Some interruptions 
- AirflowVersion
- 
                    The version of Apache Airflow to use for the environment. If no value is specified, defaults to the latest version. If you specify a newer version number for an existing environment, the version update requires some service interruption before taking effect. Allowed Values: 2.7.2|2.8.1|2.9.2|2.10.1|2.10.3|3.0.6(latest)Required: No Type: String Pattern: ^[0-9a-z.]+$Maximum: 32Update requires: Replacement 
- DagS3Path
- 
                    The relative path to the DAGs folder on your Amazon S3 bucket. For example, dags. To learn more, see Adding or updating DAGs.Required: No Type: String Pattern: .*Maximum: 1024Update requires: Some interruptions 
- EndpointManagement
- 
                    Defines whether the VPC endpoints configured for the environment are created, and managed, by the customer or by Amazon MWAA. If set to SERVICE, Amazon MWAA will create and manage the required VPC endpoints in your VPC. If set toCUSTOMER, you must create, and manage, the VPC endpoints in your VPC.Required: No Type: String Allowed values: CUSTOMER | SERVICEUpdate requires: Replacement 
- EnvironmentClass
- 
                    The environment class type. Valid values: mw1.micro,mw1.small,mw1.medium,mw1.large,mw1.1large, andmw1.2large. To learn more, see Amazon MWAA environment class.Required: No Type: String Minimum: 1Maximum: 1024Update requires: Some interruptions 
- ExecutionRoleArn
- 
                    The Amazon Resource Name (ARN) of the execution role in IAM that allows MWAA to access AWS resources in your environment. For example, arn:aws:iam::123456789:role/my-execution-role. To learn more, see Amazon MWAA Execution role.Required: No Type: String Pattern: ^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b)(-[a-z]+)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+$Maximum: 1224Update requires: Some interruptions 
- KmsKey
- 
                    The AWS Key Management Service (KMS) key to encrypt and decrypt the data in your environment. You can use an AWS KMS key managed by MWAA, or a customer-managed KMS key (advanced). Required: No Type: String Pattern: ^(((arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b)(-[a-z]+)?:kms:[a-z]{2}-[a-z]+-\d:\d+:)?key\/)?[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|(arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):kms:[a-z]{2}-[a-z]+-\d:\d+:)?alias/.+)$Maximum: 1224Update requires: Replacement 
- LoggingConfiguration
- 
                    The Apache Airflow logs being sent to CloudWatch Logs: DagProcessingLogs,SchedulerLogs,TaskLogs,WebserverLogs,WorkerLogs.Required: No Type: LoggingConfiguration Update requires: Some interruptions 
- MaxWebservers
- 
                    The maximum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebserverswhen you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. For example, in scenarios where your workload requires network calls to the Apache Airflow REST API with a high transaction-per-second (TPS) rate, Amazon MWAA will increase the number of web servers up to the number set inMaxWebserers. As TPS rates decrease Amazon MWAA disposes of the additional web servers, and scales down to the number set inMinxWebserers.Valid values: For environments larger than mw1.micro, accepts values from 2to5. Defaults to2for all environment sizes except mw1.micro, which defaults to1.Required: No Type: Integer Minimum: 1Update requires: No interruption 
- MaxWorkers
- 
                    The maximum number of workers that you want to run in your environment. MWAA scales the number of Apache Airflow workers up to the number you specify in the MaxWorkersfield. For example,20. When there are no more tasks running, and no more in the queue, MWAA disposes of the extra workers leaving the one worker that is included with your environment, or the number you specify inMinWorkers.Required: No Type: Integer Minimum: 1Update requires: Some interruptions 
- MinWebservers
- 
                    The minimum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebserverswhen you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. As the transaction-per-second rate, and the network load, decrease, Amazon MWAA disposes of the additional web servers, and scales down to the number set inMinxWebserers.Valid values: For environments larger than mw1.micro, accepts values from 2to5. Defaults to2for all environment sizes except mw1.micro, which defaults to1.Required: No Type: Integer Minimum: 1Update requires: No interruption 
- MinWorkers
- 
                    The minimum number of workers that you want to run in your environment. MWAA scales the number of Apache Airflow workers up to the number you specify in the MaxWorkersfield. When there are no more tasks running, and no more in the queue, MWAA disposes of the extra workers leaving the worker count you specify in theMinWorkersfield. For example,2.Required: No Type: Integer Minimum: 1Update requires: Some interruptions 
- Name
- 
