Menu
AWS CloudFormation
User Guide (API Version 2010-05-15)

Release History

The following table describes the important changes to the documentation since the preceding release of AWS CloudFormation.

Change Release Date Description API Version

Changed default umask value from version 1.4-22 onwards

September 14, 2017

The default umask parameter value for the cfn-hup.conf configuration file is now 022. For more information, see cfn-hup.

Updated resources September 7, 2017
AWS::ElasticLoadBalancingV2::LoadBalancer

Use the SubnetMappings property to specify the IDs of the subnets to attach to the load balancer.

Use the Type property to specify the type of load balancer to create.

AWS::ElasticLoadBalancingV2::TargetGroup

Use the TargetType property to specify the registration type of the targets in this target group.

2010-05-15

Rollback triggers added to the AWS CloudFormation API

August 31, 2017

Rollback triggers enable you to have AWS CloudFormation monitor the state of your application during stack creation and updating, and to roll back that operation if the application breaches the threshold of any of the alarms you've specified. For more information, see RollbackConfiguration in the AWS CloudFormation API Reference.

2010-05-15

New umask parameter for cfn-hup.conf file

August 31, 2017

Use the umask parameter in the cfn-hup.conf configuration file to control file permissions used by the cfn-hup daemon (version 1.4-21). For more information, see cfn-hup.

Updated resources for VPC Sizing support

August 29, 2017

AWS::EC2::VPCCidrBlock

Use the CidrBlock property to associate an IPv4 CIDR block with a VPC.

AWS::EC2::VPC

Use the CidrBlockAssociations attribute with the Fn::GetAtt function to get a list of IPv4 CIDR block association IDs associated with the VPC.

2010-05-15

Updated resources

August 23, 2017

AWS::S3::Bucket

In the Rule property type, use the TagFilters property to specify tags to use in identifying a subset of objects for an Amazon S3 bucket.

Use the MetricsConfiguration property to specify a metrics configuration for the CloudWatch request metrics from an Amazon S3 bucket.

AWS::IoT::TopicRule

In the Action property type, use the DynamoDBv2Action property to describe an AWS IoT action that writes data to a DynamoDB table.

In the Action property type, the DynamoDBAction property now supports the HashKeyType and RangeKeyType properties.

AWS::Lambda::Permission

Use the EventSourceToken property to specify a unique token that must be supplied by the principal invoking the function.

2010-05-15

New pseudo parameters

August 23, 2017

Use the AWS::Partition pseudo parameter to return the partition that a resource is in.

Use the AWS::URLSuffix pseudo parameter to return the suffix for a domain.

For more information, see Pseudo Parameters Reference.

2010-05-15

New resources for DAX support August 22, 2017
AWS::DAX::Cluster

Use the AWS::DAX::Cluster resource to create a DAX cluster for use with Amazon DynamoDB.

AWS::DAX::ParameterGroup

Use the AWS::DAX::ParameterGroup resource to create a parameter group for use with Amazon DynamoDB.

AWS::DAX::SubnetGroup

Use the AWS::DAX::SubnetGroup resource to create a subnet group for use with DAX (DynamoDB Accelerator).

2010-05-15

New resources

August 18, 2017

AWS::ApiGateway::DocumentationPart and AWS::ApiGateway::DocumentationVersion

Use the AWS::ApiGateway::DocumentationPart and AWS::ApiGateway::DocumentationVersion resources to create documentation for your API Gateway API.

AWS::ApiGateway::GatewayResponse

Use the AWS::ApiGateway::GatewayResponse resource to create a custom response for your API Gateway API.

AWS::ApiGateway::RequestValidator

Use the AWS::ApiGateway::RequestValidator resource to set up validation rules for incoming requests to your API Gateway API.

AWS::EC2::NetworkInterfacePermission

Use the AWS::EC2::NetworkInterfacePermission resource to grant an AWS account permission to a network interface.

2010-05-15

Updated resources

August 18, 2017

AWS::ApiGateway::Stage

Use the DocumentationVersion property to specify a versioned snapshot of the API documentation.

AWS::AutoScaling::ScalingPolicy

Use the TargetTrackingConfiguration property to specify an Auto Scaling target tracking scaling policy configuration.

AWS::CloudTrail::Trail

Use the EventSelectors property for Amazon S3 Data Events support.

AWS::CodeDeploy::DeploymentGroup

Use the LoadBalancerInfo and DeploymentStyle properties to specify an Elastic Load Balancing load balancer for an in-place deployment.

Use the AutoRollbackConfiguration property to configure automatic rollback for the deployment.

AWS::EC2::SpotFleet

In the SpotFleetRequestConfigData property type, use the ReplaceUnhealthyInstances property to indicate whether the Spot fleet should replace unhealthy instances and the Type property to specify the type of request.

AWS::EC2::Subnet

Use the AssignIpv6AddressOnCreation and Ipv6CidrBlock properties to create a subnet with an IPv6 CIDR block.

AWS::KinesisFirehose::DeliveryStream

Use the ExtendedS3DestinationConfiguration property to configure a destination in Amazon S3.

Use the ProcessingConfiguration subproperty within each destination configuration to invoke Lambda functions that transform incoming source data and deliver the transformed data to destinations.

AWS::RDS::DBCluster and AWS::RDS::DBInstance

The default DeletionPolicy is now Snapshot for AWS::RDS::DBCluster resources and for AWS::RDS::DBInstance resources that don't specify the DBClusterIdentifier property. For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute.

AWS::S3::Bucket

In the Rule property type, use the AbortIncompleteMultipartUpload property to specify a lifecycle rule that aborts incomplete multipart uploads to an Amazon S3 bucket.

AWS::SQS::Queue

Use the KmsMasterKeyId and KmsDataKeyReusePeriodSeconds properties to configure server-side encryption for Amazon SQS.

Added the Arn attribute to the Fn::GetAtt intrinsic function for the following resources:

2010-05-15

Support for stack tags in AWS CodePipeline artifacts

August 18, 2017

You can now specify tags for stacks in template configuration files for use as artifacts for AWS CodePipeline pipelines. Specified tags are applied to stacks created using the template configuration file. For more information, see AWS CloudFormation Artifacts.

2010-05-15

Create encrypted file systems

August 14, 2017

AWS::EFS::FileSystem

Use the Encrypted property to encrypt an Amazon EFS file system during creation.

Use the KmsKeyId property to optionally specify a custom customer master key to use to protect the encrypted file system.

2010-05-15

New resources for AWS Batch support

August 8, 2017

AWS::Batch::ComputeEnvironment

Use the AWS::Batch::ComputeEnvironment resource to define your AWS Batch compute environment.

AWS::Batch::JobDefinition

Use the AWS::Batch::JobDefinition resource to specify the parameters for an AWS Batch job definition.

AWS::Batch::JobQueue

Use the AWS::Batch::JobQueue resource to define your AWS Batch job queue.

2010-05-15

New resources for Amazon Kinesis Analytics support

July 28, 2017

AWS::KinesisAnalytics::Application

Use the AWS::KinesisAnalytics::Application resource to create an Amazon Kinesis Analytics application.

AWS::KinesisAnalytics::ApplicationOutput

Use the AWS::KinesisAnalytics::ApplicationOutput resource to add an external destination to your Amazon Kinesis Analytics application.

AWS::KinesisAnalytics::ApplicationReferenceDataSource

Use the AWS::KinesisAnalytics::ApplicationReferenceDataSource resource to add a reference data source to an existing Amazon Kinesis Analytics application.

2010-05-15

Use StackSets to centrally manage stacks across accounts and regions

July 25, 2017

StackSets enables you to create, update, or delete stacks across multiple accounts and regions in a single operation. Using an administrator account, you define and manage an AWS CloudFormation template, and use the template as the basis for provisioning stacks into selected target accounts across specified regions. For more information about StackSets, see Working with AWS CloudFormation StackSets.

2010-05-15

View stack events by client request token

July 14, 2017

In the console, stack operations display the client request token on the Events tab. All events triggered by a given stack operation are assigned the same client request token, which you can use to track operations. For more information, see Viewing Stack Data and Resources and StackEvent in the AWS CloudFormation API Reference.

2010-05-15

Use stack quick-create links

July 14, 2017

Use quick-create links to get stacks up and running quickly. You can specify the template URL, stack name, and template parameters to prepopulate a single Create Stack Wizard page. For more information, see Creating Quick-Create Links for Stacks.

New resources for AWS Database Migration Service support

July 12, 2017

AWS::DMS::Certificate

Use the AWS::DMS::Certificate resource to create an SSL certificate that encrypts connections between AWS DMS endpoints and the replication instance.

AWS::DMS::Endpoint

Use the AWS::DMS::Endpoint resource to create an AWS DMS endpoint.

AWS::DMS::EventSubscription

Use the AWS::DMS::EventSubscription resource to get notifications for AWS DMS events through the Amazon Simple Notification Service.

AWS::DMS::ReplicationInstance

Use the AWS::DMS::ReplicationInstance resource to create an AWS DMS replication instance.

AWS::DMS::ReplicationSubnetGroup

Use the AWS::DMS::ReplicationSubnetGroup resource to create an AWS DMS replication subnet group.

