environments

Creates, updates, deletes or gets an environment resource or lists environments in a region

Overview

Name	`environments`
Type	Resource
Description	Resource schema for AWS::MWAA::Environment
Id	`awscc.mwaa.environments`

Fields

Name	Datatype	Description
`name`	`string`	Customer-defined identifier for the environment, unique per customer region.
`arn`	`string`	ARN for the MWAA environment.
`webserver_url`	`string`	Url endpoint for the environment's Airflow UI.
`execution_role_arn`	`string`	IAM role to be used by tasks.
`kms_key`	`string`	The identifier of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use for MWAA data encryption.<br />You can specify the CMK using any of the following:<br />Key ID. For example, key/1234abcd-12ab-34cd-56ef-1234567890ab.<br />Key alias. For example, alias/ExampleAlias.<br />Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef.<br />Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.<br />AWS authenticates the CMK asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, the action can appear to complete, but eventually fails.
`airflow_version`	`string`	Version of airflow to deploy to the environment.
`source_bucket_arn`	`string`	ARN for the AWS S3 bucket to use as the source of DAGs and plugins for the environment.
`dag_s3_path`	`string`	Represents an S3 prefix relative to the root of an S3 bucket.
`plugins_s3_object_version`	`string`	Represents an version ID for an S3 object.
`airflow_configuration_options`	`object`	Key/value pairs representing Airflow configuration variables.<br />Keys are prefixed by their section:<br />[core]<br />dags_folder={AIRFLOW_HOME}/dags<br />Would be represented as<br />"core.dags_folder": "{AIRFLOW_HOME}/dags"
`environment_class`	`string`	Templated configuration for airflow processes and backing infrastructure.
`max_workers`	`integer`	Maximum worker compute units.
`min_workers`	`integer`	Minimum worker compute units.
`max_webservers`	`integer`	Maximum webserver compute units.
`min_webservers`	`integer`	Minimum webserver compute units.
`schedulers`	`integer`	Scheduler compute units.
▶`network_configuration`	`object`	Configures the network resources of the environment.
▶`logging_configuration`	`object`	Logging configuration for the environment.
`weekly_maintenance_window_start`	`string`	Start time for the weekly maintenance window.
`tags`	`object`	A map of tags for the environment.
`webserver_access_mode`	`string`	Choice for mode of webserver access including over public internet or via private VPC endpoint.
`endpoint_management`	`string`	Defines whether the VPC endpoints configured for the environment are created, and managed, by the customer or by Amazon MWAA.
`celery_executor_queue`	`string`	The celery executor queue associated with the environment.
`database_vpc_endpoint_service`	`string`	The database VPC endpoint service name.
`webserver_vpc_endpoint_service`	`string`	The webserver VPC endpoint service name, applicable if private webserver access mode selected.
`worker_replacement_strategy`	`string`	The worker replacement strategy to use when updating the environment. Valid values: `FORCED`, `GRACEFUL`. FORCED means Apache Airflow workers will be stopped and replaced without waiting for tasks to complete before an update. GRACEFUL means Apache Airflow workers will be able to complete running tasks for up to 12 hours during an update before being stopped and replaced.
`region`	`string`	AWS region.

For more information, see AWS::MWAA::Environment.

Methods

Name	Accessible by	Required Params
`create_resource`	`INSERT`	`Name, region`
`delete_resource`	`DELETE`	`data__Identifier, region`
`update_resource`	`UPDATE`	`data__Identifier, data__PatchDocument, region`
`list_resources`	`SELECT`	`region`
`get_resource`	`SELECT`	`data__Identifier, region`

`SELECT` examples

Gets all properties from an individual environment.

SELECT
region,
name,
arn,
webserver_url,
execution_role_arn,
kms_key,
airflow_version,
source_bucket_arn,
dag_s3_path,
plugins_s3_path,
plugins_s3_object_version,
requirements_s3_path,
requirements_s3_object_version,
startup_script_s3_path,
startup_script_s3_object_version,
airflow_configuration_options,
environment_class,
max_workers,
min_workers,
max_webservers,
min_webservers,
schedulers,
network_configuration,
logging_configuration,
weekly_maintenance_window_start,
tags,
webserver_access_mode,
endpoint_management,
celery_executor_queue,
database_vpc_endpoint_service,
webserver_vpc_endpoint_service,
worker_replacement_strategy
FROM awscc.mwaa.environments
WHERE region = 'us-east-1' AND data__Identifier = '<Name>';

`INSERT` example

Use the following StackQL query and manifest file to create a new environment resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO awscc.mwaa.environments (
 Name,
 region
)
SELECT 
'{{ Name }}',
'{{ region }}';