                    The name of your Amazon MWAA environment. Required: Yes Type: String Pattern: ^[a-zA-Z][0-9a-zA-Z\-_]*$Minimum: 1Maximum: 80Update requires: Replacement 
- NetworkConfiguration
- 
                    The VPC networking components used to secure and enable network traffic between the AWS resources for your environment. To learn more, see About networking on Amazon MWAA. Required: No Type: NetworkConfiguration Update requires: Replacement 
- PluginsS3ObjectVersion
- 
                    The version of the plugins.zip file on your Amazon S3 bucket. To learn more, see Installing custom plugins. Required: No Type: String Maximum: 1024Update requires: Some interruptions 
- PluginsS3Path
- 
                    The relative path to the plugins.zipfile on your Amazon S3 bucket. For example,plugins.zip. To learn more, see Installing custom plugins.Required: No Type: String Pattern: .*Maximum: 1024Update requires: Some interruptions 
- RequirementsS3ObjectVersion
- 
                    The version of the requirements.txt file on your Amazon S3 bucket. To learn more, see Installing Python dependencies. Required: No Type: String Maximum: 1024Update requires: Some interruptions 
- RequirementsS3Path
- 
                    The relative path to the requirements.txtfile on your Amazon S3 bucket. For example,requirements.txt. To learn more, see Installing Python dependencies.Required: No Type: String Pattern: .*Maximum: 1024Update requires: Some interruptions 
- Schedulers
- 
                    The number of schedulers that you want to run in your environment. Valid values: - 
                            v2 - For environments larger than mw1.micro, accepts values from 2 to 5. Defaults to 2 for all environment sizes except mw1.micro, which defaults to 1. 
- 
                            v1 - Accepts 1. 
 Required: No Type: Integer Minimum: 1Update requires: Some interruptions 
- 
                            
- SourceBucketArn
- 
                    The Amazon Resource Name (ARN) of the Amazon S3 bucket where your DAG code and supporting files are stored. For example, arn:aws:s3:::my-airflow-bucket-unique-name. To learn more, see Create an Amazon S3 bucket for Amazon MWAA.Required: No Type: String Pattern: ^arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b)(-[a-z]+)?:s3:::[a-z0-9.\-]+$Minimum: 1Maximum: 1224Update requires: Some interruptions 
- StartupScriptS3ObjectVersion
- 
                    The version of the startup shell script in your Amazon S3 bucket. You must specify the version ID that Amazon S3 assigns to the file every time you update the script. Version IDs are Unicode, UTF-8 encoded, URL-ready, opaque strings that are no more than 1,024 bytes long. The following is an example: 3sL4kqtJlcpXroDTDmJ+rmSpXd3dIbrHY+MTRCxf3vjVBH40Nr8X8gdRQBpUMLUoFor more information, see Using a startup script. Required: No Type: String Maximum: 1024Update requires: Some interruptions 
- StartupScriptS3Path
- 
                    The relative path to the startup shell script in your Amazon S3 bucket. For example, s3://mwaa-environment/startup.sh.Amazon MWAA runs the script as your environment starts, and before running the Apache Airflow process. You can use this script to install dependencies, modify Apache Airflow configuration options, and set environment variables. For more information, see Using a startup script. Required: No Type: String Pattern: .*Maximum: 1024Update requires: Some interruptions 
- 
                    The key-value tag pairs associated to your environment. For example, "Environment": "Staging". To learn more, see Tagging.If you specify new tags for an existing environment, the update requires service interruption before taking effect. Required: No Type: Array of TagUpdate requires: Some interruptions 
- WebserverAccessMode
- 
                    The Apache Airflow Web server access mode. To learn more, see Apache Airflow access modes. Valid values: PRIVATE_ONLYorPUBLIC_ONLY.Required: No Type: String Allowed values: PRIVATE_ONLY | PUBLIC_ONLYUpdate requires: Some interruptions 
- WeeklyMaintenanceWindowStart
- 
                    The day and time of the week to start weekly maintenance updates of your environment in the following format: DAY:HH:MM. For example:TUE:03:30. You can specify a start time in 30 minute increments only. Supported input includes the following:- 
                            MON|TUE|WED|THU|FRI|SAT|SUN:([01]\\d|2[0-3]):(00|30) 
 Required: No Type: String Pattern: (MON|TUE|WED|THU|FRI|SAT|SUN):([01]\d|2[0-3]):(00|30)Maximum: 9Update requires: Some interruptions 
- 
                            
- WorkerReplacementStrategy
- Property description not available. - Required: No - Type: String - Allowed values: - FORCED | GRACEFUL- Update requires: No interruption 
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the environment details.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
- Arn
- 
                            The ARN for the Amazon MWAA environment. 
