AWS CloudFormation

(1)

AWS CloudFormation

API Reference

API Version 2010-05-15

(2)

AWS CloudFormation: API Reference

Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be aﬃliated with, connected to, or sponsored by Amazon.

(3)

Welcome

AWS CloudFormation allows you to create and manage AWS infrastructure deployments predictably and repeatedly. You can use AWS CloudFormation to leverage AWS products, such as Amazon Elastic Compute Cloud, Amazon Elastic Block Store, Amazon Simple Notification Service, Elastic Load Balancing, and Auto Scaling to build highly reliable, highly scalable, cost-effective applications without creating or configuring the underlying AWS infrastructure.

With AWS CloudFormation, you declare all your resources and dependencies in a template ﬁle. The template deﬁnes a collection of resources as a single unit called a stack. AWS CloudFormation creates and deletes all member resources of the stack together and manages all dependencies between the resources for you.

For more information about AWS CloudFormation, see the AWS CloudFormation product page.

AWS CloudFormation makes use of other AWS products. If you need additional technical

information about a speciﬁc AWS product, you can ﬁnd the product's technical documentation at docs.aws.amazon.com.

Stack actions

When you use AWS CloudFormation, you manage related resources as a single unit called a stack.

You create, update, and delete a collection of resources by creating, updating, and deleting stacks.

All the resources in a stack are deﬁned by the stack's template.

Stack resources: DescribeStackResource (p. 79) | DescribeStackResources (p. 85) | ListStackResources (p. 148)

Stack drift: DescribeStackDriftDetectionStatus (p. 70) | DescribeStackResourceDrifts (p. 81) | DetectStackDrift (p. 110) | DetectStackResourceDrift (p. 113)

Stack operations: ListExports (p. 139) | ListImports (p. 142) | UpdateTerminationProtection (p. 223)

Stack policies: GetStackPolicy (p. 124) | SetStackPolicy (p. 188) Templates: EstimateTemplateCost (p. 119) | GetTemplate (p. 126) | GetTemplateSummary (p. 129) | ValidateTemplate (p. 225)

Change set actions

If you need to make changes to the running resources in a stack, you update the stack. Before making changes to your resources, you can generate a change set, which is summary of your proposed changes. Change sets allow you to see how your changes might impact your running resources, especially for critical resources, before implementing them.

CreateChangeSet (p. 16) | DeleteChangeSet (p. 43) | DescribeChangeSet (p. 59) | ExecuteChangeSet (p. 121) | ListChangeSets (p. 136)

(14)

Stack sets actions

AWS CloudFormation StackSets lets you create a collection, or stack set, of stacks that can automatically and safely provision a common set of AWS resources across multiple AWS accounts and multiple AWS Regions from a single AWS CloudFormation template. When you create a stack set, AWS CloudFormation provisions a stack in each of the speciﬁed accounts and AWS Regions by using the supplied AWS CloudFormation template and parameters. Stack sets let you manage a common set of AWS resources in a selection of accounts and AWS Regions in a single operation.

CreateStackSet (p. 35) | DeleteStackSet (p. 52) | DescribeStackSet (p. 91) | ListStackSets (p. 161) | UpdateStackSet (p. 215)

Stack instances: CreateStackInstances (p. 30) | DeleteStackInstances (p. 48) | DescribeStackInstance (p. 76) | ListStackInstances (p. 144)

Stack set operations: DescribeStackSetOperation (p. 94) | ListStackSetOperations (p. 158) | ListStackSetOperationResults (p. 154) | StopStackSetOperation (p. 198)

Extension management actions

The AWS CloudFormation registry enables you to manage the extensions, both private and public, that are available for use in your account.

ListTypeRegistrations (p. 164) | RegisterType (p. 182)

Configuration: BatchDescribeTypeConfigurations (p. 9) | SetTypeConfiguration (p. 190) Versioning: ListTypeVersions (p. 171) | SetTypeDefaultVersion (p. 193)

Extension publication actions

Use the AWS CloudFormation operation to develop and publish your own public third-party extensions.

For more information, see Publishing extensions to make them available for public use in the CFN- CLI User Guide for Extension Development.

PublishType (p. 175) | TestType (p. 201)

Publishers: DescribePublisher (p. 68) | RegisterPublisher (p. 180)

This document was last published on March 6, 2022.