AWS::DMS::ReplicationTask

Use the AWS::DMS::ReplicationTask resource to create an AWS DMS replication task.

2010-05-15

New resources

July 5, 2017

AWS::CloudWatch::Dashboard

Use the AWS::CloudWatch::Dashboard resource to specify a custom CloudWatch dashboard for your CloudWatch console.

AWS::ApiGateway::DomainName

Use the AWS::ApiGateway::DomainName resource to specify a custom, friendly URL for your API that's deployed to Amazon API Gateway.

AWS::EC2::EgressOnlyInternetGateway

Use the AWS::EC2::EgressOnlyInternetGateway resource to create an egress-only internet gateway for your VPC.

AWS::EMR::InstanceFleetConfig

Use the InstanceFleetConfig resource to configure a Spot Instance fleet for an Amazon EMR cluster.

2010-05-15

Updated resources

July 5, 2017

AWS::ApiGateway::RestApi

Use the BinaryMediaTypes property to specify supported binary media types.

AWS::ApplicationAutoScaling::ScalingPolicy

Use the TargetTrackingScalingPolicyConfiguration property to specify a a target tracking scaling policy configuration.

AWS::CloudTrail::Trail

Use the TrailName property to specify a custom name for an AWS CloudTrail resource.

Use the Tags property to specify resource tags.

AWS::CodeDeploy::DeploymentGroup

Use the AlarmConfiguration property to configure alarms for the deployment group.

Use the TriggerConfigurations property to configure notification triggers for the deployment group.

AWS::EMR::Cluster

Use the CoreInstanceFleet property and the MasterInstanceFleet property in the Amazon EMR Cluster JobFlowInstancesConfig property type to configure the Spot Instance fleet for an Amazon EMR cluster.

AWS::DynamoDB::Table

Use the TimeToLiveSpecification property to specify the Time to Live (TTL) settings for an Amazon DynamoDB table.

Use the Tags property to specify resource tags for a DynamoDB table.

AWS::EC2::Instance

The IamInstanceProfile property now supports No interruption updates.

AWS::EC2::Route

Use the EgressOnlyInternetGatewayId property to specify an egress-only Internet gateway for an EC2 route.

AWS::Kinesis::Stream

Use the RetentionPeriodHours property to specify the number of hours that data records stored in shards remain accessible.

AWS::RDS::DBCluster

Use the ReplicationSourceIdentifier property to create a DB cluster as a Read Replica of another DB cluster or an Amazon RDS MySQL DB instance.

AWS::Redshift::Cluster

Use the LoggingProperties property to create audit log files and store them in Amazon S3.

2010-05-15

New resources

June 6, 2017

AWS::EMR::SecurityConfiguration

Use the AWS::EMR::SecurityConfiguration resource to create a security configuration, which is stored in the service and can be specified when a cluster is created.

2010-05-15

Updated resources

June 6, 2017

AWS::AutoScaling::LifecycleHook

The NotificationTargetARN and RoleARN properties are now optional.

AWS::CloudWatch::Alarm

You can now use the EvaluateLowSampleCountPercentile, ExtendedStatistic, and TreatMissingData properties when creating AWS::CloudWatch::Alarm resources.

AWS::EC2::SpotFleet

AWS CloudFormation supports mutable changes to Spot fleet properties.

The following properties of the SpotFleetRequestConfigData property support Replacement updates:

  • AllocationStrategy

  • IamFleetRole

  • LaunchSpecifications

  • SpotPrice

  • TerminateInstancesWithExpiration

  • ValidFrom

  • ValidUntil

The following properties of the SpotFleetRequestConfigData property support No interruption updates:

  • ExcessCapacityTerminationPolicy

  • TargetCapacity

AWS::EMR::InstanceGroupConfig

AWS CloudFormation now supports Auto Scaling for Amazon EMR task instance groups.

AWS::Events::Rule

The RoleArn property is deprecated on the Rule resource.

Use the RoleArn property on the Target property type to specify the IAM role to use for a target.

AWS::Kinesis::Stream

The ShardCount property now supports No interruption updates.

AWS::Lambda::Function

Use the TracingConfig property to configure tracing settings for Lambda functions.

AWS::Redshift::Cluster, AWS::Redshift::ClusterParameterGroup, AWS::Redshift::ClusterSecurityGroup, and AWS::Redshift::ClusterSubnetGroup

Use the Tags property to specify resource tags.

AWS::RDS::DBCluster

Added the ReadEndpoint.Address attribute to the Fn::GetAtt intrinsic function.

AWS::S3::Bucket

Added the Arn attribute to the Fn::GetAtt intrinsic function.

2010-05-15

New resources

May 11, 2017

The following new resources support using AWS WAF with Elastic Load Balancing (ELB) Application load balancers.

AWS::WAFRegional::ByteMatchSet

Use the AWS::WAFRegional::ByteMatchSet resource to identify a part of a web request that you want to inspect.

AWS::WAFRegional::IPSet

Use the AWS::WAFRegional::IPSet resource to specify which web requests to permit or block based on the IP addresses from which the requests originate.

AWS::WAFRegional::Rule

Use the AWS::WAFRegional::Rule resource to specify a combination of IPSet, ByteMatchSet, and SqlInjectionMatchSet objects that identify the web requests to allow, block, or count.

AWS::WAFRegional::SizeConstraintSet

Use the AWS::WAFRegional::SizeConstraintSet resource to specify a size constraint used to check the size of a web request and which parts of the request to check.

AWS::WAFRegional::SqlInjectionMatchSet

Use the AWS::WAFRegional::SqlInjectionMatchSet resource to allow, block, or count requests that contain malicious SQL code in a specific part of web requests.

AWS::WAFRegional::WebACL

Use the AWS::WAFRegional::WebACL resource to identify the web requests that you want to allow, block, or count.

AWS::WAFRegional::WebACLAssociation

Use the AWS::WAFRegional::WebACLAssociation resource to associate a web access control group (ACL) with a resource.

AWS::WAFRegional::XssMatchSet

Use the AWS::WAFRegional::XssMatchSet resource to specify the parts of web requests that you want AWS WAF to inspect for cross-site scripting attacks and the name of the header to inspect.

2010-05-15

New resources

April 28, 2017

AWS::Cognito::IdentityPool

Use the AWS::Cognito::IdentityPool resource to create an Amazon Cognito identity pool.

AWS::Cognito::IdentityPoolRoleAttachment

Use the AWS::Cognito::IdentityPoolRoleAttachment resource to manage the role configuration for an Amazon Cognito identity pool.

AWS::Cognito::UserPool

Use the AWS::Cognito::UserPool resource to create an Amazon Cognito user pool.

AWS::Cognito::UserPoolClient

Use the AWS::Cognito::UserPoolClient resource to create a user pool client.

AWS::Cognito::UserPoolGroup

Use the AWS::Cognito::UserPoolGroup resource to create a user group in an Amazon Cognito user pool.

AWS::Cognito::UserPoolUser

Use the AWS::Cognito::UserPoolUser resource to create an Amazon Cognito user pool user.

AWS::Cognito::UserPoolUserToGroupAttachment

Use the AWS::Cognito::UserPoolUserToGroupAttachment resource to attach a user to an Amazon Cognito user pool group.

2010-05-15

Updated resources

April 28, 2017

AWS Config ConfigRule SourceDetails

Use the MaximumExecutionFrequency subproperty of the AWS::Config::ConfigRule resource to run evaluations for a custom rule using a periodic trigger.

AWS::EC2::Volume

We now support Elastic Volumes for Amazon Elastic Block Store (Amazon EBS) in CloudFormation. We now support No interruption updates on three properties: VolumeType, Size, and Iops.

AWS::EC2::SecurityGroup

Use the GroupName property to specify a name for your Amazon EC2 security group.

AWS::ECS::Service

There are three new properties for AWS::ECS::Service: PlacementConstraints, PlacementStrategies, and ServiceName.

AWS::ECS::TaskDefinition

Use the PlacementConstraints property to define placement constraints for tasks in the service.

AWS::ElastiCache::ReplicationGroup

Added the ConfigurationEndPoint.Address attribute and the ConfigurationEndPoint.Port attribute to the Fn::GetAtt intrinsic function.

AWS::ElasticLoadBalancingV2::LoadBalancer

Use the IpAddressType property to specify the type of IP addresses that are used by the load balancer's subnets.

AWS::EMR::Cluster

AWS CloudFormation now supports Auto Scaling for Amazon EMR clusters.

AWS::IAM::ManagedPolicy

Use the ManagedPolicyName property to specify a custom name for your IAM managed policy.

AWS::Lambda::Function

Use the Tags property to add tags to your Lambda function.

AWS::OpsWorks::Instance

Added the following attributes to the Fn::GetAtt intrinsic function: AvailabilityZone, PrivateDnsName, PrivateIp, and PublicDnsName.

AWS::OpsWorks::UserProfile

Use the SshUsername property to specify a user's SSH name.

Added the SshUsername attribute to the Fn::GetAtt intrinsic function.

