This page is under regular updates. Please check back later for more content.
Management & Governance
Amazon Cloudformation
Template Options

CloudFormation template options

Let's learn about the parameters that are common to any CloudFormation template

Tags

  • Description: Tags are key-value pairs used to organize, identify, or manage resources. You can assign tags to your CloudFormation stacks to categorize resources or add metadata (like project name, environment, owner).
  • Purpose: Tags are useful for cost allocation, access control, and resource management.
  • Example:
Tags:
  - Key: Environment
    Value: Production
  - Key: Department
    Value: IT

Permissions

  • Description: CloudFormation stacks require permissions to interact with AWS services and resources. Permissions typically refer to the roles or users that have access to create, update, or delete the stack.
  • AWS Identity and Access Management (IAM) roles can be associated with stacks to allow CloudFormation to execute tasks on your behalf.
  • Example: When creating a stack, you can specify a service role that CloudFormation will assume to execute stack actions:
RoleARN: arn:aws:iam::1234XXXXX:role/CloudFormationExecutionRole

Notification Options

  • Description: This feature allows you to configure SNS (Simple Notification Service) topics to send notifications on specific events related to your stack (like creation, updates, or deletion).
  • Purpose: Useful for tracking the progress or status of stack operations.
  • Example:
NotificationARNs:
  - arn:aws:sns:us-west-2:123456789012:my-sns-topic

Timeouts

  • Description: The timeout option defines how long CloudFormation should wait (in minutes) for the stack creation or update process to complete before marking it as failed. If the stack creation/update does not finish within this time, the stack operation fails.

  • Purpose: To avoid long-running processes that may be stuck or taking too long to complete.

  • Example:

TimeoutInMinutes: 30

Rollback on Failure

  • Description: This option determines whether CloudFormation should roll back (revert) the stack creation if an error occurs. If rollback is enabled, CloudFormation will delete any resources created during the failed stack creation attempt. If disabled, resources created up to the failure point will remain.
  • Purpose: To ensure that if stack creation fails, it can either revert all resources created (clean rollback) or leave them in place for further troubleshooting.

By default, rollback is enabled

  • Example:
DisableRollback: true  # By default, rollback is enabled

Stack Policy

  • Description: A stack policy is a JSON document that defines the update actions allowed or denied on the resources in the stack. It helps prevent accidental changes to critical resources during a stack update.
  • Purpose: To safeguard specific resources in the stack from being modified during updates.
  • Example:
{
  "Statement": [
    {
      "Effect": "Deny",
      "Action": "Update:*",
      "Principal": "*",
      "Resource": "LogicalResourceId/ProductionDatabase"
    }
  ]
}
Building Blocks AWS CloudTrail