(15)

Actions

The following actions are supported:

• ActivateType (p. 5)

• BatchDescribeTypeConﬁgurations (p. 9)

• CancelUpdateStack (p. 11)

• ContinueUpdateRollback (p. 13)

• CreateChangeSet (p. 16)

• CreateStack (p. 23)

• CreateStackInstances (p. 30)

• CreateStackSet (p. 35)

• DeactivateType (p. 41)

• DeleteChangeSet (p. 43)

• DeleteStack (p. 45)

• DeleteStackInstances (p. 48)

• DeleteStackSet (p. 52)

• DeregisterType (p. 54)

• DescribeAccountLimits (p. 57)

• DescribeChangeSet (p. 59)

• DescribeChangeSetHooks (p. 65)

• DescribePublisher (p. 68)

• DescribeStackDriftDetectionStatus (p. 70)

• DescribeStackEvents (p. 73)

• DescribeStackInstance (p. 76)

• DescribeStackResource (p. 79)

• DescribeStackResourceDrifts (p. 81)

• DescribeStackResources (p. 85)

• DescribeStacks (p. 88)

• DescribeStackSet (p. 91)

• DescribeStackSetOperation (p. 94)

• DescribeType (p. 98)

• DescribeTypeRegistration (p. 107)

• DetectStackDrift (p. 110)

• DetectStackResourceDrift (p. 113)

• DetectStackSetDrift (p. 116)

• EstimateTemplateCost (p. 119)

• ExecuteChangeSet (p. 121)

• GetStackPolicy (p. 124)

• GetTemplate (p. 126)

• GetTemplateSummary (p. 129)

• ImportStacksToStackSet (p. 133)

• ListChangeSets (p. 136)

• ListExports (p. 139)

(16)

• ListImports (p. 142)

• ListStackInstances (p. 144)

• ListStackResources (p. 148)

• ListStacks (p. 151)

• ListStackSetOperationResults (p. 154)

• ListStackSetOperations (p. 158)

• ListStackSets (p. 161)

• ListTypeRegistrations (p. 164)

• ListTypes (p. 167)

• ListTypeVersions (p. 171)

• PublishType (p. 175)

• RecordHandlerProgress (p. 178)

• RegisterPublisher (p. 180)

• RegisterType (p. 182)

• RollbackStack (p. 186)

• SetStackPolicy (p. 188)

• SetTypeConﬁguration (p. 190)

• SetTypeDefaultVersion (p. 193)

• SignalResource (p. 196)

• StopStackSetOperation (p. 198)

• TestType (p. 201)

• UpdateStack (p. 204)

• UpdateStackInstances (p. 211)

• UpdateStackSet (p. 215)

• UpdateTerminationProtection (p. 223)

• ValidateTemplate (p. 225)

(17)

ActivateType

Activates a public third-party extension, making it available for use in stack templates. For more information, see Using public extensions in the AWS CloudFormation User Guide.

Once you have activated a public third-party extension in your account and region, use

SetTypeConfiguration to specify configuration properties for the extension. For more information, see Configuring extensions at the account level in the CloudFormation User Guide.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters (p. 329).

AutoUpdate

Whether to automatically update the extension in this account and region when a new minor version is published by the extension publisher. Major versions released by the publisher must be manually updated.

The default is true.

Type: Boolean Required: No ExecutionRoleArn

The name of the IAM execution role to use to activate the extension.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: arn:.+:iam::[0-9]{12}:role/.+

Required: No LoggingConﬁg

Contains logging conﬁguration information for an extension.

Type: LoggingConﬁg (p. 245) object Required: No

MajorVersion

The major version of this extension you want to activate, if multiple major versions are available.

The default is the latest major version. CloudFormation uses the latest available minor version of the major version selected.

You can specify MajorVersion or VersionBump, but not both.

Type: Long

Valid Range: Minimum value of 1. Maximum value of 100000.

Required: No PublicTypeArn

The Amazon Resource Name (ARN) of the public extension.

(18)

Request Parameters

Conditional: You must specify PublicTypeArn, or TypeName, Type, and PublisherId.

Type: String

Length Constraints: Maximum length of 1024.

Pattern: arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}::type/.+/

[0-9a-zA-Z]{12,40}/.+

Required: No PublisherId

The ID of the extension publisher.

Type: String

Pattern: [0-9a-zA-Z]{12,40}

Required: No Type

The extension type.

Type: String

Valid Values: RESOURCE | MODULE | HOOK Required: No

TypeName

The name of the extension.

Type: String

Pattern: [A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}(::MODULE) {0,1}

Required: No TypeNameAlias

An alias to assign to the public extension, in this account and region. If you specify an alias for the extension, CloudFormation treats the alias as the extension type name within this account and region. You must use the alias to refer to the extension in your templates, API calls, and CloudFormation console.

An extension alias must be unique within a given account and region. You can activate the same public resource multiple times in the same account and region, using diﬀerent type name aliases.

Type: String

(19)

Response Elements

Pattern: [A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}(::MODULE) {0,1}

Required: No VersionBump

Manually updates a previously-activated type to a new major or minor version, if available. You can also use this parameter to update the value of AutoUpdate.

• MAJOR: CloudFormation updates the extension to the newest major version, if one is available.

• MINOR: CloudFormation updates the extension to the newest minor version, if one is available.

