AWS Documentation » AWS CloudFormation » User Guide » Release History

Release History

The following table describes important changes in each release of the AWS CloudFormation User Guide after May 2018. For notification about updates to this documentation, you can subscribe to an RSS feed.

Change	Description	Date
The CAPABILITY_AUTO_EXPAND capability is now available.	Use the CAPABILITY_AUTO_EXPAND capability to create or update a stack directly from a stack template that contains macros, without first reviewing the resulting changes in a change set first. For more information, see CreateStack or UpdateStack in AWS CloudFormation API Reference.	December 7, 2018
Updated resource	The following resource was updated: AWS::CodeBuild::Project. AWS::CodeBuild::Project In the AWS CodeBuild Project Environment property type, you can use the Certificate property to specify a certificate to use with your build project. In the AWS CodeBuild Project Artifacts property type, you can use the ArtifactIdentifier property to identify the project artifact. In the AWS CodeBuild Project Source property type, you can use the SourceIdentifier property to identify the project source.	December 6, 2018
Updated resource	The following resource was updated: AWS::Lambda::Function AWS::Lambda::Function Use the Layers property to specify a list of Amazon Resource Names (ARNs) for the function layers to add to the function's execution environment.	November 29, 2018
New resources	The following resources were added: AWS::Lambda::LayerVersion, AWS::Lambda::LayerVersionPermission. AWS::Lambda::LayerVersion Use the AWS CloudFormation AWS::Lambda::LayerVersion resource to create a layer version in AWS Lambda. AWS::Lambda::LayerVersionPermission Use the AWS CloudFormation AWS::Lambda::LayerVersionPermission resource to give other accounts permission to use a layer version in AWS Lambda.	November 29, 2018
Updated resources	The following resources were updated: AWS::DynamoDB::Table, AWS::EC2::Instance, and AWS::ServiceDiscovery::Service. AWS::DynamoDB::Table Use the BillingMode property to specify how you are charged for read and write throughput and how you manage capacity. The ProvisionedThroughput property is now conditional. In the GlobalSecondaryIndex property type, the ProvisionedThroughput property is now conditional. AWS::EC2::Instance Use the ElasticInferenceAccelerators property to specify a list of elastic inference accelerators for an instance. Use the LicenseSpecifications property to associate a list of license configuration with an instance. AWS::ServiceDiscovery::Service Use the NamespaceId property to specify the ID of the namespace that you want to use to create the service. In the DnsConfig property type, use the RoutingPolicy property to specify the routing policy that you want to apply to all DNS records that AWS Cloud Map creates when you register an instance and specify this service.	November 28, 2018
New resource	The following resource was added: AWS::ServiceDiscovery::HttpNamespace. AWS::ServiceDiscovery::HttpNamespace Use the HttpNamespace resource to create an HTTP namespace for Cloud Map.	November 28, 2018
New resources	The following resources were added: AWS::EC2::TransitGateway, AWS::EC2::TransitGatewayAttachment, AWS::EC2::TransitGatewayRoute, AWS::EC2::TransitGatewayRouteTable, AWS::EC2::TransitGatewayRouteTableAssociation, and AWS::EC2::TransitGatewayRouteTablePropagation. AWS::EC2::TransitGateway Use the AWS::EC2::TransitGateway resource to create a transit gateway. AWS::EC2::TransitGatewayAttachment Use the AWS::EC2::TransitGatewayAttachment resource to create an attachment between a VPC and a transit gateway. AWS::EC2::TransitGatewayRouteTable Use the AWS::EC2::TransitGatewayRouteTable resource to create a static route for a transit gateway route table. AWS::EC2::TransitGatewayRouteTable Use the AWS::EC2::TransitGatewayRouteTable resource to create a route table for a transit gateway. AWS::EC2::TransitGatewayRouteTableAssociation Use the AWS::EC2::TransitGatewayRouteTableAssociation resource to associate an attachment with a transit gateway route table. AWS::EC2::TransitGatewayRouteTablePropagation Use the AWS::EC2::TransitGatewayRouteTablePropagation resource to enable an attachment to propagate routes.	November 26, 2018
Updated resources	The following resources were updated: AWS::AppSync::DataSource, AWS::AppSync::Resolver, AWS::AutoScalingPlans::ScalingPlan, AWS::Batch::JobDefinition, AWS::Batch::ComputeEnvironment, AWS::CloudWatch::Alarm, AWS::IoT1Click::Placement, and AWS::IoT1Click::Project. AWS::AppSync::DataSource Use the RelationalDatabaseConfig property type to specify RelationalDatabaseConfig for an AWS AppSync data source. In the HttpConfig property type, use the AuthorizationConfig property to specify the authorization type and configurations for an AWS AppSync http data source. AWS::AppSync::Resolver Use the PipelineConfig property type to specify PipelineConfig for an AWS AppSync data source to connect with functions. AWS::AutoScalingPlans::ScalingPlan Use the ScalingInstruction property type to configure predictive scaling as part of the scaling configuration for an Amazon EC2 Auto Scaling group in an AWS Auto Scaling scaling plan. Use the PredefinedLoadMetricSpecification property type to specify a predefined load metric for predictive scaling to use with AWS Auto Scaling. Use the CustomizedLoadMetricSpecification property type to specify a customized load metric for predictive scaling to use with AWS Auto Scaling. AWS::Batch::JobDefinition The AWS::Batch::JobDefinition resource was updated to support AWS Batch multi-node parallel jobs. AWS::Batch::ComputeEnvironment The AWS::Batch::ComputeEnvironment resource was updated to support Amazon EC2 launch templates and placement groups. AWS::CloudWatch::Alarm Use the Metrics property to specify the metric data to return. The MetricName, Namespace, and Period properties are now optional. AWS::IoT1Click::Placement The PlacementName property is now optional. AWS::IoT1Click::Project The ProjectName property is now optional.	November 20, 2018
