# Configure and modify cards in Infrastructure Composer
Configure and modify cards

In Infrastructure Composer, cards represent resources that you use to design your application architecture. When you configure a card in Infrastructure Composer, you define the details of the resources in your application. This includes details like a card's **Logical ID** and **Partition key**. The way this information is defined varies between **Enhanced component cards** and **Standard cards**.

An **Enhanced component card** is A collection of CloudFormation resources that have been combined into a single curated card that enhances ease of use, functionality, and are designed for a wide variety of use cases. A **Standard IaC resource card** represents a single AWS CloudFormation resource. Each standard IaC resource card, once dragged onto the canvas, is labeled **Standard component**.

This topic provides details on configuring **Enhanced component cards** and **Standard component cards**.

**Note**  
This topic applies to using cards from the Infrastructure Composer Console, the AWS Toolkit for Visual Studio Code extension, and while in Infrastructure Composer in CloudFormation console mode. Lambda-related cards (**Lambda Function** and **Lambda Layer**) require code builds and packaging solutions that are not available in Infrastructure Composer in CloudFormation console mode. For more information, see [Using Infrastructure Composer in CloudFormation console mode](using-composer-console-cfn-mode.md).

**Topics**
+ [

# Enhanced component cards in Infrastructure Composer
](using-composer-cards-use-enhanced-component.md)
+ [

# Standard cards in Infrastructure Composer
](using-composer-standard-cards.md)

# Enhanced component cards in Infrastructure Composer
Enhanced cards

To configure enhanced component cards, Infrastructure Composer provides a form in the **Resource properties** panel. This form is curated uniquely to guide you through configuring each enhanced component card. As you fill out the form, Infrastructure Composer modifies your infrastructure code.

Some enhanced component cards do have additional features. This section reviews the basics of using enhanced component cards and offers details on cards with additional features.

For more information on enhanced component cards, see [Enhanced component cards in Infrastructure Composer](using-composer-cards-component-intro-enhanced.md) and [Enhanced component cards in Infrastructure Composer](using-composer-cards-component-intro-enhanced.md)

# Procedure


The **Resource properties** panel streamlines configuration and adds guiderails that simplifies card configuration. To use this panel, perform the following steps:

1. Double-click a card to bring up the **Resource properties** panel.

1. Click on a card and select **Details** to bring up the resource properties panel.

1. For Infrastructure Composer from the AWS Management Console, select **Template** to show your application code. Configure directly from here.

   The following image shows how this can be done:  
![\[Selecting the Template View and modifying the infrastructure code from there.\]](http://docs.aws.amazon.com/infrastructure-composer/latest/dg/images/aac_ref_11.gif)

# Using Infrastructure Composer with Amazon Relational Database Service (Amazon RDS)
Amazon RDS card

AWS Infrastructure Composer features an integration with Amazon Relational Database Service (Amazon RDS). Using the **RDS Database (External)** enhanced component card in Infrastructure Composer, you can connect your application to Amazon RDS DB clusters, instances, and proxies that are defined on another CloudFormation or AWS Serverless Application Model (AWS SAM) template.

The **RDS Database (External)** enhanced component card represents Amazon RDS resources that are defined on another template. This includes:
+ Amazon RDS DB cluster or instance that is defined on another template
+ Amazon RDS DB proxy

The **RDS Database (External)** enhanced component card is available from the **Resources** palette.

![\[An Amazon RDS database (external) enhanced component card.\]](http://docs.aws.amazon.com/infrastructure-composer/latest/dg/images/aac_use_rds_01.png)


To use this card, drag it onto the Infrastructure Composer canvas, configure it, and connect it to other resources.

You can connect your application to the external Amazon RDS DB cluster or instance through an Lambda function.

## Requirements


To use this feature, you must meet the following requirements:

1. Your external Amazon RDS DB cluster, instance, or proxy must be using AWS Secrets Manager to manage the user password. To learn more, see [Password management with Amazon RDS and AWS Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide*.

1. Your application in Infrastructure Composer must be a new project or must have been originally created in Infrastructure Composer.

## Procedure


### Step 1: Configure the external RDS Database card


From the **Resources** palette, drag an **RDS Database (external)** enhanced component card onto the canvas. 