Type: String

Valid Values: MAJOR | MINOR Required: No

Response Elements

The following element is returned by the service.

Arn

The Amazon Resource Name (ARN) of the activated extension, in this account and region.

Type: String

Length Constraints: Maximum length of 1024.

Pattern: arn:aws[A-Za-z0-9-]{0,64}:cloudformation:[A-Za-z0-9-]{1,64}:[0-9]

{12}:type/.+

Errors

For information about the errors that are common to all actions, see Common Errors (p. 331).

CFNRegistry

An error occurred during a CloudFormation registry operation.

HTTP Status Code: 400 TypeNotFound

The speciﬁed extension doesn't exist in the CloudFormation registry.

HTTP Status Code: 404

BatchDescribeTypeConﬁgurations

Returns conﬁguration data for the speciﬁed CloudFormation extensions, from the CloudFormation registry for the account and region.

For more information, see Conﬁguring extensions at the account level in the AWS CloudFormation User Guide.

Request Parameters

TypeConﬁgurationIdentiﬁers.member.N

The list of identiﬁers for the desired extension conﬁgurations.

Type: Array of TypeConﬁgurationIdentiﬁer (p. 319) objects Array Members: Minimum number of 1 item.

Required: Yes

Response Elements

The following elements are returned by the service.

Errors.member.N

A list of information concerning any errors generated during the setting of the speciﬁed conﬁgurations.

Type: Array of BatchDescribeTypeConﬁgurationsError (p. 234) objects TypeConﬁgurations.member.N

A list of any of the speciﬁed extension conﬁgurations from the CloudFormation registry.

Type: Array of TypeConﬁgurationDetails (p. 317) objects UnprocessedTypeConﬁgurations.member.N

A list of any of the speciﬁed extension conﬁgurations that CloudFormation could not process for any reason.

Type: Array of TypeConﬁgurationIdentiﬁer (p. 319) objects

Errors

CFNRegistry

An error occurred during a CloudFormation registry operation.

(22)

CancelUpdateStack

Cancels an update on the speciﬁed stack. If the call completes successfully, the stack rolls back the update and reverts to the previous stack conﬁguration.

NoteYou can cancel only stacks that are in the UPDATE_IN_PROGRESS state.

Request Parameters

ClientRequestToken

A unique identiﬁer for this CancelUpdateStack request. Specify this token if you plan to retry requests so that AWS CloudFormation knows that you're not attempting to cancel an update on a stack with the same name. You might retry CancelUpdateStack requests to ensure that AWS CloudFormation successfully received them.

Type: String

Pattern: [a-zA-Z0-9][-a-zA-Z0-9]*

Required: No StackName

The name or the unique stack ID that's associated with the stack.

Type: String Required: Yes

Errors

TokenAlreadyExists

A client request token already exists.

Examples

CancelUpdateStack

This example illustrates one usage of CancelUpdateStack.

Sample Request

(24)

Sample Response

</ResponseMetadata>

</CancelUpdateStackResponse>

ContinueUpdateRollback

For a speciﬁed stack that's in the UPDATE_ROLLBACK_FAILED state, continues rolling it back to the UPDATE_ROLLBACK_COMPLETE state. Depending on the cause of the failure, you can manually ﬁx the error and continue the rollback. By continuing the rollback, you can return your stack to a working state (the UPDATE_ROLLBACK_COMPLETE state), and then try to update the stack again.

A stack goes into the UPDATE_ROLLBACK_FAILED state when AWS CloudFormation can't roll back all changes after a failed stack update. For example, you might have a stack that's rolling back to an old database instance that was deleted outside of AWS CloudFormation. Because AWS CloudFormation doesn't know the database was deleted, it assumes that the database instance still exists and attempts to roll back to it, causing the update rollback to fail.

Request Parameters

A unique identiﬁer for this ContinueUpdateRollback request. Specify this token if you plan to retry requests so that AWS CloudFormationknows that you're not attempting to continue the rollback to a stack with the same name. You might retry ContinueUpdateRollback requests to ensure that AWS CloudFormation successfully received them.

Type: String

Required: No

ResourcesToSkip.member.N

A list of the logical IDs of the resources that AWS CloudFormation skips during the continue update rollback operation. You can specify only resources that are in the UPDATE_FAILED state because a rollback failed. You can't specify resources that are in the UPDATE_FAILED state for other reasons, for example, because an update was canceled. To check why a resource update failed, use the DescribeStackResources (p. 85) action, and view the resource status reason.

Important

Specify this property to skip rolling back resources that AWS CloudFormation can't successfully roll back. We recommend that you troubleshoot resources before skipping them. AWS CloudFormation sets the status of the speciﬁed resources to UPDATE_COMPLETE and continues to roll back the stack. After the rollback is complete, the state of the skipped resources will be inconsistent with the state of the resources in the stack template. Before performing another stack update, you must update the stack or resources to be consistent with each other. If you don't, subsequent stack updates might fail, and the stack will become unrecoverable.