New resources	The following resources were added: Alexa::ASK::Skill, AWS::AppSync::FunctionConfiguration, AWS::EC2::EC2Fleet, AWS::Kinesis::StreamConsumer, AWS::Route53Resolver:ResolverEndpoint, and AWS::Route53Resolver::ResolverRule. Alexa::ASK::Skill Use the Alexa::ASK::Skill resource to create an Alexa skill. AWS::AppSync::FunctionConfiguration Use the AWS::AppSync::FunctionConfiguration resource to describe the functions defined with appsync datasource in AWS AppSync. AWS::EC2::EC2Fleet Use the AWS::EC2::EC2Fleet resource to launch an EC2 Fleet that can include multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet. AWS::Kinesis::StreamConsumer Use the AWS::Kinesis::StreamConsumer resource to to register a consumer with a Kinesis data stream. AWS::Route53Resolver::ResolverEndpoint Use the AWS::Route53Resolver::ResolverEndpoint resource to specify settings for inbound or outbound endpoints for Amazon Route 53. AWS::Route53Resolver::ResolverRule Use the AWS::Route53Resolver::ResolverRule resource to specify detailed information about a resolver rule, which specifies how to route DNS queries out of a VPC for Amazon Route 53.	November 20, 2018
Updated resources	The following resources were updated: AWS::ApiGateway::Deployment, AWS::ApiGateway::Stage, AWS::AutoScaling::AutoScalingGroup, AWS::EC2::EIP, AWS::ElasticLoadBalancingV2::Listener, AWS::EMR::Cluster, AWS::OpsWorks::Layer, AWS::RDS::DBCluster, AWS::RDS::DBInstance, AWS::S3::Bucket, and AWS::SNS::Topic. AWS::ApiGateway::Deployment In the StageDescription property type, use the Tags property to specify the AWS CloudFormation resource tags to associate with the stage. AWS::ApiGateway::Stage Use the Tags property to specify the AWS CloudFormation resource tags to associate with the stage. AWS::AutoScaling::AutoScalingGroup Use the MixedInstancesPolicy property to provision a combination of On-Demand Instances and Spot Instances across multiple instance types. When you create your Auto Scaling group, you can specify a launch configuration or template as a parameter for the top-level object, or you can specify a mixed instances policy, but not both at the same time. AWS::EC2::EIP Use the PublicIpv4Pool property to specify the ID of an address pool that you own to let Amazon EC2 select an address from the address pool. AWS::ElasticLoadBalancingV2::Listener In the Action property type: Use the AuthenticateCognitoConfig property to specify request parameters to use when integrating with Amazon Cognito to authenticate users. Use the AuthenticateOidcConfig property to request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users. Use the FixedResponseConfig property to specify information about an action that returns a custom HTTP response. Use the RedirectConfig property to specify information about a redirect action. AWS::ElasticLoadBalancingV2::ListenerRule In the Actions property type: Use the AuthenticateCognitoConfig property to specify request parameters to use when integrating with Amazon Cognito to authenticate users. Use the AuthenticateOidcConfig property to request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users. Use the FixedResponseConfig property to specify information about an action that returns a custom HTTP response. Use the RedirectConfig property to specify information about a redirect action. AWS::EMR::Cluster Use the Amazon EMR Cluster HadoopJarStepConfig property type to specify a job flow step consisting of a JAR file whose main function will be executed. Use the Amazon EMR Cluster StepConfig property type to specify a cluster (job flow) step. Use the Amazon EMR Cluster KeyValue property type to specify a key value pair. In the Amazon EMR Cluster JobFlowInstancesConfig property type, use KeepJobFlowAliveWhenNoSteps property to specify whether the cluster should remain available after completing all steps. AWS OpsWorks VolumeConfiguration In the VolumeConfiguration property type, use the Encrypted property to specify whether an Amazon EBS volume is encrypted. AWS::RDS::DBCluster Use the DeletionProtection property to indicate whether the DB cluster should have deletion protection enabled. The database can't be deleted when this value is set to true. If you want to delete a stack with a protected cluster, update this value to false before you delete the stack. AWS::RDS::DBInstance Use the DeleteAutomatedBackups property to indicate whether automated backups should be deleted (true) or retained (false) when you delete a DB instance. The default is true. Use the DeletionProtection property to indicate whether the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to true. If you want to delete a stack with a protected instance, update this value to false before you delete the stack. AWS::S3::Bucket Use the PublicAccessBlockConfiguration property to specify the public access configuration for an Amazon S3 bucket. AWS::SNS::Topic Use the KmsMasterKeyId property to specify an AWS KMS key identifier. This can be a key ID, key ARN, or key alias.	November 19, 2018
Updated resource	The following resource was updated: AWS::CodePipeline::Pipeline. AWS::CodePipeline::Pipeline Use the ArtifactStores property to specify a list of ArtifactStoreMap mappings. There must be an artifact store for the pipeline region and for each cross-region action within the pipeline. You can only use either ArtifactStore or ArtifactStores, not both. In the Actions property type, use the Region property to specify the action’s AWS Region, such as us-east-1.	November 13, 2018
Stack drift detection added	Drift detection enables you to detect whether a stack's actual configuration differs, or has drifted, from its expected template configuration as defined within AWS CloudFormation. You can have AWS CloudFormation detect drift on an entire stack, or individual stack resources. For more information, see Detecting Unmanaged Configuration Changes to Stacks and Resources.	November 13, 2018