AWS::Redshift::Cluster

Use the IamRoles property to provide a list of one or more AWS Identity and Access Management roles that the Amazon Redshift cluster can use to access other AWS services.

2010-05-15

Edit templates in YAML and JSON using AWS CloudFormation Designer

April 6, 2017

When you create AWS CloudFormation templates using Designer, you can now edit your template in both YAML and JSON in the integrated editor. You can also convert JSON templates to YAML and vice-versa, depending on your preferred template authoring language. For more information, see What Is AWS CloudFormation Designer?.

2010-05-15

New resource

April 6, 2017

AWS::SSM::Parameter

Use the AWS::SSM::Parameter resource to create an SSM parameter in Parameter Store.

2010-05-15

AWS::Include transform

March 28, 2017

Use the AWS::Include transform to reference reusable snippets stored in an Amazon S3 bucket. For more information, see AWS::Include Transform.

2010-05-15

Peer your Amazon VPC with another account

March 28, 2017

You can now use AWS CloudFormation to peer your Amazon VPC with a VPC in another AWS account. For more information, see Walkthrough: Peer with an Amazon VPC in Another AWS Account.

2010-05-15

New resource

March 28, 2017

AWS::ApiGateway::UsagePlanKey

Use the AWS::ApiGateway::UsagePlanKey resource to associate a usage plan key and determine which users the usage plan is applied to.

2010-05-15

Updated resources

March 28, 2017

AWS::EC2::VPCPeeringConnection

Use the PeerOwnerId property and the PeerRoleArn property to peer with a VPC in another AWS account.

For more information, see Walkthrough: Peer with an Amazon VPC in Another AWS Account.

AWS::IAM::InstanceProfile

Use the InstanceProfileName property to configure an instance profile.

AWS::Lambda::Function

Use the DeadLetterConfig property to configure how AWS Lambda handles events that it can't process.

Node.js v0.10 is no longer supported for the Runtime property.

AWS::Route53::HealthCheck

There are seven new resource subproperty types for the Amazon Route 53 HealthCheckConfig HealthCheckConfig property: AlarmIdentifier, ChildHealthChecks, EnableSNI, HealthThreshold, InsufficientDataHealthStatus, Inverted, and MeasureLatency.

AWS::SQS::Queue

Use the ContentBasedDeduplication and FifoQueue properties to create First-In-First-Out (FIFO) Amazon Simple Queue Service queues.

AWS::S3::Bucket

You can now specify IPv6 domain names for your Amazon S3 buckets.

2010-05-15

New resources February 10, 2017
AWS::StepFunctions::Activity

Use the AWS::StepFunctions::Activity resource to create an AWS Step Functions activity.

AWS::StepFunctions::StateMachine

Use the AWS::StepFunctions::StateMachine resource to create a Step Functions state machine.

2010-05-15

New intrinsic function

January 17, 2017

Use the Fn::Split function to split a string into a list of string values. For more information, see Fn::Split.

2010-05-15

Console support for listing imports

January 17, 2017

Use the AWS CloudFormation console to see all of the stacks that are importing an exported output value. For more information, see Listing Stacks That Import an Exported Output Value.

2010-05-15

Updated resources

January 17, 2017

AWS::AutoScaling::AutoScalingGroup

The LoadBalancerNames property can be updated without replacing the Auto Scaling group.

AWS::ECS::TaskDefinition

Added the NetworkMode and MemoryReservation properties.

AWS::RDS::DBCluster

AWS CloudFormation supports updates to the Tags property.

AWS::RDS::DBInstance

Added the Timezone property.

AWS IoT TopicRule FirehoseAction

Added the Separator property.

AWS::OpsWorks::Instance

Added the PublicIp attribute for the Fn::GetAtt intrinsic function.

2010-05-15

New resources

December 01, 2016

AWS::CodeBuild::Project

Use the AWS::CodeBuild::Project resource to create an AWS CodeBuild project that defines how AWS CodeBuild builds your source code.

AWS::SSM::Association

Use the AWS::SSM::Association resource to associate an Amazon EC2 Systems Manager document with EC2 instances.

AWS::EC2::SubnetCidrBlock

Use the AWS::EC2::SubnetCidrBlock resource to associate a single IPv6 CIDR block with an Amazon VPC subnet.

AWS::EC2::VPCCidrBlock

Use the AWS::EC2::VPCCidrBlock resource to associate a single Amazon-provided IPv6 CIDR block with an Amazon VPC VPC.

2010-05-15

Updated resources for IPv6 support

December 01, 2016

AWS::EC2::Instance

Added the Ipv6AddressCount and Ipv6Addresses properties.

AWS::EC2::NetworkAclEntry

Added the Ipv6CidrBlock property.

AWS::EC2::NetworkInterface

Added the Ipv6AddressCount and Ipv6Addresses properties.

AWS::EC2::Route

Added the DestinationIpv6CidrBlock property.

AWS::EC2::SecurityGroupEgress

Added the CidrIpv6 property.

AWS::EC2::SecurityGroupIngress

Added the CidrIpv6 property.

AWS::EC2::SpotFleet

Added the Ipv6AddressCount and Ipv6Addresses properties for the launch specification network interfaces.

AWS::EC2::Subnet

Added the Ipv6CidrBlocks attribute for the Fn::GetAtt function.

AWS::EC2::VPC

Added the Ipv6CidrBlocks attribute for the Fn::GetAtt function.

AWS::SSM::Document

Added the DocumentType property.

2010-05-15

Resource specification

November 22, 2016

Use the AWS CloudFormation resource specification to builds tools that help you create AWS CloudFormation templates. The specification is a machine-readable, JSON-formatted text file. For more information, see AWS CloudFormation Resource Specification.

2010-05-15

New resources

November 22, 2016

AWS::OpsWorks::UserProfile

Use the AWS::OpsWorks::UserProfile resource to configure SSH access for users who require access to instances in an AWS OpsWorks stack.

AWS::OpsWorks::Volume

Use the AWS::OpsWorks::Volume resource to register an Amazon Elastic Block Store volume with an AWS OpsWorks stack.

2010-05-15

Updated resources

November 22, 2016

AWS::OpsWorks::App

Added the DataSources property.

AWS::OpsWorks::Instance

Added the BlockDeviceMappings, AgentVersion, ElasticIps, Hostname, Tenancy, and Volumes properties.

AWS::OpsWorks::Layer

Added the CustomJson and VolumeConfigurations properties.

AWS::OpsWorks::Stack

Added the ElasticIps, EcsClusterArn, RdsDbInstances, CloneAppIds, ClonePermissions, and SourceStackId properties.

AWS::RDS::DBInstance

Added the CopyTagsToSnapshot property.

2010-05-15

List imports

November 22, 2016

List imports of an exported output value to track which AWS CloudFormation stacks are importing the value. For more information, see Listing Stacks That Import an Exported Output Value.

2010-05-15

Transforms

November 17, 2016

Specify the AWS Serverless Application Model (AWS SAM) that AWS CloudFormation uses to process AWS SAM syntax for serverless applications. For more information, see Transform.

2010-05-15

New resource

November 17, 2016

AWS::SNS::Subscription

Use the AWS::SNS::Subscription resource to subscribe an endpoint to an Amazon Simple Notification Service topic.

2010-05-15

Updated resource

November 17, 2016

AWS::Lambda::Function

Use the Environment property to specify key-value pairs (environment variables) that your AWS Lambda function can access.

Use the KmsKeyArn property to specify an AWS Key Management Service key that AWS Lambda uses to encrypt and decrypt environment variables.

2010-05-15

New CLI commands

November 17, 2016

Uploading Local Artifacts to an S3 Bucket

Use the aws cloudformation package command to upload local artifacts that are referenced in an AWS CloudFormation template to an S3 bucket.

Quickly Deploying Templates with Transforms

Use the aws cloudformation deploy command to combine the create and execute change set actions into a single command. This command is useful for quickly creating or updating stacks that contain transforms.

2010-05-15

Updated resource

November 03, 2016

AWS::CloudFront::Distribution

For the CloudFront DistributionConfig property, use the HttpVersion property to specify the latest HTTP version that viewers can use to communicate with Amazon CloudFront.

For the CloudFront ForwardedValues property, use the QueryStringCacheKeys property to specify the query string parameters that CloudFront uses to determine which content to cache.

2010-05-15

List stack exports

November 03, 2016

Use the AWS CloudFormation console, API, or AWS CLI to see a list of all the exported output values for a region. For more information, see Exporting Stack Output Values.

2010-05-15

Continuous delivery with stacks

November 03, 2016

Use AWS CodePipeline to build continuous delivery workflows with AWS CloudFormation stacks. For more information, see Continuous Delivery with AWS CodePipeline.

2010-05-15

Skip resources during rollback

November 03, 2016

If you have a stack in the UPDATE_ROLLBACK_FAILED state, use the ResourcesToSkip parameter for the ContinueUpdateRollback action to skip resources that AWS CloudFormation can't rollback. For more information, see the Troubleshooting section in Update Rollback Failed.

2010-05-15

Change sets enhancement

November 03, 2016

You can create a new stack using a change set.