Specify the minimum number of resources required to successfully roll back your stack. For example, a failed resource update might cause dependent resources to fail. In this case, it might not be necessary to skip the dependent resources.

To skip resources that are part of nested stacks, use the following format:

NestedStackName.ResourceLogicalID. If you want to specify the logical ID of a stack resource (Type: AWS::CloudFormation::Stack) in the ResourcesToSkip list, then its

(26)

Errors

corresponding embedded stack must be in one of the following states: DELETE_IN_PROGRESS, DELETE_COMPLETE, or DELETE_FAILED.

NoteDon't confuse a child stack's name with its corresponding logical ID deﬁned in the parent stack. For an example of a continue update rollback operation with nested stacks, see Using ResourcesToSkip to recover a nested stacks hierarchy.

Type: Array of strings

Pattern: [a-zA-Z0-9]+|[a-zA-Z][-a-zA-Z0-9]*\.[a-zA-Z0-9]+

Required: No RoleARN

The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that AWS CloudFormation assumes to roll back the stack. AWS CloudFormation uses the role's credentials to make calls on your behalf. AWS CloudFormation always uses this role for all future operations on the stack. Provided that users have permission to operate on the stack, AWS CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least permission.

If you don't specify a value, AWS CloudFormation uses the role that was previously associated with the stack. If no role is available, AWS CloudFormation uses a temporary session that's generated from your user credentials.

Type: String

Required: No StackName

The name or the unique ID of the stack that you want to continue rolling back.

NoteDon't specify the name of a nested stack (a stack that was created by using the

AWS::CloudFormation::Stack resource). Instead, use this operation on the parent stack (the stack that contains the AWS::CloudFormation::Stack resource).

Type: String

Length Constraints: Minimum length of 1.

Pattern: ([a-zA-Z][-a-zA-Z0-9]*)|(arn:\b(aws|aws-us-gov|aws-cn)\b:[-a-zA- Z0-9:/._+]*)

Required: Yes

Errors

TokenAlreadyExists

(27)

Examples

ContinueUpdateRollback

This example illustrates one usage of ContinueUpdateRollback.

Sample Request

?Action=ContinueUpdateRollback &StackName=MyUpdatRollbackFailedStack &Version=2010-05-15

&SignatureVersion=2

Sample Response

<ContinueUpdateRollbackResponse xmlns="http://cloudformation.amazonaws.com/

doc/2010-05-15/">

</ResponseMetadata>

</ContinueUpdateRollbackResponse>

CreateChangeSet

Creates a list of changes that will be applied to a stack so that you can review the changes before executing them. You can create a change set for a stack that doesn't exist or an existing stack. If you create a change set for a stack that doesn't exist, the change set shows all of the resources that AWS CloudFormation will create. If you create a change set for an existing stack, AWS CloudFormation compares the stack's information with the information that you submit in the change set and lists the diﬀerences. Use change sets to understand which resources AWS CloudFormation will create or change, and how it will change resources in an existing stack, before you create or update a stack.

To create a change set for a stack that doesn't exist, for the ChangeSetType parameter, specify CREATE.

To create a change set for an existing stack, specify UPDATE for the ChangeSetType parameter. To create a change set for an import operation, specify IMPORT for the ChangeSetType parameter. After the CreateChangeSet call successfully completes, AWS CloudFormation starts creating the change set.

To check the status of the change set or to review it, use the DescribeChangeSet (p. 59) action.

When you are satisﬁed with the changes the change set will make, execute the change set by using the ExecuteChangeSet (p. 121) action. AWS CloudFormation doesn't make changes until you execute the change set.

To create a change set for the entire stack hierarchy, set IncludeNestedStacks to True.

Request Parameters

Capabilities.member.N

In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for AWS CloudFormation to create the stack.

• CAPABILITY_IAM and CAPABILITY_NAMED_IAM

Some stack templates might include resources that can aﬀect permissions in your AWS account;

for example, by creating new AWS Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.

The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

• If you have IAM resources, you can specify either capability.

• If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

• If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.

If your stack template contains these resources, we suggest that you review all permissions associated with them and edit their permissions if necessary.

• AWS::IAM::AccessKey

• AWS::IAM::Group

• AWS::IAM::InstanceProﬁle

• AWS::IAM::Policy

• AWS::IAM::Role

• AWS::IAM::User

• AWS::IAM::UserToGroupAddition

For more information, see Acknowledging IAM resources in AWS CloudFormation templates.

(29)

Request Parameters

• CAPABILITY_AUTO_EXPAND

Some template contain macros. Macros perform custom processing on templates; this can include simple actions like ﬁnd-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without ﬁrst reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by AWS CloudFormation.

