environments
Creates, updates, deletes or gets an environment resource or lists environments in a region
Overview
| Name | environments |
| Type | Resource |
| Description | Resource schema for AWS::MWAA::Environment |
| Id | awscc.mwaa.environments |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
name | string | Customer-defined identifier for the environment, unique per customer region. |
arn | string | ARN for the MWAA environment. |
webserver_url | string | Url endpoint for the environment's Airflow UI. |
execution_role_arn | string | IAM role to be used by tasks. |
kms_key | string | The identifier of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use for MWAA data encryption.<br />You can specify the CMK using any of the following:<br />Key ID. For example, key/1234abcd-12ab-34cd-56ef-1234567890ab.<br />Key alias. For example, alias/ExampleAlias.<br />Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef.<br />Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.<br />AWS authenticates the CMK asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, the action can appear to complete, but eventually fails. |
airflow_version | string | Version of airflow to deploy to the environment. |
source_bucket_arn | string | ARN for the AWS S3 bucket to use as the source of DAGs and plugins for the environment. |
dag_s3_path | string | Represents an S3 prefix relative to the root of an S3 bucket. |
plugins_s3_object_version | string | Represents an version ID for an S3 object. |
airflow_configuration_options | object | Key/value pairs representing Airflow configuration variables.<br />Keys are prefixed by their section:<br />[core]<br />dags_folder={AIRFLOW_HOME}/dags<br />Would be represented as<br />"core.dags_folder": "{AIRFLOW_HOME}/dags" |
environment_class | string | Templated configuration for airflow processes and backing infrastructure. |
max_workers | integer | Maximum worker compute units. |
min_workers | integer | Minimum worker compute units. |
max_webservers | integer | Maximum webserver compute units. |
min_webservers | integer | Minimum webserver compute units. |
schedulers | integer | Scheduler compute units. |
network_configuration | object | Configures the network resources of the environment. |
logging_configuration | object | Logging configuration for the environment. |
weekly_maintenance_window_start | string | Start time for the weekly maintenance window. |
tags | object | A map of tags for the environment. |
webserver_access_mode | string | Choice for mode of webserver access including over public internet or via private VPC endpoint. |
endpoint_management | string | Defines whether the VPC endpoints configured for the environment are created, and managed, by the customer or by Amazon MWAA. |
celery_executor_queue | string | The celery executor queue associated with the environment. |
database_vpc_endpoint_service | string | The database VPC endpoint service name. |
webserver_vpc_endpoint_service | string | The webserver VPC endpoint service name, applicable if private webserver access mode selected. |
worker_replacement_strategy | string | The worker replacement strategy to use when updating the environment. Valid values: `FORCED`, `GRACEFUL`. FORCED means Apache Airflow workers will be stopped and replaced without waiting for tasks to complete before an update. GRACEFUL means Apache Airflow workers will be able to complete running tasks for up to 12 hours during an update before being stopped and replaced. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
name | string | Customer-defined identifier for the environment, unique per customer region. |
region | string | AWS region. |
For more information, see AWS::MWAA::Environment.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | environments | INSERT | Name, region |
delete_resource | environments | DELETE | Identifier, region |
update_resource | environments | UPDATE | Identifier, PatchDocument, region |
list_resources | environments_list_only | SELECT | region |
get_resource | environments | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual environment.
SELECT
region,
name,
arn,
webserver_url,
execution_role_arn,
kms_key,
airflow_version,
source_bucket_arn,
dag_s3_path,
plugins_s3_path,
plugins_s3_object_version,
requirements_s3_path,
requirements_s3_object_version,
startup_script_s3_path,
startup_script_s3_object_version,
airflow_configuration_options,
environment_class,
max_workers,
min_workers,
max_webservers,
min_webservers,
schedulers,
network_configuration,
logging_configuration,
weekly_maintenance_window_start,
tags,
webserver_access_mode,
endpoint_management,
celery_executor_queue,
database_vpc_endpoint_service,
webserver_vpc_endpoint_service,
worker_replacement_strategy
FROM awscc.mwaa.environments
WHERE
region = 'us-east-1' AND
Identifier = '{{ name }}';
Lists all environments in a region.