- CeleryExecutorQueue
- 
                            The queue ARN for the environment's Celery Executor . Amazon MWAA uses a Celery Executor to distribute tasks across multiple workers. When you create an environment in a shared VPC, you must provide access to the Celery Executor queue from your VPC. 
- DatabaseVpcEndpointService
- 
                            The VPC endpoint for the environment's Amazon RDS database. 
- LoggingConfiguration.DagProcessingLogs.CloudWatchLogGroupArn
- 
                            The ARN for the CloudWatch Logs group where the Apache Airflow DAG processing logs are published. 
- LoggingConfiguration.SchedulerLogs.CloudWatchLogGroupArn
- 
                            The ARN for the CloudWatch Logs group where the Apache Airflow Scheduler logs are published. 
- LoggingConfiguration.TaskLogs.CloudWatchLogGroupArn
- 
                            The ARN for the CloudWatch Logs group where the Apache Airflow task logs are published. 
- LoggingConfiguration.WebserverLogs.CloudWatchLogGroupArn
- 
                            The ARN for the CloudWatch Logs group where the Apache Airflow Web server logs are published. 
- LoggingConfiguration.WorkerLogs.CloudWatchLogGroupArn
- 
                            The ARN for the CloudWatch Logs group where the Apache Airflow Worker logs are published. 
- WebserverUrl
- 
                            The URL of your Apache Airflow UI. 
- WebserverVpcEndpointService
- 
                            The VPC endpoint for the environment's web server. 
Examples
Create a MWAA environment - JSON
The following example shows how to create a MWAA environment:
JSON
{ "Environment": { "Type": "AWS::MWAA::Environment", "Properties": { "Name": "my-airflow-environment", "AirflowConfigurationOptions": { "logging.logging_level": "INFO", "core.default_timezone": "utc" }, "Tags": { "Environment": "Staging", "Team": "Analytics" }, "NetworkConfiguration": { "SubnetIds": [ "subnet-123456", "subnet-789011" ], "SecurityGroupIds": [ "sg-0101010" ] }, "LoggingConfiguration": { "DagProcessingLogs": { "Enabled": true, "LogLevel": "INFO" }, "SchedulerLogs": { "Enabled": false, "LogLevel": "INFO" }, "TaskLogs": { "Enabled": true, "LogLevel": "INFO" }, "WebserverLogs": { "Enabled": false, "LogLevel": "INFO" }, "WorkerLogs": { "Enabled": false, "LogLevel": "INFO" } }, "SourceBucketArn": "arn:aws:s3:::my-dags-bucket", "ExecutionRoleArn": "arn:aws:iam::012345678900:role/service-role/my-execution-role", "MaxWorkers": 1, "DagS3Path": "dags", "EnvironmentClass": "mw1.small" } } }
Create a MWAA environment - YAML
The following example shows how to create a MWAA environment:
YAML
Environment: Properties: AirflowConfigurationOptions: core.default_timezone: utc logging.logging_level: INFO DagS3Path: dags EnvironmentClass: mw1.small ExecutionRoleArn: "arn:aws:iam::012345678900:role/service-role/my-execution-role" LoggingConfiguration: DagProcessingLogs: Enabled: true LogLevel: INFO SchedulerLogs: Enabled: false LogLevel: INFO TaskLogs: Enabled: true LogLevel: INFO WebserverLogs: Enabled: false LogLevel: INFO WorkerLogs: Enabled: false LogLevel: INFO MaxWorkers: 1 Name: my-airflow-environment NetworkConfiguration: SecurityGroupIds: - sg-0101010 SubnetIds: - subnet-123456 - subnet-789011 SourceBucketArn: "arn:aws:s3:::my-dags-bucket" Tags: Environment: Staging Team: Analytics Type: "AWS::MWAA::Environment"