Updated resources	The following resources have been updated: AWS::ApiGateway::Deployment, AWS::ApiGateway::Stage, AWS::CloudWatch::Alarm, AWS::EC2::SecurityGroupIngress, AWS::IAM::Role, AWS::IAM::User, AWS::IoT::TopicRule, AWS::KMS::Key, AWS::RDS::DBCluster, AWS::RDS::DBInstance, AWS::Route53::RecordSet, AWS::S3::Bucket, and AWS::Workspaces::Workspace. AWS::ApiGateway::Deployment In the StageDescription property type, use the TracingEnabled property to specify whether active tracing with X-ray is enabled for this stage. AWS::ApiGateway::Stage Use the TracingEnabled property to specify whether active tracing with X-ray is enabled for this stage. AWS::CloudWatch::Alarm Use the DatapointsToAlarm property to specify the number of datapoints that must be breaching to trigger the alarm. This is used only if you are setting an "M out of N" alarm. In that case, this value is the M. AWS::EC2::SecurityGroupIngress Use the SourcePrefixListId property to specify the AWS service prefix of an Amazon VPC endpoint. AWS::IAM::Role Use the PermissionsBoundary property to specify the policy that is used to set the permissions boundary for the role. AWS::IAM::User Use the PermissionsBoundary property to specify the policy that is used to set the permissions boundary for the user. AWS::IoT::TopicRule In the TopicRulePayload property type, use the ErrorActions property to specify the action to take when an error occurs. In the Action property type: Use the IoTAnalytics property to send message data to an AWS IoT Analytics channel. Use the StepFunctionsAction property to start execution of a Step Functions state machine. AWS::KMS::Key Use the PendingWindowInDays property to specify the waiting period, specified in number of days, after which AWS KMS deletes the customer master key (CMK). AWS::RDS::DBInstance Use the EnableCloudwatchLogExports property to specify the list of log types that need to be enabled for exporting to CloudWatch Logs. Use the EnableIAMDatabaseAuthentication property to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. Use the EnablePerformanceInsights property to enable Performance Insights for the DB instance. Use the PerformanceInsightsKMSKeyId property to specify the AWS KMS key identifier for encryption of Performance Insights data. The AWS KMS key ID is the Amazon Resource Name (ARN), AWS KMS key identifier, or the AWS KMS key alias for the AWS KMS encryption key. Use the PerformanceInsightsRetentionPeriod property to specify the amount of time, in days, to retain Performance Insights data. Use the ProcessorFeatures property to specify the number of CPU cores and the number of threads per core for the DB instance class of the DB instance. Use the PromotionTier property to specify the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. AWS::RDS::DBCluster Use the EnableCloudwatchLogExports property to specify the list of log types that need to be enabled for exporting to CloudWatch Logs. Use the EnableIAMDatabaseAuthentication property to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. Use the BacktrackWindow property to specify the target backtrack window, in seconds. To disable backtracking, specify 0. If specified, this property must be set to a number from 0 to 259,200 (72 hours). AWS::Route53::RecordSet Use the MultiValueAnswer property to route traffic approximately randomly to multiple resources, such as web servers. Create one multivalue answer record for each resource and specify true for MultiValueAnswer. AWS::S3::Bucket Use the RegionalDomainName attribute with the Fn::GetAtt function to return the regional domain name of the specified bucket. AWS::WorkSpaces::Workspace Use the Tags property to specify the tags (key-value pairs) that you want to attach to the WorkSpace. Use the WorkspaceProperties property to specify information about a WorkSpace.	November 9, 2018
The secretsmanager dynamic reference is now available.	Use the secretsmanager dynamic reference to retrieve entire secrets or secret values that are stored in AWS Secrets Manager for use in your templates. Secrets can be database credentials, passwords, third-party API keys, and even arbitrary text. Using the secretsmanager dynamic reference guarantees that neither Secrets Manager nor CloudFormation logs or persists any resolved secret value. For more information, see Using Dynamic References to Specify Template Values.	November 9, 2018
New resources	The following resources were added: AWS::DLM::LifecyclePolicy, AWS::SecretsManager::ResourcePolicy, AWS::SecretsManager::RotationSchedule, AWS::SecretsManager::Secret, and AWS::SecretsManager::SecretTargetAttachment. AWS::DLM::LifecyclePolicy The AWS::DLM::LifecyclePolicy resource creates a lifecycle policy for Amazon Data Lifecycle Manager. AWS::SecretsManager::ResourcePolicy Use the AWS::SecretsManager::ResourcePolicy resource to define a resource-based policy and attach it to a secret that's stored in Secrets Manager. AWS::SecretsManager::RotationSchedule Use the AWS::SecretsManager::RotationSchedule resource to configure rotation for a secret. AWS::SecretsManager::Secret Use the AWS::SecretsManager::Secret resource to create a secret and stores it in Secrets Manager. AWS::SecretsManager::SecretTargetAttachment Use the AWS::SecretsManager::SecretTargetAttachment resource to complete the final link between a Secrets Manager secret and its associated database.	November 9, 2018
Updated resource	The following resource was updated: AWS::SSM:MaintenanceWindow. AWS::SSM::MaintenanceWindow Use the StartDate and StartDate property types to specify when you want the Maintenance Window to become active or inactive. Use the ScheduleTimezone property type to specify the time zone to base scheduled Maintenance Window executions on, in Internet Assigned Numbers Authority (IANA) format.	November 1, 2018