/*+ create */
INSERT INTO awscc.mwaa.environments (
 Name,
 ExecutionRoleArn,
 KmsKey,
 AirflowVersion,
 SourceBucketArn,
 DagS3Path,
 PluginsS3Path,
 PluginsS3ObjectVersion,
 RequirementsS3Path,
 RequirementsS3ObjectVersion,
 StartupScriptS3Path,
 StartupScriptS3ObjectVersion,
 AirflowConfigurationOptions,
 EnvironmentClass,
 MaxWorkers,
 MinWorkers,
 MaxWebservers,
 MinWebservers,
 Schedulers,
 NetworkConfiguration,
 LoggingConfiguration,
 WeeklyMaintenanceWindowStart,
 Tags,
 WebserverAccessMode,
 EndpointManagement,
 WorkerReplacementStrategy,
 region
)
SELECT 
 '{{ Name }}',
 '{{ ExecutionRoleArn }}',
 '{{ KmsKey }}',
 '{{ AirflowVersion }}',
 '{{ SourceBucketArn }}',
 '{{ DagS3Path }}',
 '{{ PluginsS3Path }}',
 '{{ PluginsS3ObjectVersion }}',
 '{{ RequirementsS3Path }}',
 '{{ RequirementsS3ObjectVersion }}',
 '{{ StartupScriptS3Path }}',
 '{{ StartupScriptS3ObjectVersion }}',
 '{{ AirflowConfigurationOptions }}',
 '{{ EnvironmentClass }}',
 '{{ MaxWorkers }}',
 '{{ MinWorkers }}',
 '{{ MaxWebservers }}',
 '{{ MinWebservers }}',
 '{{ Schedulers }}',
 '{{ NetworkConfiguration }}',
 '{{ LoggingConfiguration }}',
 '{{ WeeklyMaintenanceWindowStart }}',
 '{{ Tags }}',
 '{{ WebserverAccessMode }}',
 '{{ EndpointManagement }}',
 '{{ WorkerReplacementStrategy }}',
 '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: environment
    props:
      - name: Name
        value: '{{ Name }}'
      - name: ExecutionRoleArn
        value: '{{ ExecutionRoleArn }}'
      - name: KmsKey
        value: '{{ KmsKey }}'
      - name: AirflowVersion
        value: '{{ AirflowVersion }}'
      - name: SourceBucketArn
        value: '{{ SourceBucketArn }}'
      - name: DagS3Path
        value: '{{ DagS3Path }}'
      - name: PluginsS3Path
        value: null
      - name: PluginsS3ObjectVersion
        value: '{{ PluginsS3ObjectVersion }}'
      - name: RequirementsS3Path
        value: null
      - name: RequirementsS3ObjectVersion
        value: null
      - name: StartupScriptS3Path
        value: null
      - name: StartupScriptS3ObjectVersion
        value: null
      - name: AirflowConfigurationOptions
        value: {}
      - name: EnvironmentClass
        value: '{{ EnvironmentClass }}'
      - name: MaxWorkers
        value: '{{ MaxWorkers }}'
      - name: MinWorkers
        value: '{{ MinWorkers }}'
      - name: MaxWebservers
        value: '{{ MaxWebservers }}'
      - name: MinWebservers
        value: '{{ MinWebservers }}'
      - name: Schedulers
        value: '{{ Schedulers }}'
      - name: NetworkConfiguration
        value:
          SubnetIds:
            - '{{ SubnetIds[0] }}'
          SecurityGroupIds:
            - '{{ SecurityGroupIds[0] }}'
      - name: LoggingConfiguration
        value:
          DagProcessingLogs:
            Enabled: '{{ Enabled }}'
            LogLevel: '{{ LogLevel }}'
            CloudWatchLogGroupArn: '{{ CloudWatchLogGroupArn }}'
          SchedulerLogs: null
          WebserverLogs: null
          WorkerLogs: null
          TaskLogs: null
      - name: WeeklyMaintenanceWindowStart
        value: '{{ WeeklyMaintenanceWindowStart }}'
      - name: Tags
        value: {}
      - name: WebserverAccessMode
        value: '{{ WebserverAccessMode }}'
      - name: EndpointManagement
        value: '{{ EndpointManagement }}'
      - name: WorkerReplacementStrategy
        value: '{{ WorkerReplacementStrategy }}'

`DELETE` example

/*+ delete */
DELETE FROM awscc.mwaa.environments
WHERE data__Identifier = '<Name>'
AND region = 'us-east-1';

Permissions

To operate on the environments resource, the following permissions are required:

Create

airflow:GetEnvironment,
airflow:CreateEnvironment,
airflow:TagResource,
airflow:UntagResource,
iam:PassRole,
iam:ListRoles,
iam:CreatePolicy,
iam:AttachRolePolicy,
iam:CreateRole,
iam:CreateServiceLinkedRole,
s3:GetBucketLocation,
s3:ListAllMyBuckets,
s3:ListBucket,
s3:ListBucketVersions,
s3:CreateBucket,
s3:PutObject,
s3:GetEncryptionConfiguration,
ec2:DescribeSecurityGroups,
ec2:DescribeSubnets,
ec2:DescribeVpcs,
ec2:DescribeRouteTables,
ec2:AuthorizeSecurityGroupIngress,
ec2:CreateSecurityGroup,
ec2:CreateVpcEndpoint,
ec2:CreateNetworkInterface,
kms:CreateGrant,
kms:DescribeKey,
kms:ListAliases

Read

airflow:GetEnvironment

Update

airflow:GetEnvironment,
airflow:UpdateEnvironment,
airflow:TagResource,
airflow:UntagResource,
iam:PassRole,
iam:ListRoles,
iam:AttachRolePolicy,
s3:GetBucketLocation,
s3:ListBucket,
s3:ListBucketVersions,
s3:GetEncryptionConfiguration,
ec2:DescribeSecurityGroups,
ec2:DescribeSubnets,
ec2:DescribeVpcs,
ec2:DescribeRouteTables,
kms:DescribeKey,
kms:ListAliases

Delete

airflow:GetEnvironment,
airflow:DeleteEnvironment

List

airflow:ListEnvironments

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

DELETE example​

Permissions​

Create​

Read​

Update​

Delete​

List​