2010-05-15

Updated resource

October 12, 2016

AWS::ElastiCache::CacheCluster

Update the CacheNodeType property without replacing the cluster.

AWS::ElastiCache::ReplicationGroup

You can create a Redis (cluster mode enabled) replication group that can contain multiple node groups (shards), each with a primary cluster and read replicas.

AWS::ElastiCache::SubnetGroup

Use the CacheSubnetGroupName property to specify a name for an Amazon ElastiCache subnet group.

2010-05-15

New resources

October 06, 2016

AWS::ApiGateway::UsagePlan

Use the AWS::ApiGateway::UsagePlan resource to specify a usage plan for deployed Amazon API Gateway APIs.

AWS::CodeCommit::Repository

Use the AWS::CodeCommit::Repository resource to create an AWS CodeCommit repository that is hosted by Amazon Web Services.

2010-05-15

Updated resources

October 06, 2016

AWS::ApiGateway::Authorizer

Use the ProviderARNs property to use Amazon Cognito user pools as Amazon API Gateway API authorizers.

AWS::ApiGateway::Deployment

The StageName property is no longer required.

AWS::ElasticLoadBalancingV2::TargetGroup

For the GetAtt function, use the LoadBalancerArns attribute to retrieve the Amazon Resource Names (ARNs) of the load balancers that route traffic to the target group.

AWS::RDS::DBInstance

Use the Domain and DomainIAMRoleName properties to use Windows Authentication when users connect to the RDS DB instance.

AWS::EC2::SecurityGroupEgress

Use the DestinationPrefixListId property to specify the AWS service prefix of an Amazon VPC endpoint.

2010-05-15

Cross-stack reference enhancement

October 06, 2016

Use intrinsic functions to customize the Name value of an export or to refer to a value in the ImportValue function.

2010-05-15

AWS CloudFormation service role

September 26, 2016

Use an AWS Identity and Access Management (IAM) service role for AWS CloudFormation stack operations. AWS CloudFormation uses the role's credentials to make calls to stack resources on your behalf. For more information, see AWS CloudFormation Service Role.

2010-05-15

New feature

September 19, 2016

You can use the Export output field and the Fn::ImportValue intrinsic function to have one stack refer to resource outputs in another stack. For more information, see Outputs, Fn::ImportValue, and Walkthrough: Refer to Resource Outputs in Another AWS CloudFormation Stack.

2010-05-15

YAML support

September 19, 2016

You can use the YAML format to author AWS CloudFormation templates. YAML also allows you to, for example, add comments to your templates or use the short form for intrinsic functions. For more information, see AWS CloudFormation Template Formats.

2010-05-15

New intrinsic function

September 19, 2016

Use the Fn::Sub function to substitute variables in an input string with values that you specify. For more information, see Fn::Sub.

2010-05-15

New resources

September 19, 2016

AWS::KMS::Alias

Use the AWS::KMS::Alias resource to create an alias for an AWS Key Management Service customer master key.

Updated resources

September 19, 2016

AWS::EC2::SpotFleet

For the LaunchSpecifications property, use the SpotPrice property to specify a bid price for a specific instance type.

AWS::ECS::Cluster

Use the ClusterName property to specify a name for an Amazon EC2 Container Service cluster.

AWS::ECS::TaskDefinition

Use the TaskRoleArn property to specify an AWS Identity and Access Management role that Amazon EC2 Container Service containers use to make AWS calls on your behalf.

Use the Family property to register a task definition to a specific family.

AWS::Elasticsearch::Domain

Use the ElasticsearchVersion property to specify which version of Elasticsearch to use.

2010-05-15

New resources

August 11, 2016

Use the following Elastic Load Balancing Application load balancer resources to distribute incoming application traffic to multiple targets, such as EC2 instances, in multiple Availability Zones:

2010-05-15

Updated resource

August 11, 2016

AWS::AutoScaling::AutoScalingGroup

Use the TargetGroupARNs property to associate the Auto Scaling group with one or more Application load balancer target groups.

AWS::ECS::Service

For the load LoadBalancers property, use the TargetGroupArn property to associate an Amazon EC2 Container Service service with an Application load balancer target group.

2010-05-15

New resources

August 09, 2016

AWS CloudFormation added the following resources:

AWS::ApplicationAutoScaling::ScalableTarget and AWS::ApplicationAutoScaling::ScalingPolicy

Use an Application Auto Scaling scaling policy to define when and how a target resource scales.

AWS::CertificateManager::Certificate

Provision an AWS Certificate Manager certificate that you can use with other AWS services to enable secure connections.

2010-05-15

Updated resources

August 09, 2016

AWS CloudFormation updated the following resources:

AWS::CloudFront::Distribution

For the distribution configuration ViewerCertificate property, you can specify an AWS Certificate Manager certificate. For the distribution configuration Origin property, you can specify custom headers and the SSL protocols for custom origins.

AWS::EFS::FileSystem

You can specify the performance mode for an Amazon Elastic File System file system.

2010-05-15

New resources

July 20, 2016

AWS IoT

Use AWS IoT to declare an AWS IoT policy, an X.509 certificate, an association between a policy and a principal (an X.509 certificate or other credential), an AWS IoT thing, an association between a principal and a thing, or an AWS IoT rule.

2010-05-15

Updated resources

July 20, 2016

AWS CloudFormation updated the following resources:

AWS::IAM::Group, AWS::IAM::Role, AWS::IAM::User

Use the name properties to specify a custom name for AWS Identity and Access Management (IAM) resources.

AWS::ApiGateway::Method

For the Integration property, you can use the PassthroughBehavior property to specify when Amazon API Gateway passes requests to the targeted back end.

AWS::ApiGateway::Model and AWS::ApiGateway::RestApi

You can specify JSON objects for the Schema and Body properties.

2010-05-15

Auto Scaling group UpdatePolicy

June 9, 2016

For the UpdatePolicy attribute, use the AutoScalingReplacingUpdate property to specify whether an Auto Scaling group and the instances it contains are replaced when you update the Auto Scaling group. During a replacement, AWS CloudFormation retains the old Auto Scaling group until it creates the new one successfully so that AWS CloudFormation can roll back to the old Auto Scaling group if the update fails. For more information, see UpdatePolicy.

2010-05-15

New resource

June 9, 2016

AWS CloudFormation added the following resources:

AWS::EC2::FlowLog

Creates an Amazon Elastic Compute Cloud flow log that captures IP traffic for a specified network interface, subnet, or VPC.

AWS::KinesisFirehose::DeliveryStream

Creates a delivery stream that delivers real-time streaming data to a destination, such as Amazon Simple Storage Service, Amazon Redshift, or Amazon Elasticsearch Service.

2010-05-15

Updated resources

June 9, 2016

AWS CloudFormation updated the following resources:

AWS::Kinesis::Stream

Use the Name property to specify a name for an Amazon Kinesis stream.

AWS::Lambda::Function

For the Code property, you can use the ZipFile property and cfn response module for nodejs4.3 runtime environments.

AWS::SNS::Topic

AWS CloudFormation enabled updates for the Amazon Simple Notification Service topic resource.

2010-05-15

New resource

April 25, 2016

Use the AWS::EC2::Host resource to allocate a fully dedicated physical server for launching EC2 instances.

2010-05-15

Updated resources

April 25, 2016

AWS::EC2::Instance

Use the Affinity and HostId properties to launch instances onto an Amazon Elastic Compute Cloud dedicated host.

AWS::ECS::Service

Use the DeploymentConfiguration property to configure how many tasks can run during a deployment.

AWS::ECS::TaskDefinition

AWS CloudFormation added support for additional Amazon EC2 Container Service container definition properties.

AWS::GameLift::Fleet

Use the MaxSize and MinSize properties to specify the maximum and minimum number of EC2 instances allowed in your Amazon GameLift fleet.

AWS::Lambda::Function

Use the FunctionName property to specify a name for your AWS Lambda function. You can also use Python 2.7 to specify an inline function.

2010-05-15

New resources

April 18, 2016

Amazon API Gateway

Use the Amazon API Gateway resources to publish, maintain, and monitor APIs at any scale. You can create APIs that clients can call to access your back-end services, such as applications running EC2 instances or code running on AWS Lambda.

AWS::Events::Rule

Create an Amazon CloudWatch Events rule that monitors changes to AWS resources in your account (events). If an incoming event matches the conditions that you described in the rule, Amazon CloudWatch Events sends messages to and activates your specified targets, such as AWS Lambda functions or Amazon Simple Notification Service topics.

AWS::WAF::SizeConstraintSet and AWS::WAF::XssMatchSet

Use the two AWS WAF rules to check the size of a web request or to prevent cross-site scripting attacks.

2010-05-15

New resources

March 31, 2016

Use the AWS::Lambda::Alias resource to create aliases for your AWS Lambda functions and the AWS::Lambda::Version resource to create versions of your functions.

2010-05-15

Updated resources

March 31, 2016

AWS CloudFormation updated the following resources:

AWS::EMR::Cluster and AWS::EMR::InstanceGroupConfig

Use the EbsConfiguration property to configure Amazon Elastic Block Store storage volumes for your Amazon EMR clusters or instance groups.