New resources	The following resources were added: AWS::AppStream::DirectoryConfig, AWS::AppStream::Fleet, AWS::AppStream::ImageBuilder, AWS::AppStream::Stack, AWS::AppStream::StackFleetAssociation, AWS::AppStream::StackUserAssociation, AWS::AppStream::User. AWS::AppStream::DirectoryConfig Use the AWS::AppStream::DirectoryConfig resource to describe the configuration information required to join Amazon AppStream 2.0 fleets and image builders to Microsoft Active Directory domains. AWS::AppStream::Fleet Use the AWS::AppStream::Fleet resource to create a fleet for Amazon AppStream 2.0. A fleet consists of streaming instances that run a specified image. AWS::AppStream::ImageBuilder Use the AWS::AppStream::ImageBuilder resource to create an image builder for Amazon AppStream 2.0. AWS::AppStream::Stack Use the AWS::AppStream::Stack resource to create a stack to start streaming applications to Amazon AppStream 2.0 users. AWS::AppStream::StackFleetAssociation Use the AWS::AppStream::StackFleetAssociation resource to associate a fleet with a stack for Amazon AppStream 2.0. AWS::AppStream::StackUserAssociation Use the AWS::AppStream::StackUserAssociation resource to associate the specified stacks with the specified users for Amazon AppStream 2.0. Users in a user pool cannot be assigned to stacks with fleets that are joined to an Active Directory domain. AWS::AppStream::User Use the AWS::AppStream::User resource to create a new user in the user pool for Amazon AppStream 2.0.	October 25, 2018
Updated resource	Updated the following resources: AWS::AmazonMQ::Broker, AWS::GuardDuty::Detector, and AWS::SSM::PatchBaseline. AWS::AmazonMQ::Broker Amazon MQ now supports engine versions 5.15.6 and 5.15.0. Property changes include: The EngineVersion property now requires some interruptions upon update. The AutoMinorVersionUpgrade property now requires no interruption upon update. AWS::GuardDuty::Detector Use the FindingPublishingFrequency property to specify the frequency of notifications sent about the subsequent finding occurrences. AWS::SSM::PatchBaseline Use the PatchSource property type to provide information about the patches to use to update target instances.	October 18, 2018
New resource	Added the AWS::Events::EventBusPolicy resource. AWS::Events::EventBusPolicy Use the AWS::Events::EventBusPolicy resource to grant permission to other AWS accounts that send events to your account.	October 18, 2018
UseOnlineResharding update policy now available.	To modify a replication group's shards by adding or removing shards, rather than replacing the entire AWS::ElastiCache::ReplicationGroup resource, use the UseOnlineResharding update policy. For more information, see UseOnlineResharding Policy.	September 20, 2018
Updated resources	The following resources have been updated: AWS::ApiGateway::Deployment, AWS::ApiGateway::Method, AWS::ApiGateway::Stage, AWS::ApiGateway::UsagePlan, AWS::CodeBuild::Project, AWS::CodeDeploy::DeploymentGroup, AWS::EC2::FlowLog, AWS::EC2::SpotFleet, AWS::EC2::VPCEndpoint, AWS::ECS::Service, AWS::ECS::TaskDefinition, and AWS::RDS::DBCluster. AWS::ApiGateway::Deployment Use the DeploymentCanarySettings property to specify settings for the canary deployment. In the StageDescription property type: Use the AccessLogSetting property to specify settings for logging access in this stage. Use the CanarySetting property to specify settings for the canary deployment in this stage. AWS::ApiGateway::Method Use the AuthorizationScopes property to specify a list of authorization scopes configured on the method. In the Integration: Use the ConnectionId property to specify the ID of the VpcLink used for the integration when connectionType=VPC_LINK. Use the ConnectionType property to specify the type of the network connection to the integration endpoint. Use the TimeoutInMillis property to specify a custom timeout between 50 and 29,000 milliseconds. AWS::ApiGateway::Stage Use the AccessLogSetting property to specify settings for logging access in this stage. Use the CanarySetting property to specify settings for the canary deployment in this stage. AWS::ApiGateway::UsagePlan In the Amazon API Gateway UsagePlan ApiStage property type, use the Throttle property to specify a map containing method-level throttling information for API stage in a usage plan. AWS::CodeBuild::Project Use the LogsConfig property specify logs for a project. Logs can be CloudWatch Logs, uploaded to a specified S3 bucket, or both. In the AWS CodeBuild Project LogsConfig property type: Use the CloudWatchLogs property to specify details about CloudWatch Logs. Use the S3Logs property to specify details about logs that are uploaded to an S3 bucket. AWS::CodeDeploy::DeploymentGroup Use the Ec2TagSet property to specify information about groups of tags applied to EC2 instances. The deployment group will include only EC2 instances identified by all the tag groups. Use the OnPremisesInstanceTagSet property to specify information about groups of tags applied to on-premises instances. The deployment group will include only on-premises instances identified by all the tag groups. The DeliverLogsPermissionArn and LogGroupName properties are no longer required. AWS::EC2::FlowLog Use the LogDestination property to specify the destination to which the flow log data is to be published. Use the LogDestinationType property to specify the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3. AWS::EC2::SpotFleet In the SpotFleetRequestConfigData property type, use the InstanceInterruptionBehavior property to specify the behavior when a Spot Instance is interrupted. In the SpotFleetRequestConfigData property type, use the LoadBalancersConfig property to specify one or more Classic Load Balancers and target groups to attach to the Spot Fleet request. Spot Fleet registers the running Spot Instances with the specified Classic Load Balancers and target groups. In the Placement property type, use the Tenancy property to specify the tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for Spot Instances. AWS::EC2::VPCEndpoint Use the following attributes with the Fn::GetAtt function to