NoteThis capacity doesn't apply to creating change sets, and specifying it when creating change sets has no eﬀect.

If you want to create a stack from a stack template that contains macros and nested stacks, you must create or update the stack directly from the template using the CreateStack (p. 23) or UpdateStack (p. 204) action, and specifying this capability.

For more information about macros, see Using AWS CloudFormation macros to perform custom processing on templates.

Valid Values: CAPABILITY_IAM | CAPABILITY_NAMED_IAM | CAPABILITY_AUTO_EXPAND Required: No

ChangeSetName

The name of the change set. The name must be unique among all change sets that are associated with the speciﬁed stack.

A change set name can contain only alphanumeric, case sensitive characters, and hyphens. It must start with an alphabetical character and can't exceed 128 characters.

Type: String

Pattern: [a-zA-Z][-a-zA-Z0-9]*

Required: Yes ChangeSetType

The type of change set operation. To create a change set for a new stack, specify CREATE. To create a change set for an existing stack, specify UPDATE. To create a change set for an import operation, specify IMPORT.

If you create a change set for a new stack, AWS CloudFormation creates a stack with a unique stack ID, but no template or resources. The stack will be in the REVIEW_IN_PROGRESS state until you execute the change set.

By default, AWS CloudFormation speciﬁes UPDATE. You can't use the UPDATE type to create a change set for a new stack or the CREATE type to create a change set for an existing stack.

Type: String

Valid Values: CREATE | UPDATE | IMPORT Required: No

(30)

Request Parameters

ClientToken

A unique identiﬁer for this CreateChangeSet request. Specify this token if you plan to retry requests so that AWS CloudFormation knows that you're not attempting to create another change set with the same name. You might retry CreateChangeSet requests to ensure that AWS CloudFormation successfully received them.

Type: String

Required: No Description

A description to help you identify this change set.

Type: String

Required: No IncludeNestedStacks

Creates a change set for the all nested stacks speciﬁed in the template. The default behavior of this action is set to False. To include nested sets in a change set, specify True.

Type: Boolean Required: No

NotiﬁcationARNs.member.N

The Amazon Resource Names (ARNs) of Amazon Simple Notiﬁcation Service (Amazon SNS) topics that AWS CloudFormation associates with the stack. To remove all associated notiﬁcation topics, specify an empty list.

Array Members: Maximum number of 5 items.

Required: No Parameters.member.N

A list of Parameter structures that specify input parameters for the change set. For more information, see the Parameter (p. 249) data type.

Type: Array of Parameter (p. 249) objects Required: No

ResourcesToImport.member.N

The resources to import into your stack.

Type: Array of ResourceToImport (p. 263) objects Array Members: Maximum number of 200 items.

Required: No

ResourceTypes.member.N

The template resource types that you have permissions to work with if you execute this change set, such as AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance.

(31)

Request Parameters

If the list of resource types doesn't include a resource type that you're updating, the stack update fails. By default, AWS CloudFormation grants permissions to all resource types. AWS Identity and Access Management (IAM) uses this parameter for condition keys in IAM policies for AWS CloudFormation. For more information, see Controlling access with AWS Identity and Access Management in the AWS CloudFormation User Guide.

The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that AWS CloudFormation assumes when executing the change set. AWS CloudFormation uses the role's credentials to make calls on your behalf. AWS CloudFormation uses this role for all future operations on the stack. Provided that users have permission to operate on the stack, AWS CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least permission.

If you don't specify a value, AWS CloudFormation uses the role that was previously associated with the stack. If no role is available, AWS CloudFormation uses a temporary session that is generated from your user credentials.

Type: String

Required: No RollbackConﬁguration

The rollback triggers for AWS CloudFormation to monitor during stack creation and updating operations, and for the speciﬁed monitoring period afterwards.

Type: RollbackConﬁguration (p. 264) object Required: No

StackName

The name or the unique ID of the stack for which you are creating a change set. AWS CloudFormation generates the change set by comparing this stack's information with the information that you submit, such as a modiﬁed template or diﬀerent parameter input values.

Type: String

Pattern: ([a-zA-Z][-a-zA-Z0-9]*)|(arn:\b(aws|aws-us-gov|aws-cn)\b:[-a-zA- Z0-9:/._+]*)

Required: Yes Tags.member.N

Key-value pairs to associate with this stack. AWS CloudFormation also propagates these tags to resources in the stack. You can specify a maximum of 50 tags.

Type: Array of Tag (p. 315) objects

(32)

Response Elements

Required: No TemplateBody

A structure that contains the body of the revised template, with a minimum length of 1 byte and a maximum length of 51,200 bytes. AWS CloudFormation generates the change set by comparing this template with the template of the stack that you speciﬁed.

Conditional: You must specify only TemplateBody or TemplateURL.