AWS::Lambda::Function

Use the VpcConfig property to enable AWS Lambda functions to access resources in a VPC.

AWS::S3::Bucket

For the Amazon Simple Storage Service life cycle rules, you can specify multiple transition rules that specify when objects transition to a specified storage class.

2010-05-15

Change sets

March 29, 2016

Before updating stacks, use change sets to see how your changes might affect your running resources. For more information, see Updating Stacks Using Change Sets.

2010-05-15

New resources

March 15, 2016

Use the AWS::GameLift::Alias, AWS::GameLift::Build, and AWS::GameLift::Fleet resources to deploy multiplayer game servers in AWS.

2010-05-15

New resources

February 26, 2016

AWS CloudFormation added the following resources:

AWS::ECR::Repository

Create Amazon EC2 Container Registry repositories where users can push and pull Docker images.

AWS::EC2::NatGateway

Use the network address translator (NAT) gateway to enable EC2 instances in a private subnet to connect to the Internet.

AWS::Elasticsearch::Domain

Create Amazon Elasticsearch Service (Amazon ES) domains that contain the Amazon ES engine instances, which process Amazon ES requests.

AWS::EMR::Cluster, AWS::EMR::InstanceGroupConfig, AWS::EMR::Step

Use the Amazon EMR resources to help you analyze and process vast amounts of data. You can create clusters and then run jobs on them.

2010-05-15

Updated resources

February 26, 2016

AWS CloudFormation updated the following resources:

AWS::CloudTrail::Trail

Use the IsMultiRegionTrail property to specify whether to create an AWS CloudTrail trail in the region in which you create a stack or in all regions.

AWS::Config::ConfigurationRecorder

For the recording group, use the IncludeGlobalResourceTypes property to record all global resource types.

AWS::RDS::DBCluster

Use the KmsKeyId and StorageEncrypted properties to encrypt database instances in the cluster.

2010-05-15

Retain resources

February 26, 2016

For stacks in the DELETE_FAILED state, use the RetainResources parameter to retain resources that AWS CloudFormation can't delete. For more information, see Delete Stack Fails.

2010-05-15

Update stack tags

February 26, 2016

You can add, modify, or remove stack tags when you update a stack. For more information, see AWS CloudFormation Stacks Updates.

2010-05-15

Continue rolling back failed update rollbacks

January 25, 2016

For a stack in the UPDATE_ROLLBACK_FAILED state, you can continue rolling back the update to get your stack in a working state. That way, you can return the stack to its original settings and try to update it again. For more information, see Continue Rolling Back an Update.

2010-05-15

New sample templates available for the Asia Pacific (Seoul) region.

January 7, 2016

The following collection of AWS CloudFormation sample templates are for the ap-northeast-2 region:

  • Sample Solutions

  • Application Frameworks

  • Services

For more information, see Sample Templates.

2010-05-15

New resources

December 28, 2015

AWS CloudFormation added the following resources:

AWS::DirectoryService::MicrosoftAD

Use the Microsoft Active Directory resource to create a Microsoft Active Directory directory in AWS.

AWS::Logs::Destination and AWS::Logs::LogStream

Use the Amazon CloudWatch Logs resources to create a destination for real-time processing of log data or to create log streams, respectively.

AWS::WAF::ByteMatchSet, AWS::WAF::IPSet, AWS::WAF::Rule, AWS::WAF::SqlInjectionMatchSet, and AWS::WAF::WebACL

Use the AWS WAF resources to control and monitor web requests to your content.

2010-05-15

Resource updates

December 28, 2015

AWS CloudFormation updated the following resources:

AWS::CloudFront::Distribution

For the distribution configuration, use the WebACLId property to associate an AWS WAF web access control list (ACL) with an Amazon CloudFront distribution. For the cache behavior and default cache behavior, you can specify a default and maximum Time to Live (TTL) value.

AWS::DynamoDB::Table

You can create, update, or delete a global secondary index without replacing your Amazon DynamoDB table.

AWS::S3::Bucket

Use the ReplicationConfiguration property to specify which objects to replicate and where they are stored.

Use the properties in the NotificationConfiguration property to specify filters so that Amazon Simple Storage Service sends notifications for objects that you specify.

2010-05-15

Parameter grouping and sorting

December 3, 2015

Use the AWS::CloudFormation::Interface metadata key to group and sort parameters in the AWS CloudFormation console when users create or update a stack with your template.

2010-05-15

Update policy attribute

December 3, 2015

For an Auto Scaling update policy attribute, use the MinSuccessfulInstancesPercent property to specify the percentage of instances that must signal success for a successful update.

2010-05-15

New resources

December 3, 2015

AWS CloudFormation added the following resources:

AWS::CodePipeline::Pipeline and AWS::CodePipeline::CustomActionType

Use the AWS CodePipeline resources to create a pipeline that describes how software changes go through a release process.

AWS::Config::ConfigurationRecorder, AWS::Config::DeliveryChannel, and AWS::Config::ConfigRule

Use the AWS Config resources to monitor configuration changes to specific AWS resources.

AWS::KMS::Key

Use the AWS Key Management Service (AWS KMS) resource to create customer master keys in AWS KMS that users can use to encrypt small amounts of data.

AWS::SSM::Document

Use the Amazon EC2 Systems Manager to create a document that specifies on-instance configurations.

2010-05-15

Resources update

December 3, 2015

AWS CloudFormation updated the following resources:

AWS::AutoScaling::LaunchConfiguration

Specify whether EBS volumes are encrypted.

AWS::AutoScaling::ScalingPolicy

You can use two different policy types (simple and step scaling) to specify how an Auto Scaling group scales when an Amazon CloudWatch (CloudWatch) alarm is breached.

AWS::CloudTrail::Trail

Use the CloudWatch properties to send logs to a CloudWatch log group. You can add tags to a trail and specify an AWS KMS key that you want to use to encrypt logs.

AWS::CodeDeploy::Application, AWS::CodeDeploy::DeploymentConfig, and AWS::CodeDeploy::DeploymentGroup

Use the ApplicationName, DeploymentConfigName, and DeploymentGroupName properties to specify custom names for AWS CodeDeploy resources.

AWS::DynamoDB::Table

Use the StreamSpecification property to specify settings for capturing changes to items stored in an Amazon DynamoDB (DynamoDB) table.

AWS::EC2::Instance

Use the SsmAssociations property to associate an Amazon EC2 Systems Manager document with an instance.

AWS::EC2::SpotFleet

Use the AllocationStrategy property to specify how to allocate target capacity across Spot pools. Use the ExcessCapacityTerminationPolicy property to specify how instances are terminated if the target capacity is below the size of the Spot fleet.

AWS::Redshift::Cluster

Use the KmsKeyId property to specify an AWS KMS key to encrypt data in an Amazon Redshift cluster.

AWS::WorkSpaces::Workspace

Use the encryption properties to encrypt data stored on volumes.

2010-05-15

Resource update

November 4, 2015

For the AWS::EC2::Volume resource, use the AutoEnableIO property to automatically resume I/O operations if a volume's data becomes inconsistent.

2010-05-15

New resources

October 1, 2015

AWS CloudFormation added the following resources:

AWS::CodeDeploy::Application, AWS::CodeDeploy::DeploymentGroup, and AWS::CodeDeploy::DeploymentConfig

Use the AWS CodeDeploy resources to create and apply deployments to EC2 or on-premises instances.

AWS::DirectoryService::SimpleAD

Use the Simple Active Directory resource to create an AWS Directory Service Simple AD, which is a Microsoft Active Directory-compatible directory.

AWS::EC2::PlacementGroup

Use a placement group to create a cluster of instances in a low-latency network.

AWS::EC2::SpotFleet

Use a Spot fleet to launch a collection of Spot instances that run interruptible tasks.

AWS::Lambda::EventSourceMapping

Use the event source mapping resource to specify a stream as an event source for an AWS Lambda (Lambda) function.

AWS::Lambda::Permission

Use a Lambda permission to add a statement to a Lambda function's policy.

AWS::Logs::SubscriptionFilter

Use the subscription filter to define which log events are delivered to your Kinesis stream.

AWS::RDS::DBCluster and AWS::RDS::DBClusterParameterGroup

Use the cluster and cluster parameter group resources to create an Amazon Aurora DB cluster.

AWS::WorkSpaces::Workspace

Use Amazon WorkSpaces to create cloud-based desktop experiences.

2010-05-15

Resource updates

October 1, 2015

AWS CloudFormation updated the following resources:

AWS::ElastiCache::ReplicationGroup

Use the Fn::GetAtt intrinsic function to get a list of read-only replica addresses and ports.

AWS::OpsWorks::Stack

Use the AgentVersion property to specify a particular AWS OpsWorks agent.

AWS::OpsWorks::App

Use the Environment property to specify environment variables for an AWS OpsWorks app.

AWS::S3::Bucket

For the NotificationConfiguration property, you can configure notification settings for Lambda functions and Amazon Simple Queue Service (Amazon SQS) queues.