return attribute values. Use CreationTimestamp to return the date and time the VPC endpoint was created. Use DnsEntries to return the DNS entries for the endpoint. Use NetworkInterfaceIds to return the network interfaces for the endpoint. AWS::ECS::Service The ServiceRegistries property now requires replacement upon update. Use the SchedulingStrategy property to specify the scheduling strategy to use for the service. In the ServiceRegistry property type: Use the ContainerName property to specify the container name value, already specified in the task definition, to be used for your service discovery service. Use the ContainerPort property to specify the port value, already specified in the task definition, to be used for your service discovery service. AWS::ECS::TaskDefinition In the LinuxParameters property type: Use the Tmpfs property to specify the container path, mount options, and size of the tmpfs mount. Use the SharedMemorySize property to specify the size (in MiB) of the /dev/shm volume. In the Volumes property type, use the DockerVolumeConfiguration property to specify the configuration of a Docker volume. In the ContainerDefinition property type, use the RepositoryCredentials property to specify the repository credentials for private registry authentication. AWS::ElastiCache::ReplicationGroup The NodeGroupConfiguration and NumNodeGroups properties are now conditional for some update operations. In the NodeGroupConfiguration property type, use the NodeGroupId property to specify either the ElastiCache for Redis supplied 4-digit id or a user supplied id for the node group these configuration values apply to. AWS::RDS::DBCluster Use the EngineMode property to specify the DB engine mode of the DB cluster. Use the ScalingConfiguration property to specify the scaling properties of the DB cluster, for DB clusters in serverless DB engine mode.	September 20, 2018
New resources	The following resources were added: AWS::IoT1Click::Device, AWS::IoT1Click::Placement, and AWS::IoT1Click::Project. AWS::IoT1Click::Device Use the AWS::IoT1Click::Device resource to change the enabled state of an AWS IoT 1-Click compatible device. AWS::IoT1Click::Placement Use the AWS::IoT1Click::Placement resource to create an empty AWS IoT 1-Click placement. AWS::IoT1Click::Project Use the AWS::IoT1Click::Project resource to create an empty project with a placement template.	September 20, 2018
New resource	Added the AWS::CloudFormation::Macro resource. AWS::CloudFormation::Macro Use the AWS::CloudFormation::Macro resource to create a template macro to perform custom processing on AWS CloudFormation templates.	September 6, 2018
Macros now available	Use macros to to perform custom processing on templates, from simple actions like find-and-replace operations to extensive transformations of entire templates. See Using AWS CloudFormation Macros to Perform Custom Processing on Templates for more information.	September 6, 2018
Updated resources	Added the Logs property to AWS::AmazonMQ::Broker. Added the SecondaryArtifacts and SecondarySources properties to AWS::CodeBuild::Project. AWS::AmazonMQ::Broker Use the Logs property to enable general or audit logging for an Amazon MQ broker. AWS::CodeBuild::Project In the AWS CodeBuild Project Artifacts property type, you can use the SecondaryArtifacts property to specify secondary artifacts for a build project. You can use the SecondarySources property to specify secondary inputs for a build project.	August 30, 2018
Updated resources	Added the Configuration property to AWS::Glue::Crawler. Added the JsonClassifier and XMLClassifier properties to AWS::Glue::Classifier. AWS::Glue::Crawler Use the Configuration property to specify crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior. AWS::Glue::Classifier Use the JsonClassifier property to specify AWS Glue classifier for JSON. Use the XMLClassifier property to specify AWS Glue classifier for XML content.	August 23, 2018
AWS CloudFormation now supports VPC endpoints powered by PrivateLink.	You can use a VPC endpoint to create a private connection between your VPC and AWS CloudFormation without requiring access over the Internet, through a NAT instance, a VPN connection, or AWS Direct Connect. For more information, see Setting Up VPC Endpoints for AWS CloudFormation.	August 22, 2018
Dynamic references support secure strings	Use new dynamic references to specify values that are stored and managed in other services, including Systems Manager Parameter Store SecureString type parameters, in your stack templates. For more information, see Using Dynamic References to Specify Template Values.	August 16, 2018
Updated resources	The following resources were updated: AWS::ApiGateway::DomainName, AWS::CertificateManager::Certificate, AWS::EC2::VPCPeeringConnection, AWS::EFS::FileSystem, AWS::EMR::Cluster, AWS::RDS::DBClusterParameterGroup, AWS::SNS::Subscription, and AWS::SQS::Queue. AWS::ApiGateway::DomainName Use the following attributes with the Fn::GetAtt intrinsic function: The DistributionHostedZoneId attribute returns the region-agnostic Amazon Route 53 Hosted Zone ID of the edge-optimized endpoint. The RegionalDomainName attribute returns the domain name associated with the regional endpoint for this custom domain name. The RegionalHostedZoneId attribute returns the region-specific Amazon Route 53 Hosted Zone ID of the regional endpoint. AWS::CertificateManager::Certificate Use the ValidationMethod property to specify the method you want to use if you are requesting a public certificate to validate that you own or control a domain. AWS::EC2::VPCPeeringConnection Use the PeerRegion property to specify the region code for the accepter VPC, if the accepter VPC is located in a region other than the region in which you make the request. AWS::EFS::FileSystem Use the ProvisionedThroughputInMibps property to specify the throughput, measured in MiB/s, that you want to provision for a file system that you're creating. Use the ThroughputMode property to specify the throughput mode for the file system to be created. AWS::EMR::Cluster Use the KerberosAttributes property to specify attributes for Kerberos configuration when Kerberos authentication is enabled using a security configuration. AWS::RDS::DBClusterParameterGroup The Tags property now requires no interruption to update. AWS::SNS::Subscription Use the DeliveryPolicy property to specify the JSON serialization of the subscription's delivery policy. Use the FilterPolicy property to specify the filter policy JSON that is assigned to the subscription. Use the RawMessageDelivery property to specify if raw message delivery is enabled for the subscription. Use the Region property to specify the region in which the topic resides. AWS::SQS::Queue Use the Tags property to specify the tags that you want to attach to this queue.	August 15, 2018
