name
cloudformation
description
AWS CloudFormation infrastructure as code for stack management. Use when writing templates, deploying stacks, managing drift, troubleshooting deployments, or organizing infrastructure with nested stacks.
metadata
last_updated
doc_source
2026-01-07
AWSTemplateFormatVersion : ' 2010-09-09' Description : My infrastructure template
Parameters :
Environment :
Type : String
AllowedValues : [dev, staging, prod]
Default : dev
Mappings :
EnvironmentConfig :
dev :
InstanceType : t3.micro
prod :
InstanceType : t3.large
Conditions :
IsProd : !Equals [!Ref Environment, prod]
Resources :
MyBucket :
Type : AWS::S3::Bucket
Properties :
BucketName : !Sub 'my-app-${Environment}-${AWS::AccountId}'
VersioningConfiguration :
Status : !If [IsProd, Enabled, Suspended]
Outputs :
BucketName :
Description : S3 bucket name
Value : !Ref MyBucket
Export :
Name : !Sub '${AWS::StackName}-BucketName' AWS CLI:
# Create stack# Validate template first# Wait and verifywait stack-create-complete --stack-name my-stack
aws cloudformation describe-stacks --stack-name my-stack --query " Stacks[0].StackStatus" # Wait for completionwait stack-create-complete --stack-name my-stack
# Update stack# Delete stack# Create change set# Describe changes# Execute change setResources :
LambdaFunction :
Type : AWS::Lambda::Function
Properties :
FunctionName : !Sub '${AWS::StackName}-function'
Runtime : python3.12
Handler : index.handler
Role : !GetAtt LambdaRole.Arn
Code :
ZipFile : |
def handler(event, context):
return {'statusCode': 200, 'body': 'Hello'}
Environment :
Variables :
ENVIRONMENT : !Ref Environment
LambdaRole :
Type : AWS::IAM::Role
Properties :
AssumeRolePolicyDocument :
Version : ' 2012-10-17' Statement :
- Effect : Allow
Principal :
Service : lambda.amazonaws.com
Action : sts:AssumeRole
ManagedPolicyArns :
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole Resources :
VPC :
Type : AWS::EC2::VPC
Properties :
CidrBlock : 10.0.0.0/16
EnableDnsHostnames : true
Tags :
- Key : Name
Value : !Sub '${AWS::StackName}-vpc'
PublicSubnet1 :
Type : AWS::EC2::Subnet
Properties :
VpcId : !Ref VPC
AvailabilityZone : !Select [0, !GetAZs '']
CidrBlock : 10.0.1.0/24
MapPublicIpOnLaunch : true
PrivateSubnet1 :
Type : AWS::EC2::Subnet
Properties :
VpcId : !Ref VPC
AvailabilityZone : !Select [0, !GetAZs '']
CidrBlock : 10.0.10.0/24
InternetGateway :
Type : AWS::EC2::InternetGateway
AttachGateway :
Type : AWS::EC2::VPCGatewayAttachment
Properties :
VpcId : !Ref VPC
InternetGatewayId : !Ref InternetGateway
PublicRouteTable :
Type : AWS::EC2::RouteTable
Properties :
VpcId : !Ref VPC
PublicRoute :
Type : AWS::EC2::Route
DependsOn : AttachGateway
Properties :
RouteTableId : !Ref PublicRouteTable
DestinationCidrBlock : 0.0.0.0/0
GatewayId : !Ref InternetGateway
PublicSubnet1RouteTableAssociation :
Type : AWS::EC2::SubnetRouteTableAssociation
Properties :
SubnetId : !Ref PublicSubnet1
RouteTableId : !Ref PublicRouteTable Resources :
OrdersTable :
Type : AWS::DynamoDB::Table
Properties :
TableName : !Sub '${AWS::StackName}-orders'
AttributeDefinitions :
- AttributeName : PK
AttributeType : S
- AttributeName : SK
AttributeType : S
- AttributeName : GSI1PK
AttributeType : S
- AttributeName : GSI1SK
AttributeType : S
KeySchema :
- AttributeName : PK
KeyType : HASH
- AttributeName : SK
KeyType : RANGE
GlobalSecondaryIndexes :
- IndexName : GSI1
KeySchema :
- AttributeName : GSI1PK
KeyType : HASH
- AttributeName : GSI1SK
KeyType : RANGE
Projection :
ProjectionType : ALL
BillingMode : PAY_PER_REQUEST
PointInTimeRecoverySpecification :
PointInTimeRecoveryEnabled : true
Command
Description
aws cloudformation create-stackCreate stack
aws cloudformation update-stackUpdate stack
aws cloudformation delete-stackDelete stack
aws cloudformation describe-stacksGet stack info
aws cloudformation list-stacksList stacks
aws cloudformation describe-stack-eventsGet events
aws cloudformation describe-stack-resourcesGet resources
Command
Description
aws cloudformation create-change-setCreate change set
aws cloudformation describe-change-setView changes
aws cloudformation execute-change-setApply changes
aws cloudformation delete-change-setDelete change set
Command
Description
aws cloudformation validate-templateValidate template
aws cloudformation get-templateGet stack template
aws cloudformation get-template-summaryGet template info
Use parameters for environment-specific valuesUse mappings for static lookup tablesUse conditions for optional resourcesExport outputs for cross-stack referencesAdd descriptions to parameters and outputs
Use IAM roles instead of access keysEnable termination protection for productionUse stack policies to protect resourcesNever hardcode secrets — use Secrets Manager
# Enable termination protection
Use nested stacks for complex infrastructureCreate reusable modules Version control templates Use consistent naming conventions
Use DependsOn for explicit dependenciesConfigure creation policies for instancesUse update policies for Auto Scaling groupsImplement rollback triggers
# Get failure reason' StackEvents[?ResourceStatus==`CREATE_FAILED`]' # Common causes:# - IAM permissions# - Resource limits# - Invalid property values# - Dependency failuresStack Stuck in DELETE_FAILED # Identify resources that couldn't be deleted' StackResources[?ResourceStatus==`DELETE_FAILED`]' # Retry with resources to skip# Detect drift# Check drift status# View drifted resources# Continue update rollback