2010-05-15

IAM condition keys

October 1, 2015

For AWS Identity and Access Management (IAM) policies, use AWS CloudFormation-specific condition keys to specify when an IAM policy takes effect. For more information, see Controlling Access with AWS Identity and Access Management.

2010-05-15

AWS CloudFormation Designer

October 1, 2015

Use AWS CloudFormation Designer to create and modify templates using a drag-and-drop interface.

2010-05-15

New resource

August 24, 2015

Use the AWS::EC2::VPCEndpoint resource to establish a private connection between your VPC and another AWS service.

2010-05-15

Resource updates

August 24, 2015

AWS CloudFormation updated the following resources:

AWS::ElasticBeanstalk::Environment

Use the Tags property to specify tags (key-value pairs) for an AWS Elastic Beanstalk (Elastic Beanstalk) environment.

AWS::Lambda::Function

For the Code property, use the ZipFile property to write the source code of your Lambda function directly in a template. Currently, you can use the ZipFile property only for nodejs runtime environments. You can still point to a file in an S3 bucket for all runtime environments, such as java8 and nodejs.

AWS::OpsWorks::Instance

Use the EbsOptimized property to indicate whether an instance is optimized for Amazon Elastic Block Store (Amazon EBS) I/O.

AWS::RDS::DBInstance

For the SourceDBInstanceIdentifier property, you can specify a database instance in another region to create a cross-region read replica.

2010-05-15

Amazon S3 template URL

August 24, 2015

For versioning-enabled buckets, you can specify a version ID in an Amazon S3 template URL when you create or update a stack, such as https://s3.amazonaws.com/templates/myTemplate.template?versionId=123ab1cdeKdOW5IH4GAcYbEngcpTJTDW.

2010-05-15

New resource

August 3, 2015

Use the AWS::EFS::FileSystem resource to create an Amazon Elastic File System (Amazon EFS) file system and the AWS::EFS::MountTarget resource to create a mount point for a file system.

2010-05-15

Permission requirement change

June 11, 2015

When you create or update an AWS::RDS::DBInstance resource, you must now also have permission to call the ec2:DescribeAccountAttributes action.

2010-05-15

New resources

June 11, 2015

AWS CloudFormation added the following resources:

AWS::DataPipeline::Pipeline

Use data pipelines to automate the movement and transformation of data.

Amazon EC2 Container Service resources

Use the AWS::ECS::Service, AWS::ECS::Cluster, and AWS::ECS::TaskDefinition resources to create Docker containers on a cluster of EC2 instances.

AWS::ElastiCache::ReplicationGroup

Use replication groups to create a collection of nodes with one primary read-write cluster and a maximum of five secondary read-only clusters.

AWS::IAM::ManagedPolicy

Use managed policies to create policies in your AWS account that you can use to apply permissions to IAM users, groups, and roles.

AWS::Lambda::Function

Use Lambda functions to run code in response to events.

AWS::RDS::OptionGroup

Use option groups to help you create and manage Amazon Relational Database Service (Amazon RDS) databases.

2010-05-15

Resource updates

June 11, 2015

AWS CloudFormation updated the following resources:

AWS::EC2::Subnet

Use the MapPublicIpOnLaunch property to automatically assign public IP addresses to instances in a subnet.

AWS::ElastiCache::CacheCluster

Use the SnapshotName property to restore snapshot data into a new Redis cache cluster.

AWS::IAM::User

For the LoginProfile property, use the PasswordResetRequired property so that users are required to set a new password when they log in to the AWS Management Console.

AWS::OpsWorks::Layer

Use the LifecycleEventConfiguration property to configure lifecycle events for an AWS OpsWorks layer.

AWS::S3::Bucket

For the LifecycleConfiguration property, use the NoncurrentVersionExpirationInDays and NoncurrentVersionTransition properties to specify lifecycle rules for non-current object versions.

2010-05-15

New parameter types

May 19, 2015

Whenever you use the AWS CloudFormation console to create or update a stack, you can search for AWS-specific parameter type values by ID, name, or Name tag value.

AWS CloudFormation also added support for the following AWS-specific parameter types. For more information, see Parameters.

  • AWS::EC2::AvailabilityZone::Name

  • List<AWS::EC2::AvailabilityZone::Name>

  • AWS::EC2::Instance::Id

  • List<AWS::EC2::Instance::Id>

  • AWS::EC2::Image::Id

  • List<AWS::EC2::Image::Id>

  • AWS::EC2::SecurityGroup::GroupName

  • List<AWS::EC2::SecurityGroup::GroupName>

  • AWS::EC2::Volume::Id

  • List<AWS::EC2::Volume::Id>

  • AWS::Route53::HostedZone::Id

  • List<AWS::Route53::HostedZone::Id>

2010-05-15

New resources

April 16, 2015

AWS CloudFormation added the following resources:

AWS::AutoScaling::LifecycleHook

Use Auto Scaling lifecycle hooks to control the state of an instance after it is launched or terminated.

AWS::RDS::EventSubscription

Use event subscriptions to get notifications about Amazon RDS events.

2010-05-15

Resource updates

April 16, 2015

AWS CloudFormation updated the following resources:

AWS::AutoScaling::AutoScalingGroup

Use the NotificationConfigurations property to specify multiple notifications.

AWS::AutoScaling::LaunchConfiguration

Use the PlacementTenancy property to specify the tenancy of instances.

Use the ClassicLinkVPCId and ClassicLinkVPCSecurityGroups properties to link EC2-Classic instances to a ClassicLink-enabled VPC.

AWS::AutoScaling::ScalingPolicy

Use the MinAdjustmentStep property to specify the minimum number of instances that are added or removed during a scaling event.

AWS::CloudFront::Distribution

For viewer certificates, use the MinimumProtocolVersion property to specify a minimum protocol version. For cache behaviors, use the CachedMethods property to specify which methods Amazon CloudFront (CloudFront) caches responses for. For origins, use the OriginPath to specify a path that CloudFront uses to request content.

AWS::ElastiCache::CacheCluster

For Memcached cache clusters, use the AZMode and PreferredAvailabilityZones properties to specify nodes in multiple Availability Zones (AZs).

AWS::EC2::Volume

Use the KmsKeyId property to specify a master key for encrypted volumes.

AWS::OpsWorks::Instance

Use the TimeBasedAutoScaling property to automatically scale instances based on a schedule that you specify.

AWS::OpsWorks::Layer

Use the LoadBasedAutoScaling property to specify load-based scaling policies. For volume configurations, use the VolumeType and Iops properties to specify a volume type and the number of I/O operations per second, respectively.

AWS::RDS::DBInstance

Use the CharacterSetName property to specify a character set for supported database engines.

Use the StorageEncrypted property to indicate whether database instances will be encrypted and the KmsKeyId to specify a master key for encrypted database instances.

AWS::Route53::HealthCheck

Use the HealthCheckTags property to associate tags with health checks.

AWS::Route53::HostedZone

Use the VPCs property to create private hosted zones.

Use the HostedZoneTags property to associate tags with hosted zones.

2010-05-15

New template section

April 16, 2015

Add the Metadata section to your templates to include arbitrary JSON objects that describe your templates, such as the design or implementation details.

2010-05-15

Resource update

April 8, 2015

For the AWS::CloudFormation::CustomResource resource, you can specify Lambda function Amazon Resource Names (ARNs) in the ServiceToken property.

2010-05-15

Amazon RDS update

December 24, 2014

AWS CloudFormation added two new properties for RDS DB instances. You can associate an option group with a DB instance and specify the DB instance storage type. For more information, see AWS::RDS::DBInstance.

2010-05-15

Elastic Load Balancing update

December 24, 2014

You can use the ConnectionSettings property to specify how long connections can remain idle. For more information, see AWS::ElasticLoadBalancing::LoadBalancer.

2010-05-15

Amazon Route 53 update

November 6, 2014

You can now provision and manage Amazon Route 53 hosted zones, health checks, failover record sets, and geolocation record sets.

2010-05-15

Auto Scaling rolling update enhancement

November 6, 2014

During an update, you can use the WaitOnResourceSignals flag to instruct AWS CloudFormation to wait for instances to signal success. That way, AWS CloudFormation won't update the next batch of instances until the current batch is ready. For more information, see UpdatePolicy.

2010-05-15

New VPC Fn:GetAtt attributes

November 6, 2014

Given a VPC ID, you can retrieve the default security group and network ACL for that VPC. For more information, see Fn::GetAtt.

2010-05-15

New AWS-specific parameter types

November 6, 2014

You can specify AWS-specific parameter types in your AWS CloudFormation templates. In the AWS CloudFormation console, these parameter types provide a drop-down list of valid values. With the API or CLI, AWS CloudFormation can quickly validate values for these parameter types before creating or updating a stack. For more information, see Parameters.

2010-05-15

CreationPolicy attribute

November 6, 2014

With the CreationPolicy attribute, you can instruct AWS CloudFormation to wait until applications are ready on EC2 instances before proceeding with stack creation. You can use a creation policy instead of a wait condition and wait condition handle. For more information, see CreationPolicy.

2010-05-15

Amazon CloudFront forwarded values

September 29, 2014

For cache behaviors, you can forward headers to the origin. See CloudFront ForwardedValues.