Updated resource	Added the SSESpecification property to AWS::DAX::Cluster. AWS::DAX::Cluster Use the SSESpecification property to specify the settings to enable server-side encryption.	August 9, 2018
New resource	Added the AWS::EC2::VPCEndpointServicePermissions resource. AWS::EC2::VPCEndpointServicePermissions Grant or revoke permissions for service consumers to connect the VPC endpoint service.	August 9, 2018
Updated resource	Added the OverrideArtifactName property to AWS::CodeBuild::Project. AWS::CodeBuild::Project In the AWS CodeBuild Project Artifacts property type, set the OverrideArtifactName property to true to override the artifact name with a name specified in the buildspec file. The name specified in a buildspec file is calculated at build time and uses the Shell command language. For example, you can append a date and time to your artifact name so that it is always unique.	August 7, 2018
Updated resource	Added the EncryptionDisabled property to AWS::CodeBuild::Project. AWS::CodeBuild::Project In the AWS CodeBuild Project Artifacts property type, set the EncryptionDisabled property to true to disable encryption for build output artifacts. This option is only valid if your artifact type is Amazon S3. If this is set to true with another artifact type, an invalidInputException will be thrown.	July 26, 2018
Updated resource	Added the Timeout property to AWS::Batch::JobDefinition. AWS::Batch::JobDefinition Use the Timeout property type to specify a job timeout configuration.	July 19, 2018
New resource	The following resource was added: AWS::IAM::ServiceLinkedRole. AWS::IAM::ServiceLinkedRole Use the AWS::IAM::ServiceLinkedRole resource to create a service-linked role in IAM. A service-linked role is a unique type of IAM role that is linked directly to an AWS service. Service-linked roles are predefined by the service and include all the permissions that the service requires to call other AWS services on your behalf.	July 19, 2018
Updated resources	Added the FieldLevelEncryptionId property to AWS::CloudFront::Distribution property types. AWS::CloudFront::Distribution In the CloudFront Distribution CacheBehavior and CloudFront Distribution DefaultCacheBehavior property types, use the FieldLevelEncryptionId property to specify the ID for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for a cache behavior or for the default cache behavior.	July 18, 2018
Updated resource	Added the HttpConfig property to AWS::AppSync::DataSource. AWS::AppSync::DataSource Use the HttpConfig property type to specify HttpConfig for an AWS AppSync data source.	July 12, 2018
Updated resource	Added the ReportBuildStatus property to AWS::CodeBuild::Project. AWS::CodeBuild::Project In the AWS CodeBuild Project Source property type, use the ReportBuildStatus property to specify whether to send your source provider the status of a build's start and completion.	July 10, 2018
New resource	The following resource was added: AWS::CodePipeline::Webhook. AWS::CodePipeline::Webhook Use the AWS::CodePipeline::Webhook resource to create a webhook that connects your pipeline to an external event, such as a GitHub source repository change, which triggers your pipeline to start every time the external event occurs.	July 5, 2018
Updated resource	Added the following properties to AWS::EC2::VPCEndpoint: PrivateDnsEnabled, SecurityGroupIds, SubnetIds, and VpcEndpointType. AWS::EC2::VPCEndpoint Use the PrivateDnsEnabled property to indicate whether to associate a private hosted zone with the specified VPC. Use the SecurityGroupIds property to specify the ID of one or more security groups to associate with the endpoint network interface. Use the SubnetIds property to specify the ID of one or more subnets in which to create an endpoint network interface. Use the VpcEndpointType property to specify the type of endpoint.	June 21, 2018
New resources	The following resources were added: AWS::EC2::VPCEndpointConnectionNotification and AWS::EC2::VPCEndpointService. AWS::EC2::VPCEndpointConnectionNotification Use the AWS::EC2::VPCEndpointConnectionNotification resource to create a connection notification for the specified VPC endpoint or VPC endpoint service. AWS::EC2::VPCEndpointService Use the AWS::EC2::VPCEndpointService resource to create a VPC endpoint service configuration to which service consumers (AWS accounts, IAM users, and IAM roles) can connect.	June 21, 2018
Updated resource	Added the following property to AWS::ServiceDiscovery::Service: HealthCheckCustomConfig. AWS::ServiceDiscovery::Service Use the HealthCheckCustomConfig property to specify information about an optional custom health check.	June 14, 2018
New resources	The following new resources were released: AWS::AmazonMQ::Broker and AWS::AmazonMQ::Configuration. AWS::AmazonMQ::Broker Use the AWS::AmazonMQ::Broker resource to create a broker, add configuration changes or modify users for the specified broker, return information about the specified broker, or delete the specified broker. AWS::AmazonMQ::Configuration Use the AWS::AmazonMQ::Configuration resource to create a configuration, update the specified configuration, or return information about the specified configuration.	June 14, 2018