Type: String

Required: No TemplateURL

The location of the ﬁle that contains the revised template. The URL must point to a template (max size: 460,800 bytes) that's located in an Amazon S3 bucket or a Systems Manager document. AWS CloudFormation generates the change set by comparing this template with the stack that you speciﬁed.

Conditional: You must specify only TemplateBody or TemplateURL.

Type: String

Required: No UsePreviousTemplate

Whether to reuse the template that's associated with the stack to create the change set.

Response Elements

The following elements are returned by the service.

Id

The Amazon Resource Name (ARN) of the change set.

Type: String

Pattern: arn:[-a-zA-Z0-9:/]*

StackId

The unique ID of the stack.

Type: String

Errors

(33)

Examples

AlreadyExists

The resource with the name requested already exists.

HTTP Status Code: 400 InsuﬃcientCapabilities

The template contains resources with capabilities that weren't speciﬁed in the Capabilities parameter.

HTTP Status Code: 400 LimitExceeded

The quota for the resource has already been reached.

For information about resource and stack limitations, see AWS CloudFormation quotas in the AWS CloudFormation User Guide.

Examples

CreateChangeSet

This example illustrates one usage of CreateChangeSet.

Sample Request

?Action=CreateChangeSet &ChangeSetName=SampleChangeSet

&Parameters.member.1.ParameterKey=KeyName &Parameters.member.1.UsePreviousValue=true &Parameters.member.2.ParameterKey=Purpose &Parameters.member.2.ParameterValue=production

&StackName=arn:aws:cloudformation:us-east-1:123456789012:stack/

SampleStack/1a2345b6-0000-00a0-a123-00abc0abc000 &UsePreviousTemplate=true

&Version=2010-05-15

&X-Amz-Algorithm=AWS4-HMAC-SHA256

&X-Amz-Credential=[Access key ID and scope]

&X-Amz-Date=20160316T233349Z

&X-Amz-SignedHeaders=content-type;host &X-Amz-Signature=[Signature]

Sample Response

<Id>arn:aws:cloudformation:us-east-1:123456789012:changeSet/

SampleChangeSet/12a3b456-0e10-4ce0-9052-5d484a8c4e5b</Id>

</CreateChangeSetResult>

<RequestId>b9b4b068-3a41-11e5-94eb-example</RequestId>

</ResponseMetadata>

(34)

CreateStack

Creates a stack as speciﬁed in the template. After the call completes successfully, the stack creation starts. You can check the status of the stack through the DescribeStacks (p. 88)operation.

Request Parameters

Capabilities.member.N

In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for AWS CloudFormation to create the stack.

• CAPABILITY_IAM and CAPABILITY_NAMED_IAM

Some stack templates might include resources that can aﬀect permissions in your AWS account;

for example, by creating new AWS Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.

The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

• If you have IAM resources, you can specify either capability.

• If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

• If you don't specify either of these capabilities, AWS CloudFormation returns an InsufficientCapabilities error.

If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.

• AWS::IAM::AccessKey

• AWS::IAM::Group

• AWS::IAM::InstanceProﬁle

• AWS::IAM::Policy

• AWS::IAM::Role

• AWS::IAM::User

• AWS::IAM::UserToGroupAddition

For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.

• CAPABILITY_AUTO_EXPAND

Some template contain macros. Macros perform custom processing on templates; this can include simple actions like ﬁnd-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without ﬁrst reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by AWS CloudFormation.

If you want to create a stack from a stack template that contains macros and nested stacks, you must create the stack directly from the template using this capability.

Important

You should only create stacks directly from a stack template that contains macros if you know what processing the macro performs.

(36)

Request Parameters

Each macro relies on an underlying Lambda service function for processing stack templates. Be aware that the Lambda function owner can update the function operation without AWS CloudFormation being notiﬁed.

For more information, see Using AWS CloudFormation macros to perform custom processing on templates.

Valid Values: CAPABILITY_IAM | CAPABILITY_NAMED_IAM | CAPABILITY_AUTO_EXPAND Required: No

A unique identiﬁer for this CreateStack request. Specify this token if you plan to retry requests so that AWS CloudFormation knows that you're not attempting to create a stack with the same name.

You might retry CreateStack requests to ensure that AWS CloudFormation successfully received them.

All events initiated by a given stack operation are assigned the same client request token, which you can use to track operations. For example, if you execute a CreateStack operation with the token token1, then all the StackEvents generated by that operation will have ClientRequestToken set as token1.

In the console, stack operations display the client request token on the Events tab. Stack operations that are initiated from the console use the token format Console-StackOperation-ID, which helps you easily identify the stack operation . For example, if you create a stack using the console, each stack event would be assigned the same token in the following format: Console- CreateStack-7f59c3cf-00d2-40c7-b2ff-e75db0987002.