2010-05-15

AWS OpsWorks update

September 29, 2014

For Chef 11.10, you can use the ChefConfiguration property to enable Berkshelf. You can also use the AWS OpsWorks built-in security groups with your AWS OpsWorks stacks. For more information, see AWS::OpsWorks::Stack.

2010-05-15

Elastic Load Balancing tagging support

September 29, 2014

AWS CloudFormation tags Elastic Load Balancing load balancers with stack-level tags. You can also add your own tags to a load balancer. See AWS::ElasticLoadBalancing::LoadBalancer.

2010-05-15

Amazon Simple Notification Service topic policy update

September 29, 2014

You can now update Amazon SNS topic policies. For more information, see AWS::SNS::TopicPolicy.

2010-05-15

RDS DB instance update

September 5, 2014

You can specify whether a DB instance is Internet-facing by using the PubliclyAccessible property in the AWS::RDS::DBInstance resource.

2010-05-15

UpdatePolicy attribute update

September 05, 2014

You can specify an update policy for an Auto Scaling group that has an associated scheduled action. For more information, see UpdatePolicy.

2010-05-15

Amazon CloudWatch support

July 10, 2014

You can use AWS CloudFormation to provision and manage Amazon CloudWatch Logs (CloudWatch Logs) log groups and metric filters. For more information, see AWS::Logs::LogGroup or AWS::Logs::MetricFilter.

2010-05-15

Amazon CloudFront distribution configuration update

June 17, 2014

You can specify additional CloudFront distribution configuration properties:

  • Custom error responses define custom error messages for 4xx and 5xx HTTP status codes.

  • Price class defines the maximum price that you want to pay for the CloudFront service.

  • Restrictions define who can view your content.

  • Viewer certificate specifies the certificate to use when viewers use HTTPS.

  • For cache behaviors, you can specify allowed HTTP methods and indicate whether to forward cookies.

For more information, see AWS::CloudFront::Distribution.

2010-05-15

EC2 instance update

June 17, 2014

You can specify whether an instance stops or terminates when you invoke the instance's operating system shutdown command. For more information, see AWS::EC2::Instance.

2010-05-15

EBS volume update

June 17, 2014

You can use encrypted EBS volumes with supported instance types. For more information, see AWS::EC2::Volume.

2010-05-15

New Amazon VPC peering connection

June 17, 2014

You can use AWS CloudFormation to create an Amazon Virtual Private Cloud (Amazon VPC) peering connection, which establishes a network connection between two VPCs. For more information, see AWS::EC2::VPCPeeringConnection.

2010-05-15

Auto Scaling group update

June 17, 2014

You can specify an existing cluster placement group in which to launch instances for an Auto Scaling group. For more information, see AWS::AutoScaling::AutoScalingGroup.

2010-05-15

AWS CloudTrail support

June 17, 2014

AWS CloudFormation supports AWS CloudTrail, which can capture API calls made from your AWS account and publish the logs at a location you designate. For more information, see AWS::CloudTrail::Trail.

2010-05-15

Update stack enhancements

May 12, 2014

AWS CloudFormation supports additional features for updating stacks:

  • You can update AWS CloudFormation stack parameters without resubmitting the stack's template.

  • You can add or remove Amazon SNS notification topics for an AWS CloudFormation stack.

For more information, see AWS CloudFormation Stacks Updates.

2010-05-15

Amazon Kinesis support

May 6, 2014

You can use AWS CloudFormation to create Amazon Kinesis streams that capture and transport data records from data sources. For more information, see AWS::Kinesis::Stream.

2010-05-15

New S3 bucket properties

May 5, 2014

AWS CloudFormation supports additional S3 bucket properties:

  • Cross-origin resource sharing (CORS) defines cross-origin resource sharing of objects in a bucket.

  • Lifecycle defines how Amazon S3 manages objects during their lifetime.

  • Access logging policy captures information about requests made to your bucket.

  • Notifications define which events to report and which Amazon SNS topic to send messages to.

  • Versioning enables multiple variants of all objects in a bucket.

  • Redirect and routing rules govern redirect behavior for requests made to a bucket's website endpoint.

For more information, see AWS::S3::Bucket.

2010-05-15

Auto Scaling support

May 5, 2014

AWS CloudFormation supports metrics collection for an Auto Scaling group. For more information, see AWS::AutoScaling::AutoScalingGroup.

2010-05-15

Fn::If update

May 5, 2014

You can use the Fn::If intrinsic function in the output section of a template. For more information, see Condition Functions.

2010-05-15

API logging with AWS CloudTrail

April 2, 2014

You can use AWS CloudTrail (CloudTrail) to log AWS CloudFormation requests. With CloudTrail you can get a history of AWS CloudFormation API calls for your account. For more information, see Logging AWS CloudFormation API Calls in AWS CloudTrail.

2010-05-15

Elastic Load Balancing update

March 20, 2014

You can specify an access logging policy to capture information about requests made to your load balancer. You can also specify a connection draining policy that describes how to handle in-flight requests when instances are deregistered or become unhealthy. For more information, see AWS::ElasticLoadBalancing::LoadBalancer.

2010-05-15

AWS OpsWorks support

March 3, 2014

You can use AWS CloudFormation to provision and manage AWS OpsWorks stacks. For more information, see AWS::OpsWorks::Stack or AWS OpsWorks Template Snippets.

2010-05-15

Amazon S3 template size limit increase

February 18, 2014

You can specify template sizes up to 460,800 bytes in Amazon S3.

2010-05-15

Amazon Redshift support

February 10, 2014

You can use AWS CloudFormation to provision and manage Amazon Redshift clusters. For more information, see Amazon Redshift Template Snippets or AWS::Redshift::Cluster.

2010-05-15

S3 buckets and bucket policies update

February 10, 2014

You can update some properties of the S3 bucket and bucket policy resources. For more information, see AWS::S3::Bucket or AWS::S3::BucketPolicy.

2010-05-15

Elastic Beanstalk environments and application versions update

February 10, 2014

You can update Elastic Beanstalk environment configurations and application versions. For more information, see AWS::ElasticBeanstalk::Environment, AWS::ElasticBeanstalk::ConfigurationTemplate, or AWS::ElasticBeanstalk::ApplicationVersion.

2010-05-15

Amazon SQS update

January 29, 2014

You can specify a dead letter queue for an Amazon SQS queue. For more information, see AWS::SQS::Queue.

2010-05-15

Auto Scaling scheduled actions

January 27, 2014

You can scale the number of EC2 instances in an Auto Scaling group based on a schedule. By using a schedule, you can scale applications in response to predictable load changes. For more information, see AWS::AutoScaling::ScheduledAction.

2010-05-15

DynamoDB secondary indexes

January 27, 2014

You can create local and global secondary indexes for DynamoDB databases. By using secondary indexes, you can efficiently access data with attributes other than the primary key. For more information, see AWS::DynamoDB::Table.

2010-05-15

Auto Scaling update

January 2, 2014

You can specify an instance ID for an Auto Scaling group or launch configuration. You can also specify additional Auto Scaling block device properties. For more information, see AWS::AutoScaling::AutoScalingGroup or AWS::AutoScaling::LaunchConfiguration.

2010-05-15

Amazon SQS update

January 2, 2014

You can update SQS queues and specify additional properties. For more information, see AWS::SQS::Queue.

2010-05-15

Limit increases

January 2, 2014

You can specify up to 60 parameters and 60 outputs in your AWS CloudFormation templates.

2010-05-15

New console

December 19, 2013

The new AWS CloudFormation console adds features like auto-refreshing stack events and alphabetical ordering of stack parameters.

2010-05-15

Cross-zone load balancing

December 19, 2013

With cross-zone load balancing, you can route traffic to back-end instances across all Avalibility Zones (AZs). For more information, see AWS::ElasticLoadBalancing::LoadBalancer.

2010-05-15

AWS Elastic Beanstalk environment tiers

December 19, 2013

You can specify whether AWS Elastic Beanstalk provisions resources to support a web server or to handle background processing tasks. For more information, see AWS::ElasticBeanstalk::Environment.

2010-05-15

Resource names

December 19, 2013

You can assign names (physical IDs) to the following resources:

  • ElastiCache clusters

  • Elastic Load Balancing load balancers

  • RDS DB instances

For more information, see Name Type.

2010-05-15

VPN support

November 22, 2013

You can enable a virtual private gateway (VGW) to propagate routes to the routing tables of a VPC. For more information, see AWS::EC2::VPNGatewayRoutePropagation.

2010-05-15

Conditionally create resources and assign properties

November 8, 2013

Using input parameters, you can control the creation and settings of designated stack resources by defining conditions in your AWS CloudFormation templates. For example, you can use conditions to create stack resources for a production environment. Using the same template, you can create similar stack resources with lower capacity for a test environment. For more information, see Condition Functions.

2010-05-15

Prevent accidental updates to stack resources

November 8, 2013

You can prevent stack updates that might result in unintentional changes to stack resources. For example, if you have a stack with a database layer that should rarely be updated, you can set a stack policy that prevents most users from updating that database layer. For more information, see Prevent Updates to Stack Resources.