Select the card and choose **Details** or double-click on the card to bring up the **Resource properties** panel. The card's resource properties panel will appear:

![\[The resource properties panel of an RDS Database (external) enhanced component card.\]](http://docs.aws.amazon.com/infrastructure-composer/latest/dg/images/aac_use_rds_03.png)


You can configure the following here:
+ **Logical ID** – A unique name for your external Amazon RDS DB cluster, instance, or proxy. This ID does not have to match the logical ID value of your external Amazon RDS DB resource.
+ **Database secret** – An identifier for the AWS Secrets Manager secret that is associated with your Amazon RDS DB cluster, instance, or proxy. This field accepts the following values:
  + **Static value** – A unique identifier of the database secret, such as the secret ARN. The following is an example: `arn:aws:secretsmanager:us-west-2:123456789012:secret:my-path/my-secret-name-1a2b3c`. For more information, see [AWS Secrets Manager concepts](https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html) in the *AWS Secrets Manager User Guide*.
  + **Output value** – When a Secrets Manager secret is deployed to AWS CloudFormation, an output value is created. You can specify the output value here using the `[Fn::ImportValue](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html)` intrinsic function. For example, `!ImportValue MySecret`.
  + **Value from the SSM Parameter Store** – You can store your secret in the SSM Parameter Store and specify its value using a dynamic reference. For example, `{{resolve:ssm:MySecret}}`. For more information, see [SSM parameters](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html#dynamic-references-ssm) in the *AWS CloudFormation User Guide*.
+ **Database hostname** – The hostname that can be used to connect to your Amazon RDS DB cluster, instance, or proxy. This value is specified in the external template that defines your Amazon RDS resource. The following values are accepted:
  + **Static value** – A unique identifier of the database hostname, such as the endpoint address. The following is an example: `mystack-mydb-1apw1j4phylrk.cg034hpkmmjt.us-east-2.rds.amazonaws.com`.
  + **Output value** – The output value of a deployed Amazon RDS DB cluster, instance, or proxy. You can specify the output value using the `[Fn::ImportValue](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-importvalue.html)` intrinsic function. For example, `!ImportValue myStack-myDatabase-abcd1234`.
  + **Value from the SSM Parameter Store** – You can store the database hostname in the SSM Parameter Store and specify its value using a dynamic reference. For example, `{{resolve:ssm:MyDatabase}}`.
+ **Database port** – The port number that can be used to connect to your Amazon RDS DB cluster, instance, or proxy. This value is specified in the external template that defines your Amazon RDS resource. The following values are accepted:
  + **Static value** – The database port. For example, `3306`.
  + **Output value** – The output value of a deployed Amazon RDS DB cluster, instance, or proxy. For example, `!ImportValue myStack-MyRDSInstancePort`.
  + **Value from SSM Parameter Store** – You can store the database hostname in the SSM Parameter Store and specify its value using a dynamic reference. For example, `{{resolve:ssm:MyRDSInstancePort}}`.

**Note**  
Only the logical ID value must be configured here. You can configure the other properties at deployment time if you prefer.

### Step 2: Connect a Lambda Function card


From the **Resources** palette, drag a **Lambda Function** enhanced component card onto the canvas.

Connect the left port of the **Lambda Function** card to the right port of the **RDS Database (external)** card.

![\[A Lambda Function card connected to an RDS Database (external) enhanced component card.\]](http://docs.aws.amazon.com/infrastructure-composer/latest/dg/images/aac_use_rds_02.png)


Infrastructure Composer will provision your template to facilitate this connection.

## What Infrastructure Composer does to create your connection


When you complete the procedure listed above, Infrastructure Composer performs specific actions to connect your Lambda function to your database.

### When specifying the external Amazon RDS DB cluster, instance, or proxy


When you drag an **RDS Database (external)** card onto the canvas, Infrastructure Composer updates the `Metadata` and `Parameters` sections of your template as needed. The following is an example:

```
Metadata:
  AWS::Composer::ExternalResources:
    ExternalRDS:
      Type: externalRDS
      Settings:
        Port: !Ref ExternalRDSPort
        Hostname: !Ref ExternalRDSHostname
        SecretArn: !Ref ExternalRDSSecretArn
Parameters:
  ExternalRDSPort:
    Type: Number
  ExternalRDSHostname:
    Type: String
  ExternalRDSSecretArn:
    Type: String
```

[Metadata](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html) is an CloudFormation template section that is used to store details about your template. Metadata that is specific to Infrastructure Composer is stored under the `AWS::Composer::ExternalResources` metadata key. Here, Infrastructure Composer stores the values that you specify for your Amazon RDS DB cluster, instance, or proxy.

The [ Parameters](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html) section of an CloudFormation template is used to store custom values that can be inserted throughout your template at deployment. Depending on the type of values that you provide, Infrastructure Composer may store values here for your Amazon RDS DB cluster, instance, or proxy and specify them throughout your template.

String values in the `Metadata` and `Parameters` section use the logical ID value that you specify on your **RDS Database (external)** card. If you update the logical ID, the string values will change.