Type: String

Required: No DisableRollback

Set to true to disable rollback of the stack if stack creation failed. You can specify either DisableRollback or OnFailure, but not both.

Default: false Type: Boolean Required: No

EnableTerminationProtection

Whether to enable termination protection on the speciﬁed stack. If a user attempts to delete a stack with termination protection enabled, the operation fails and the stack remains unchanged. For more information, see Protecting a Stack From Being Deleted in the AWS CloudFormation User Guide.

Termination protection is deactivated on stacks by default.

For nested stacks, termination protection is set on the root stack and can't be changed directly on the nested stack.

(37)

Request Parameters

NotiﬁcationARNs.member.N

The Amazon Simple Notiﬁcation Service (Amazon SNS) topic ARNs to publish stack related events.

You can ﬁnd your Amazon SNS topic ARNs using the Amazon SNS console or your Command Line Interface (CLI).

Required: No OnFailure

Determines what action will be taken if stack creation fails. This must be one of: DO_NOTHING, ROLLBACK, or DELETE. You can specify either OnFailure or DisableRollback, but not both.

Default: ROLLBACK Type: String

Valid Values: DO_NOTHING | ROLLBACK | DELETE Required: No

Parameters.member.N

A list of Parameter structures that specify input parameters for the stack. For more information, see the Parameter data type.

ResourceTypes.member.N

The template resource types that you have permissions to work with for this create stack action, such as AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance.

Use the following syntax to describe template resource types: AWS::* (for all AWS resources), Custom::* (for all custom resources), Custom::logical_ID (for a speciﬁc custom resource), AWS::service_name::* (for all resources of a particular AWS service), and AWS::service_name::resource_logical_ID (for a speciﬁc AWS resource).

If the list of resource types doesn't include a resource that you're creating, the stack creation fails.

By default, AWS CloudFormation grants permissions to all resource types. AWS Identity and Access Management (IAM) uses this parameter for AWS CloudFormation-speciﬁc condition keys in IAM policies. For more information, see Controlling Access with AWS Identity and Access Management.

The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that AWS CloudFormation assumes to create the stack. AWS CloudFormation uses the role's credentials to make calls on your behalf. AWS CloudFormation always uses this role for all future operations on the stack. Provided that users have permission to operate on the stack, AWS CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least privilege.

If you don't specify a value, AWS CloudFormation uses the role that was previously associated with the stack. If no role is available, AWS CloudFormation uses a temporary session that's generated from your user credentials.

(38)

Request Parameters

Type: String

Required: No RollbackConﬁguration

The rollback triggers for AWS CloudFormation to monitor during stack creation and updating operations, and for the speciﬁed monitoring period afterwards.

Type: RollbackConﬁguration (p. 264) object Required: No

StackName

The name that's associated with the stack. The name must be unique in the Region in which you are creating the stack.

NoteA stack name can contain only alphanumeric characters (case sensitive) and hyphens. It must start with an alphabetical character and can't be longer than 128 characters.

Type: String Required: Yes StackPolicyBody

Structure containing the stack policy body. For more information, go to Prevent Updates to Stack Resources in the AWS CloudFormation User Guide. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

Type: String

Required: No StackPolicyURL

Location of a ﬁle containing the stack policy. The URL must point to a policy (maximum size:

16 KB) located in an S3 bucket in the same Region as the stack. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

Type: String

Required: No Tags.member.N

Key-value pairs to associate with this stack. AWS CloudFormation also propagates these tags to the resources created in the stack. A maximum number of 50 tags can be speciﬁed.

Type: Array of Tag (p. 315) objects

Required: No TemplateBody

Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes. For more information, go to Template anatomy in the AWS CloudFormation User Guide.

(39)

Response Elements

Conditional: You must specify either the TemplateBody or the TemplateURL parameter, but not both.

Type: String

Required: No TemplateURL

Location of ﬁle containing the template body. The URL must point to a template (max size:

460,800 bytes) that's located in an Amazon S3 bucket or a Systems Manager document. For more information, go to the Template anatomy in the AWS CloudFormation User Guide.

Conditional: You must specify either the TemplateBody or the TemplateURL parameter, but not both.

Type: String

Required: No TimeoutInMinutes

The amount of time that can pass before the stack status becomes CREATE_FAILED; if DisableRollback is not set or is set to false, the stack will be rolled back.

Type: Integer

Valid Range: Minimum value of 1.

Required: No

Response Elements

The following element is returned by the service.

StackId

Unique identiﬁer of the stack.

Type: String

Errors

AlreadyExists

The resource with the name requested already exists.

HTTP Status Code: 400 InsuﬃcientCapabilities

The template contains resources with capabilities that weren't speciﬁed in the Capabilities parameter.

(40)

Examples

HTTP Status Code: 400 LimitExceeded

The quota for the resource has already been reached.