2010-05-15

Name resources

November 8, 2013

Instead of using AWS CloudFormation-generated physical IDs, you can assign names to certain resources. The following AWS CloudFormation resources support naming

  • CloudWatch alarms

  • DynamoDB tables

  • Elastic Beanstalk applications and environments

  • S3 buckets

  • SNS topics

  • Amazon SQS queues

For more information, see Name Type.

2010-05-15

Assign custom resource types

November 8, 2013

In your templates, you can specify your own resource type for AWS CloudFormation custom resources (AWS::CloudFormation::CustomResource). By using your own custom resource type name, you can quickly identify the type of custom resources that you have in your stack. For example, you can specify "Type": "Custom::MyCustomResource". For more information, see AWS::CloudFormation::CustomResource.

2010-05-15

Add pseudo parameter

November 8, 2013

You can now refer to the AWS AccountID inside AWS CloudFormation templates by referring to the AWS::AccountID pseudo parameter. For more information, see Pseudo Parameters Reference.

2010-05-15

Specify stacks in IAM policies

November 8, 2013

You can allow or deny IAM users, groups, or roles to operate on specific AWS CloudFormation stacks. For example, you can deny the delete stack action on a specific stack ID. For more information, see Controlling Access with AWS Identity and Access Management.

2010-05-15

Federation support

October 14, 2013

AWS CloudFormation supports temporary security credentials from IAM roles, which enable scenarios such as federation and single sign-on to the AWS Management Console. You can also make calls to AWS CloudFormation from EC2 instances without embedding long-term security credentials by using IAM roles. For more information about AWS CloudFormation and IAM, see Controlling Access with AWS Identity and Access Management.

2010-05-15

Amazon RDS read replica support

September 24, 2013

You can now create Amazon RDS read replicas from a source DB instance. For more information, see the SourceDBInstanceIdentifier property in the AWS::RDS::DBInstance resource.

2010-05-15

Associate public IP address with instances in an Auto Scaling group

September 19, 2013

You can now associate public IP addresses with instances in an Auto Scaling group. For more information, see AWS::AutoScaling::LaunchConfiguration.

2010-05-15

Additional VPC support

September 17, 2013

AWS CloudFormation adds several enhancements to support VPC and VPN functionality

  • You can associate a public IP address and multiple private IP addresses to Amazon EC2 network interfaces. For more information, see AWS::EC2::NetworkInterface. You can also associate a primary private IP address to an elastic IP address (EIP).

  • You can enable DNS support and specify DNS host names. For more information, see AWS::EC2::VPC.

  • You can specify a static route between a virtual private gateway to your VPN gateway. For more information, see AWS::EC2::VPNConnectionRoute.

2010-05-15

Redis and VPC security groups support for Amazon ElastiCache

September 3, 2013

You can now specify Redis as the cache engine for an Amazon ElastiCache (ElastiCache) cluster. You can also now assign VPC security groups to ElastiCache clusters. For more information, see AWS::ElastiCache::CacheCluster.

2010-05-15

Parallel stack creation, update and deletion, and nested stack updates

August 12, 2013

AWS CloudFormation now creates, updates, and deletes resources in parallel, improving the operations' performance. If you update a top-level template, AWS CloudFormation automatically updates nested stacks that have changed. For more information, see AWS CloudFormation Stacks Updates.

2010-05-15

VPC security groups can now be set in RDS DB instances

February 28, 2013

You can now assign VPC security groups to an RDS DB instance with AWS CloudFormation. For more information, see the VPCSecurityGroups property in AWS::RDS::DBInstance.

2010-05-15

Rolling deployments for Auto Scaling groups

February 20, 2013

AWS CloudFormation now supports update policies on Auto Scaling groups, which describe how instances in the Auto Scaling group are replaced or modified when the Auto Scaling group adds or removes instances. You can modify these settings at stack creation or during a stack update.

For more information and an example, see UpdatePolicy.

2010-05-15

Cancel and rollback action for stack updates

February 20, 2013

AWS CloudFormation supports the ability to cancel a stack update. The stack must be in the UPDATE_IN_PROGRESS state when the update request is made. More information is available in the following topics:

2010-05-15

EBS-optimized instances for Auto Scaling groups

February 20, 2013

You can now provision EBS-optimized instances in Auto Scaling groups for dedicated throughput to Amazon Elastic Block Store (Amazon EBS) in autoscaled instances. The implementation is similar to that of the previously released support for optimized Amazon EBS EC2 instances.

For more information, see the new EbsOptimized property in AWS::AutoScaling::LaunchConfiguration.

2010-05-15

New documentation

December 21, 2012

AWS::EC2::Instance now provides a BlockDeviceMappings property to allow you to set block device mappings for your EC2 instance.

With this change, two new types have been added:

2010-05-15

New documentation

December 21, 2012

New sections have been added to describe the procedures for creating and viewing stacks using the recently redesigned AWS Management Console. You can find them here:

2010-05-15

New documentation

November 15, 2012

Information about custom resources is provided in the following topics:

2010-05-15

Updated documentation

November 15, 2012

AWS CloudFormation now supports specifying provisioned I/O operations per second (IOPS) for RDS DB instances. You can set this value from 1000–10,000 in 1000 IOPS increments by using the new Iops property in AWS::RDS::DBInstance.

For more information about specifying IOPS for RDS DB instances, see Provisioned IOPS in the Amazon Relational Database Service User Guide.

2010-05-15

New and updated documentation

August 27, 2012

Topics have been reorganized to more clearly provide specific information about using the AWS Management Console and using the AWS CloudFormation command-line interface (CLI).

Information about tagging AWS CloudFormation stacks has been added, including new guides and updated reference topics:

New information about working with Windows stacks:

New topic: Using Regular Expressions in AWS CloudFormation Templates.

2010-05-15

New feature

April 25, 2012

AWS CloudFormation now provides full support for Virtual Private Cloud (VPC) security with Amazon EC2 You can now create and populate an entire VPC with every type of VPC resource (subnets, gateways, network ACLs, route tables, and so forth) using a single AWS CloudFormation template.

Templates that demonstrate new VPC features can be downloaded:

Documentation for the following resource types has been updated:

New resource types have been added to the documentation:

2010-05-15

New feature

April 13, 2012

AWS CloudFormation now allows you to add or remove elements from a stack when updating it. AWS CloudFormation Stacks Updates has been updated, and a new section has been added to the walkthrough: Change the Stack's Resources, which describes how to add and remove resources when updating the stack.

2010-05-15

New feature

February 2, 2012

AWS CloudFormation now provides support for resources in an existing Amazon Virtual Private Cloud (Amazon VPC). With this release, you can:

  • Launch an EC2 Dedicated instance into an existing Amazon VPC. For more information, see AWS::EC2::Instance.

  • Set the SourceDestCheck attribute of an EC2 instance that resides in an existing Amazon VPC. For more information, see AWS::EC2::Instance.

  • Create Elastic IP addresses in an existing Amazon VPC. For more information, see AWS::EC2::EIP.

  • Use AWS CloudFormation to create Amazon VPC security groups and ingress/egress rules in an existing VPC. For more information, see AWS::EC2::SecurityGroup.

  • Associate an Auto Scaling group with an existing Amazon VPC by setting the VPCZoneIdentifier property of your AWS::AutoScaling::AutoScalingGroup resource. For more information, see AWS::AutoScaling::AutoScalingGroup.

  • Attach an Elastic Load Balancing load balancer to a Amazon VPC subnet and create security groups for the load balancer. For more information, see AWS::ElasticLoadBalancing::LoadBalancer.

  • Create an RDS DB instance in an existing Amazon VPC. For more information, see AWS::RDS::DBInstance.

2010-05-15

New feature

February 2, 2012

You can now update properties for the following resources in an existing stack:

For a complete list of updatable resources and details about what to consider when updating a stack, see AWS CloudFormation Stacks Updates.

2010-05-15

Restructured guide

February 2, 2012

Reorganized existing sections into new sections: Working with AWS CloudFormation Templates and Managing Stacks. Moved Template Reference to the top level of the Table of Contents. Moved Estimating the Cost of Your AWS CloudFormation Stack to the Getting Started section.

2010-05-15

New content

February 2, 2012

Added three new sections:

2010-05-15

New feature

May 26, 2011

AWS CloudFormation now provides the aws cloudformation list-stacks command, which enables you to list stacks filtered by stack status. Deleted stacks can be listed for up to 90 days after they have been deleted. For more information, see Describing and Listing Your Stacks.

2010-05-15

New features

May 26, 2011

The aws cloudformation describe-stack-resources and aws cloudformation get-template commands now enable you to get information from stacks that have been deleted for 90 days after they have been deleted. For more information, see Listing Resources and Retrieving a Template.

2010-05-15

New link

March 1, 2011

AWS CloudFormation endpoint information is now located in the AWS General Reference. For more information, go to Regions and Endpoints in Amazon Web Services General Reference.

2010-05-15

Initial release

February 25, 2011

This is the initial public release of AWS CloudFormation.

2010-05-15