New resource	The following resource was released: AWS::SSM::ResourceDataSync. AWS::SSM::ResourceDataSync Use the AWS::SSM::ResourceDataSync resource to create or delete a Resource Data Sync for Systems Manager Inventory. You can use Resource Data Sync to send Inventory data collected from all of your Systems Manager managed instances to a single Amazon S3 bucket.	June 11, 2018
New resource	The following resource was released: AWS::EKS::Cluster. AWS::EKS::Cluster Use the AWS::EKS::Cluster resource to create Amazon EKS clusters.	June 5, 2018
Updated resource	For the AWS::GuardDuty::Master resource, the InvitationId property is now optional. AWS::GuardDuty::Master The InvitationId property is now optional.	May 31, 2018
New resources	The following new resources were released: AWS::SageMaker::Endpoint, AWS::SageMaker::EndpointConfig, AWS::SageMaker::Model, AWS::SageMaker::NotebookInstance, and AWS::SageMaker::NotebookInstanceLifecycleConfig. AWS::SageMaker::Endpoint Use the AWS::SageMaker::Endpoint resource to create a SageMaker endpoint to host trained models. AWS::SageMaker::EndpointConfig Use the AWS::SageMaker::EndpointConfig resource to create a configuration for an endpoint. AWS::SageMaker::Model Use the AWS::SageMaker::Model resource to create a model to host at an Amazon SageMaker endpoint. AWS::SageMaker::NotebookInstance Use the AWS::SageMaker::NotebookInstance resource to create an Amazon SageMaker notebook instance. AWS::SageMaker::NotebookInstanceLifecycleConfig Use the AWS::SageMaker::NotebookInstanceLifecycleConfig resource to specify shell scripts that run when you create or start a notebook instance.	May 31, 2018
Stack sets now support customized execution roles	Use customized execution roles in target accounts to control the stack resources that users or groups can include in their stack sets. For more information, see Prerequisites: Granting Permissions for Stack Set Operations.	May 30, 2018
Selective updates of stack instances	Use the optional Accounts and Regions parameters to specify the accounts and regions in which to update stack instances during a stack set update operation. For more information, see UpdateStackSet in the AWS CloudFormation API Reference.	May 30, 2018
New resources	The following new resources were released: AWS::Neptune::DBCluster, AWS::Neptune::DBClusterParameterGroup, AWS::Neptune::DBInstance, AWS::Neptune::DBParameterGroup, and AWS::Neptune::DBSubnetGroup. AWS::Neptune::DBCluster Use the AWS::Neptune::DBCluster resource to create an Amazon Neptune DB cluster. AWS::Neptune::DBClusterParameterGroup Use the AWS::Neptune::DBClusterParameterGroup resource to create a DB cluster parameter group. AWS::Neptune::DBInstance Use the AWS::Neptune::DBInstance resource to create an Amazon Neptune database instance. AWS::Neptune::DBParameterGroup Use the AWS::Neptune::DBParameterGroup resource to create a custom parameter group for Amazon Neptune. AWS::Neptune::DBSubnetGroup Use the AWS::Neptune::DBSubnetGroup resource to create an Amazon Neptune database subnet group that contains subnets.	May 30, 2018
Updated resources	The following resources were updated: AWS::ApiGateway::RestApi, AWS::AutoScaling::AutoScalingGroup, AWS::AutoScaling::LaunchConfiguration, AWS::DirectoryService::MicrosoftAD, AWS::DynamoDB::Table, AWS::EC2::Instance, AWS::ECS::Service, AWS::ECS::TaskDefinition, AWS::Elasticsearch::Domain, AWS::IAM::Role, AWS::KinesisFirehose::DeliveryStream, AWS::Lambda::EventSourceMapping, AWS::Logs::MetricFilter, and AWS::SSM::Association. AWS::ApiGateway::RestApi Use the Policy property to specify a policy document that contains the permissions for the specified RestAPI. AWS::AutoScaling::AutoScalingGroup Use the ServiceLinkedRoleARN property to specify the Amazon Resource Name (ARN) of the service-linked role that the Auto Scaling group uses to call other AWS services on your behalf. AWS::AutoScaling::LaunchConfiguration Use the LaunchConfigurationName property to specify the name of the launch configuration. AWS::DirectoryService::MicrosoftAD Use the Edition property to specify the AWS Microsoft AD edition to use. AWS::DynamoDB::Table Use the PointInTimeRecoverySpecification property to specify the settings used to enable point in time recovery. AWS::EC2::Instance Use the LaunchTemplate property to specify the launch template to use for an Amazon EC2 instance. AWS::ECS::Service Use the ServiceRegistry property type to specify the details of the service registry. AWS::ECS::TaskDefinition Use the HealthCheck property type to specify a container health check. AWS::Elasticsearch::Domain Use the EncryptionAtRestOptions property type to specify whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use. AWS::IAM::Role Use the RoleId attribute to have Fn::GetAtt return the stable and unique string identifying the role. Use the MaxSessionDuration property to specify the maximum session duration (in seconds) for the specified role. AWS::KinesisFirehose::DeliveryStream Use the SplunkDestinationConfiguration property to specify the configuration of a destination in Splunk for a Kinesis Data Firehose delivery stream. AWS::Lambda::EventSourceMapping The StartingPosition property is no longer required. AWS::Logs::MetricFilter In the CloudWatch Logs MetricFilter MetricTransformation Property property type, use the DefaultValue property to specify the value to emit when a filter pattern does not match a log event. AWS::SSM::Association Use the OutputLocation property to specify an Amazon S3 bucket where you want to store the results of an association request.	May 24, 2018