SELECT
region,
name
FROM awscc.mwaa.environments_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new environment resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.mwaa.environments (
Name,
region
)
SELECT
'{{ name }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.mwaa.environments (
Name,
ExecutionRoleArn,
KmsKey,
AirflowVersion,
SourceBucketArn,
DagS3Path,
PluginsS3Path,
PluginsS3ObjectVersion,
RequirementsS3Path,
RequirementsS3ObjectVersion,
StartupScriptS3Path,
StartupScriptS3ObjectVersion,
AirflowConfigurationOptions,
EnvironmentClass,
MaxWorkers,
MinWorkers,
MaxWebservers,
MinWebservers,
Schedulers,
NetworkConfiguration,
LoggingConfiguration,
WeeklyMaintenanceWindowStart,
Tags,
WebserverAccessMode,
EndpointManagement,
WorkerReplacementStrategy,
region
)
SELECT
'{{ name }}',
'{{ execution_role_arn }}',
'{{ kms_key }}',
'{{ airflow_version }}',
'{{ source_bucket_arn }}',
'{{ dag_s3_path }}',
'{{ plugins_s3_path }}',
'{{ plugins_s3_object_version }}',
'{{ requirements_s3_path }}',
'{{ requirements_s3_object_version }}',
'{{ startup_script_s3_path }}',
'{{ startup_script_s3_object_version }}',
'{{ airflow_configuration_options }}',
'{{ environment_class }}',
'{{ max_workers }}',
'{{ min_workers }}',
'{{ max_webservers }}',
'{{ min_webservers }}',
'{{ schedulers }}',
'{{ network_configuration }}',
'{{ logging_configuration }}',
'{{ weekly_maintenance_window_start }}',
'{{ tags }}',
'{{ webserver_access_mode }}',
'{{ endpoint_management }}',
'{{ worker_replacement_strategy }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: environment
props:
- name: name
value: '{{ name }}'
- name: execution_role_arn
value: '{{ execution_role_arn }}'
- name: kms_key
value: '{{ kms_key }}'
- name: airflow_version
value: '{{ airflow_version }}'
- name: source_bucket_arn
value: '{{ source_bucket_arn }}'
- name: dag_s3_path
value: '{{ dag_s3_path }}'
- name: plugins_s3_path
value: null
- name: plugins_s3_object_version
value: '{{ plugins_s3_object_version }}'
- name: requirements_s3_path
value: null
- name: requirements_s3_object_version
value: null
- name: startup_script_s3_path
value: null
- name: startup_script_s3_object_version
value: null
- name: airflow_configuration_options
value: {}
- name: environment_class
value: '{{ environment_class }}'
- name: max_workers
value: '{{ max_workers }}'
- name: min_workers
value: '{{ min_workers }}'
- name: max_webservers
value: '{{ max_webservers }}'
- name: min_webservers
value: '{{ min_webservers }}'
- name: schedulers
value: '{{ schedulers }}'
- name: network_configuration
value:
subnet_ids:
- '{{ subnet_ids[0] }}'
security_group_ids:
- '{{ security_group_ids[0] }}'
- name: logging_configuration
value:
dag_processing_logs:
enabled: '{{ enabled }}'
log_level: '{{ log_level }}'
cloud_watch_log_group_arn: '{{ cloud_watch_log_group_arn }}'
scheduler_logs: null
webserver_logs: null
worker_logs: null
task_logs: null
- name: weekly_maintenance_window_start
value: '{{ weekly_maintenance_window_start }}'
- name: tags
value: {}
- name: webserver_access_mode
value: '{{ webserver_access_mode }}'
- name: endpoint_management
value: '{{ endpoint_management }}'
- name: worker_replacement_strategy
value: '{{ worker_replacement_strategy }}'
UPDATE example
Use the following StackQL query and manifest file to update a environment resource, using stack-deploy.
/*+ update */
UPDATE awscc.mwaa.environments
SET PatchDocument = string('{{ {
"ExecutionRoleArn": execution_role_arn,
"AirflowVersion": airflow_version,
"SourceBucketArn": source_bucket_arn,
"DagS3Path": dag_s3_path,
"PluginsS3Path": plugins_s3_path,
"PluginsS3ObjectVersion": plugins_s3_object_version,
"RequirementsS3Path": requirements_s3_path,
"RequirementsS3ObjectVersion": requirements_s3_object_version,
"StartupScriptS3Path": startup_script_s3_path,
"StartupScriptS3ObjectVersion": startup_script_s3_object_version,
"AirflowConfigurationOptions": airflow_configuration_options,
"EnvironmentClass": environment_class,
"MaxWorkers": max_workers,
"MinWorkers": min_workers,
"MaxWebservers": max_webservers,
"MinWebservers": min_webservers,
"Schedulers": schedulers,
"WeeklyMaintenanceWindowStart": weekly_maintenance_window_start,
"Tags": tags,
"WebserverAccessMode": webserver_access_mode,
"WorkerReplacementStrategy": worker_replacement_strategy
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ name }}';
DELETE example
/*+ delete */
DELETE FROM awscc.mwaa.environments
WHERE
Identifier = '{{ name }}' AND
region = 'us-east-1';
Permissions
To operate on the environments resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
airflow:GetEnvironment,
airflow:CreateEnvironment,
airflow:TagResource,
airflow:UntagResource,
iam:PassRole,
iam:ListRoles,
iam:CreatePolicy,
iam:AttachRolePolicy,
iam:CreateRole,
iam:CreateServiceLinkedRole,
s3:GetBucketLocation,
s3:ListAllMyBuckets,
s3:ListBucket,
s3:ListBucketVersions,
s3:CreateBucket,
s3:PutObject,
s3:GetEncryptionConfiguration,
ec2:DescribeSecurityGroups,
ec2:DescribeSubnets,
ec2:DescribeVpcs,
ec2:DescribeRouteTables,
ec2:AuthorizeSecurityGroupIngress,
ec2:CreateSecurityGroup,
ec2:CreateVpcEndpoint,
ec2:CreateNetworkInterface,
kms:CreateGrant,
kms:DescribeKey,
kms:ListAliases
airflow:GetEnvironment
airflow:GetEnvironment,
airflow:UpdateEnvironment,
airflow:TagResource,
airflow:UntagResource,
iam:PassRole,
iam:ListRoles,
iam:AttachRolePolicy,
s3:GetBucketLocation,
s3:ListBucket,
s3:ListBucketVersions,
s3:GetEncryptionConfiguration,
ec2:DescribeSecurityGroups,
ec2:DescribeSubnets,
ec2:DescribeVpcs,
ec2:DescribeRouteTables,
kms:DescribeKey,
kms:ListAliases
airflow:GetEnvironment,
airflow:DeleteEnvironment
airflow:ListEnvironments