### When connecting the Lambda function to your database


When you connect a **Lambda Function** card to the **RDS Database (external)** card, Infrastructure Composer provisions environment variables and AWS Identity and Access Management (IAM) policies. The following is an example:

```
Resources:
  Function:
    Type: AWS::Serverless::Function
    Properties:
      ...
      Environment:
        Variables:
          EXTERNALRDS_PORT: !Ref ExternalRDSPort
          EXTERNALRDS_HOSTNAME: !Ref ExternalRDSHostname
          EXTERNALRDS_SECRETARN: !Ref ExternalRDSSecretArn
      Policies:
        - AWSSecretsManagerGetSecretValuePolicy:
            SecretArn: !Ref ExternalRDSSecretArn
```

[Environment](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-function.html#sam-function-environment) variables are variables that can be used by your function at runtime. To learn more, see [Using Lambda environment variables](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html) in the *AWS Lambda Developer Guide*.

[Policies](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-function.html#sam-function-policies) provision permissions for your function. Here, Infrastructure Composer creates a policy to allow read access from your function to Secrets Manager to obtain your password for access to the Amazon RDS DB cluster, instance, or proxy.

# Using AWS Infrastructure Composer with AWS Step Functions
Step Functions card

AWS Infrastructure Composer features an integration with [AWS Step Functions Workflow Studio](https://docs.aws.amazon.com/step-functions/latest/dg/workflow-studio.html). Use Infrastructure Composer to do the following:
+ Launch Step Functions Workflow Studio directly within Infrastructure Composer.
+ Create and manage new workflows or import existing workflows into Infrastructure Composer.
+ Integrate your workflows with other AWS resources using the Infrastructure Composer canvas.

The following image is of a Step Functions State machine card

![\[A Step Functions State machine card.\]](http://docs.aws.amazon.com/infrastructure-composer/latest/dg/images/aac_use_sf_01.png)


With Step Functions Workflow Studio in Infrastructure Composer, you can use the benefits of two powerful visual designers in a single place. As you design your workflow and application, Infrastructure Composer creates your infrastructure as code (IaC) to guide you towards deployment.

**Topics**
+ [

## IAM policies
](#using-composer-services-sf-use-iam)
+ [

## Getting started with Step Functions Workflow Studio in Infrastructure Composer
](#using-composer-services-sf-gs)
+ [

## Using Step Functions Workflow Studio in Infrastructure Composer
](#using-composer-services-sf-use)
+ [

## Learn more
](#using-composer-services-sf-learn)

## IAM policies


When you connect tasks from your workflow to resources, Infrastructure Composer automatically creates the AWS Identity and Access Management (IAM) policies required to authorize the interaction between your resources. The following is an example:

```
Transform: AWS::Serverless-2016-10-31
Resources:
  StockTradingStateMachine:
    Type: AWS::Serverless::StateMachine
    Properties:
      ...
      Policies:
        - LambdaInvokePolicy:
            FunctionName: !Ref CheckStockValue
      ...
  CheckStockValue:
    Type: AWS::Serverless::Function
    ...
```

If necessary, you can add more IAM policies to your template.

## Getting started with Step Functions Workflow Studio in Infrastructure Composer
Getting started

To get started, you can create new workflows or import existing workflows.

### To create a new workflow


1. From the **Resources** palette, drag a **Step Functions State machine** enhanced component card onto the canvas.  
![\[A Step Functions state machine card.\]](http://docs.aws.amazon.com/infrastructure-composer/latest/dg/images/aac_use_sf_02.png)

   When you drag a **Step Functions State machine** card onto the canvas, Infrastructure Composer creates the following:
   + An `[ AWS::Serverless::StateMachine](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-statemachine.html)` resource that defines your state machine. By default, Infrastructure Composer creates a standard workflow. To create an express workflow, change the `Type` value in your template from `STANDARD` to `EXPRESS`.
   + An `[AWS::Logs::LogGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-logs-loggroup.html)` resource that defines an Amazon CloudWatch log group for your state machine.

1. Open the card’s **Resource properties** panel and select **Edit in Workflow Studio** to open Workflow Studio within Infrastructure Composer.

   Step Functions Workflow Studio opens in **Design** mode. To learn more, see [Design mode](https://docs.aws.amazon.com/step-functions/latest/dg/workflow-studio-components.html#wfs-interface-design-mode) in the *AWS Step Functions Developer Guide*.
**Note**  
You can modify Infrastructure Composer to save your state machine definition in an external file. To learn more, see [Working with external files](#using-composer-services-sf-use-external).