For information about resource and stack limitations, see AWS CloudFormation quotas in the AWS CloudFormation User Guide.

HTTP Status Code: 400 TokenAlreadyExists

Examples

CreateStack

This example illustrates one usage of CreateStack.

Sample Request

?Action=CreateStack &StackName=MyStack

&TemplateBody=[Template Document]

&NotificationARNs.member.1=arn:aws:sns:us-east-1:1234567890:my-topic &Parameters.member.1.ParameterKey=AvailabilityZone

&Parameters.member.1.ParameterValue=us-east-1a &Version=2010-05-15

&SignatureVersion=2

Sample Response

<StackId>arn:aws:cloudformation:us-east-1:123456789:stack/MyStack/aaf549a0-a413-11df- adb3-5081b3858e83</StackId>

</CreateStackResult>

<RequestId>b9b4b068-3a41-11e5-94eb-example</RequestId>

</ResponseMetadata>

</CreateStackResponse>

CreateStackInstances

Creates stack instances for the specified accounts, within the specified AWS Regions. A stack instance refers to a stack in a specific account and Region. You must specify at least one value for either Accounts or DeploymentTargets, and you must specify at least one value for Regions.

Request Parameters

Accounts.member.N

[Self-managed permissions] The names of one or more AWS accounts that you want to create stack instances in the speciﬁed Region(s) for.

You can specify Accounts or DeploymentTargets, but not both.

Type: Array of strings Pattern: ^[0-9]{12}$

Required: No CallAs

[Service-managed permissions] Speciﬁes whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is speciﬁed. Use SELF for stack sets with self-managed permissions.

• If you are signed in to the management account, specify SELF.

• If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

Your AWS account must be registered as a delegated administrator in the management account.

For more information, see Register a delegated administrator in the AWS CloudFormation User Guide.

Type: String

Valid Values: SELF | DELEGATED_ADMIN Required: No

DeploymentTargets

[Service-managed permissions] The AWS Organizations accounts for which to create stack instances in the speciﬁed AWS Regions.

You can specify Accounts or DeploymentTargets, but not both.

Type: DeploymentTargets (p. 243) object Required: No

OperationId

The unique identiﬁer for this stack set operation.

The operation ID also functions as an idempotency token, to ensure that AWS CloudFormation performs the stack set operation only once, even if you retry the request multiple times. You might retry stack set operation requests to ensure that AWS CloudFormation successfully received them.

(43)

Request Parameters

Repeating this stack set operation with a new operation ID retries all stack instances whose status is OUTDATED.

Type: String

Required: No OperationPreferences

Preferences for how AWS CloudFormation performs this stack set operation.

Type: StackSetOperationPreferences (p. 305) object Required: No

ParameterOverrides.member.N

A list of stack set parameters whose values you want to override in the selected stack instances.

Any overridden parameter values will be applied to all stack instances in the speciﬁed accounts and AWS Regions. When specifying parameters and their values, be aware of how AWS CloudFormation sets parameter values during stack instance operations:

• To override the current value for a parameter, include the parameter and specify its value.

• To leave an overridden parameter set to its present value, include the parameter and specify UsePreviousValue as true. (You can't specify both a value and set UsePreviousValue to true.)

• To set an overridden parameter back to the value speciﬁed in the stack set, specify a parameter list but don't include the parameter in the list.

• To leave all parameters set to their present values, don't specify this property at all.

During stack set updates, any parameter values overridden for a stack instance aren't updated, but retain their overridden value.

You can only override the parameter values that are speciﬁed in the stack set; to add or delete a parameter itself, use UpdateStackSet to update the stack set template.

Regions.member.N

The names of one or more AWS Regions where you want to create stack instances using the speciﬁed AWS accounts.

Pattern: ^[a-zA-Z0-9-]{1,128}$

Required: Yes StackSetName

The name or unique ID of the stack set that you want to create stack instances from.

Type: String

AWS CloudFormation

AWS CloudFormation

API Reference

API Version 2010-05-15

AWS CloudFormation: API Reference

Table of Contents

Welcome

Actions

ActivateType

Request Parameters

Response Elements

Errors

See Also

BatchDescribeTypeConﬁgurations

Request Parameters

Response Elements

Errors

See Also

CancelUpdateStack

Request Parameters

Errors

Examples

CancelUpdateStack

Sample Request

Sample Response

See Also

ContinueUpdateRollback

Request Parameters

Errors

Examples

ContinueUpdateRollback

Sample Request

Sample Response

See Also

CreateChangeSet

Request Parameters

Response Elements

Errors

Examples

CreateChangeSet

Sample Request

Sample Response

See Also

CreateStack

Request Parameters

Response Elements

Errors

Examples

CreateStack

Sample Request

Sample Response

See Also

CreateStackInstances

Request Parameters