1. Create your workflow and choose **Save**. To exit Workflow Studio, choose **Return to Infrastructure Composer**.

   Infrastructure Composer defines your workflow using the `Defintion` property of the `AWS::Serverless::StateMachine` resource.

1. You can modify your workflow by doing any of the following:
   + Open Workflow Studio again and modify your workflow.
   + For Infrastructure Composer from the console, you can open the **Template** view of your application and modify your template. If using **local sync**, you can modify your workflow in your local IDE. Infrastructure Composer will detect your changes and update your workflow in Infrastructure Composer.
   + For Infrastructure Composer from the Toolkit for VS Code, you can directly modify your template. Infrastructure Composer will detect your changes and update your workflow in Infrastructure Composer.

### To import existing workflows


You can import workflows from applications that are defined using AWS Serverless Application Model (AWS SAM) templates. Use any state machine defined with the `AWS::Serverless::StateMachine` resource type, and it will visualize as a **Step Functions State machine** enhanced component card that you can use to launch Workflow Studio.

The `AWS::Serverless::StateMachine` resource can define workflows using either of the following properties:
+ `[ Definition](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-statemachine.html#sam-statemachine-definition)` – The workflow is defined within the AWS SAM template as an object.
+ `[ DefinitionUri](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-statemachine.html#sam-statemachine-definitionuri)` – The workflow is defined on an external file using the [Amazon States Language](https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html). The file’s local path is then specified with this property.

#### Definition property


**Infrastructure Composer from the console**  
For workflows defined using the `Definition` property, you can import a single template or the entire project.  
+ **Template** – For instructions on importing a template, see [Import an existing project template in the Infrastructure Composer console](using-composer-project-import-template.md). To save changes that you make within Infrastructure Composer, you must export your template.
+ **Project** – When you import a project, you must activate **local sync**. Changes that you make are automatically saved to your local machine. For instructions on importing a project, see [Import an existing project folder in the Infrastructure Composer console](using-composer-project-import-folder.md).

**Infrastructure Composer from the Toolkit for VS Code**  
For workflows defined using the `Definition` property, you can open Infrastructure Composer from your template. For instructions, see [Access Infrastructure Composer from the AWS Toolkit for Visual Studio Code](setting-up-composer-access-ide.md).

#### DefinitionUri property


**Infrastructure Composer from the console**  
For workflows defined using the `DefinitionUri` property, you must import the project and activate **local sync**. For instructions on importing a project, see [Import an existing project folder in the Infrastructure Composer console](using-composer-project-import-folder.md).

**Infrastructure Composer from the Toolkit for VS Code**  
For workflows defined using the `DefinitionUri` property, you can open Infrastructure Composer from your template. For instructions, see [Access Infrastructure Composer from the AWS Toolkit for Visual Studio Code](setting-up-composer-access-ide.md).

## Using Step Functions Workflow Studio in Infrastructure Composer


### Build workflows


Infrastructure Composer uses definition substitutions to map workflow tasks to resources in your application. To learn more about definition substitutions, see `[ DefinitionSubstitutions](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-statemachine.html#sam-statemachine-definitionsubstitutions)` in the *AWS Serverless Application Model Developer Guide*.

When you create tasks in Workflow Studio, specify a definition substitution for each task. You can then connect tasks to resources on the Infrastructure Composer canvas.

**To specify a definition substitution in Workflow Studio**

1. Open the **Configuration** tab of the task and locate the **API Parameters** field.  
![\[The Configuration tab of a task in Workflow Studio.\]](http://docs.aws.amazon.com/infrastructure-composer/latest/dg/images/aac_use_sf_05.png)

1. If the **API Parameters** field has a drop down option, choose **Enter a CloudFormation substitution**. Then, provide a unique name.

   For tasks that connect to the same resource, specify the same definition substitution for each task. To use an existing definition substitution, choose **Select a CloudFormation substitution** and select the substitution to use.

1. If the **API Parameters** field contains a JSON object, modify the entry that specifies the resource name to use a definition substitution. In the following example, we change `"MyDynamoDBTable"` to `"${RecordTransaction}"`.  
![\[The Configuration tab of a task in Workflow Studio.\]](http://docs.aws.amazon.com/infrastructure-composer/latest/dg/images/aac_use_sf_06.png)

1. Select **Save** and **Return to Infrastructure Composer**.

The tasks from your workflow will visualize on the **Step Functions State machine** card.

![\[A Step Functions State machine card with tasks visualized.\]](http://docs.aws.amazon.com/infrastructure-composer/latest/dg/images/aac_use_sf_03.png)


### Connect resources to workflow tasks


You can create connections in Infrastructure Composer between supported workflow tasks and supported Infrastructure Composer cards.
+ **Supported workflow tasks** – Tasks for AWS services that are optimized for Step Functions. To learn more, see [ Optimized integrations for Step Functions](https://docs.aws.amazon.com/step-functions/latest/dg/connect-supported-services.html) in the *AWS Step Functions Developer Guide*.
+ **Supported Infrastructure Composer cards** – Enhanced component cards are supported. To learn more about cards in Infrastructure Composer, see [Configure and modify cards in Infrastructure Composer](using-composer-cards.md). 

When creating a connection, the AWS service of the task and card must match. For example, you can connect a workflow task that invokes a Lambda function to a **Lambda Function** enhanced component card.

To create a connection, click and drag the port of a task to the left port of an enhanced component card.

![\[A Step Functions State machine card with a task connected to a Lambda function resource card.\]](http://docs.aws.amazon.com/infrastructure-composer/latest/dg/images/aac_use_sf_04.png)


Infrastructure Composer will automatically update your `DefinitionSubstitution` value to define your connection. The following is an example:

```
Transform: AWS::Serverless-2016-10-31
Resources:
  StateMachine:
    Type: AWS::Serverless::StateMachine
    Properties:
      Definition:
        StartAt: Check Stock Value
        States:
          Check Stock Value:
            Type: Task
            Resource: arn:aws:states:::lambda:invoke
            Parameters:
              Payload.$: $
              FunctionName: ${CheckStockValue}
            Next: Choice
          ...
      DefinitionSubstitutions:
        CheckStockValue: !GetAtt CheckStockValue.Arn
        ...
  CheckStockValue:
    Type: AWS::Serverless::Function
    Properties:
      ...
```

### Working with external files


When you create a workflow from the **Step Functions State machine** card, Infrastructure Composer saves your state machine definition within your template using the `Definition` property. You can configure Infrastructure Composer to save your state machine definition on an external file.

**Note**  
To use this feature with Infrastructure Composer from the AWS Management Console, you must have **local sync** activated. For more information, see [Locally sync and save your project in the Infrastructure Composer console](using-composer-project-local-sync.md).

**To save your state machine definition on an external file**

1. Open the **Resource properties** panel of your **Step Functions State machine** card.

1. Select the **Use external file for state machine definition** option.

1. Provide a relative path and name for your state machine definition file.

1. Choose **Save**.

Infrastructure Composer will do the following:

1. Move your state machine definition from the `Definition` field to your external file.

1. Save your state machine definition in an external file using the Amazon States Language.

1. Modify your template to reference the external file using the `DefinitionUri` field.

## Learn more


To learn more about Step Functions in Infrastructure Composer, see the following:
+ [Using Workflow Studio in Infrastructure Composer](https://docs.aws.amazon.com/step-functions/latest/dg/use-wfs-in-app-composer.html) in the *AWS Step Functions Developer Guide*.
+ [DefinitionSubstitutions in AWS SAM templates](https://docs.aws.amazon.com/step-functions/latest/dg/concepts-sam-sfn.html#sam-definition-substitution-eg) in the *AWS Step Functions Developer Guide*.

# Standard cards in Infrastructure Composer
Standard cards

All CloudFormation resources are available to use as **standard IaC resource cards** from the **Resources** palette. After being dragged onto the visual canvas, a **standard IaC resource card** becomes a **standard component card**. This simply means the card is one or more standard IaC resources. For further examples and details, see the topics in this section.

You can modify your infrastructure code through the **Template** view and through the **Resource properties** window. For example, the following is an example starting template of an `Alexa::ASK::Skill` standard IaC resource:

```
Resources:
  Skill:
    Type: Alexa::ASK::Skill
    Properties:
      AuthenticationConfiguration:
        RefreshToken: <String>
        ClientSecret: <String>
        ClientId: <String>
      VendorId: <String>
      SkillPackage:
        S3Bucket: <String>
        S3Key: <String>
```

A standard IaC resource card starting template consists of the following:
+ The CloudFormation resource type.
+ Required or commonly used properties.
+ The required type of the value to provide for each property.

**Note**  
You can use Amazon Q to generate infrastructure code suggestions for standard resource cards. To learn more, see [Using AWS Infrastructure Composer with Amazon Q Developer](using-composer-ide-cw.md).

## Procedure
Procedure

You can modify the infrastructure code for each resource in a standard component card through the **Resource properties** panel.

**To modify a standard component card**

1. Open the **Resource properties** panel of the standard IaC component card.

1. In the **Editing** field, select the standard IaC resource to edit from the dropdown list.

1. Modify your infrastructure code and **Save**.