New resources	The following new resources were released: AWS::ServiceCatalog::AcceptedPortfolioShare, AWS::ServiceCatalog::CloudFormationProduct, AWS::ServiceCatalog::LaunchNotificationConstraint, AWS::ServiceCatalog::LaunchRoleConstraint, AWS::ServiceCatalog::LaunchTemplateConstraint, AWS::ServiceCatalog::Portfolio, AWS::ServiceCatalog::PortfolioPrincipalAssociation, AWS::ServiceCatalog::PortfolioProductAssociation, AWS::ServiceCatalog::PortfolioShare, AWS::ServiceCatalog::TagOption, and AWS::ServiceCatalog::TagOptionAssociation. AWS::ServiceCatalog::AcceptedPortfolioShare Use the AWS::ServiceCatalog::AcceptedPortfolioShare resource to accept an offer to share the specified portfolio for AWS Service Catalog. AWS::ServiceCatalog::CloudFormationProduct Use the AWS::ServiceCatalog::CloudFormationProduct resource to create a product for AWS Service Catalog. AWS::ServiceCatalog::LaunchNotificationConstraint Use the AWS::ServiceCatalog::LaunchNotificationConstraint resource to create a notification constraint for AWS Service Catalog. AWS::ServiceCatalog::LaunchRoleConstraint Use the AWS::ServiceCatalog::LaunchRoleConstraint resource to create a launch constraint for AWS Service Catalog. AWS::ServiceCatalog::LaunchTemplateConstraint Use the AWS::ServiceCatalog::LaunchTemplateConstraint resource to create a template constraint for AWS Service Catalog. AWS::ServiceCatalog::Portfolio Use the AWS::ServiceCatalog::Portfolio resource to create a portfolio for AWS Service Catalog. AWS::ServiceCatalog::PortfolioPrincipalAssociation Use the AWS::ServiceCatalog::PortfolioPrincipalAssociation resource to associate a principal with a portfolio for AWS Service Catalog. AWS::ServiceCatalog::PortfolioProductAssociation Use the AWS::ServiceCatalog::PortfolioProductAssociation resource to associate a product with a portfolio for AWS Service Catalog. AWS::ServiceCatalog::PortfolioShare Use the AWS::ServiceCatalog::PortfolioShare resource to share a portfolio for AWS Service Catalog. AWS::ServiceCatalog::TagOption Use the AWS::ServiceCatalog::TagOption resource to create a TagOption. AWS::ServiceCatalog::TagOptionAssociation Use the AWS::ServiceCatalog::TagOptionAssociation resource to associate a TagOption with a resource for AWS Service Catalog.	May 24, 2018
AWS CloudFormation now creates S3 buckets with encryption enabled	For Amazon S3 buckets that AWS CloudFormation creates to store uploaded stack templates, server-side encryption is now enabled by default, thereby encrypting all objects stored in those buckets. For more information, see Selecting a Stack Template.	May 24, 2018
New resource	The following resource was released: AWS::Budgets::Budget. AWS::Budgets::Budget Use the AWS::Budgets::Budget resource to create a budget.	May 22, 2018
FIPS endpoints added	AWS CloudFormation now offers new endpoints which use FIPS 140-2 validated cryptographic modules in the following public US regions: US-East-1, US-East-2, US-West-1, and US-West-2. See Regions and Endpoints in the Amazon Web Services General Reference for the new FIPS-compliant endpoint URLs.	May 17, 2018
New resource	The following resource was released: AWS::AutoScalingPlans::ScalingPlan. AWS::AutoScalingPlans::ScalingPlan Use the AWS::AutoScalingPlans::ScalingPlan resource to create a scaling plan for the scalable resources for your application.	May 9, 2018
New resource	The following resource was released: AWS::GuardDuty::Filter. AWS::GuardDuty::Filter Use the AWS::GuardDuty::Filter resource to create a filter for your GuardDuty findings.	May 8, 2018
Updated resources	The following resources were updated: AWS::AppSync::GraphQLApi and AWS::GuardDuty::Member. AWS::AppSync::GraphQLApi Use the OpenIDConnectConfig property to specify the authorization configuration for using an OpenId Connect compliant service with your GraphQL endpoint. AWS::GuardDuty::Member Use the DisableEmailNotification property to specify whether an email notification is to be sent to the accounts that you want to invite to GuardDuty as members. When set to 'True', email notification is not sent to the invitees.	May 1, 2018
New resource	The following resource was released: AWS::ServiceCatalog::CloudFormationProvisionedProduct. AWS::ServiceCatalog::CloudFormationProvisionedProduct Use the AWS::ServiceCatalog::CloudFormationProvisionedProduct resource to provision the specified product for AWS Service Catalog.	May 1, 2018

Earlier Updates

The following table describes important changes in each release of the AWS CloudFormation User Guide before May 2018.

Change	Release Date	Description	API Version
Stack set naming convention	April 10, 2018	AWS CloudFormation stacks created using stack sets now follow a new naming convention, in which the stack name contains the stack set name.	2010-05-15
New resources	April 10, 2018	AWS::AppSync::ApiKey Use the AWS::AppSync::ApiKey resource to create a unique key that you can distribute to clients who are executing GraphQL operations with AWS AppSync. AWS::AppSync::DataSource Use the AWS::AppSync::DataSource resource to create data sources for resolvers in AWS AppSync. AWS::AppSync::GraphQLApi Use the AWS::AppSync::GraphQLApi resource to create a new AWS AppSync GraphQL API. AWS::AppSync::GraphQLSchema Use the AWS::AppSync::GraphQLSchema resource to create the data model for your AWS AppSync GraphQL API. AWS::AppSync::Resolver Use the AWS::AppSync::Resolver resource to define the logical GraphQL resolver that you will attach to fields in a schema.	2010-05-15
Updated resource	April 10, 2018	AWS::Config::ConfigurationAggregator Use the OrganizationAggregationSource property type to specify the regions of AWS Config data to aggregate into an AWS Config configuration aggregator and the IAM role to use to retrieve AWS Organizations details.	2010-05-15
New resources	April 4, 2018	AWS::Config::AggregationAuthorization Use the AWS::Config::AggregationAuthorization resource to grant permission to an aggregator account to collect your AWS Config data. AWS::Config::ConfigurationAggregator Use the AWS::Config::ConfigurationAggregator resource to create a configuration aggregator for AWS Config.	2010-05-15
Stack sets now support customized administrator roles	March 29, 2018	Use customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see Prerequisites: Granting Permissions for Stack Set Operations.	2010-05-15
New resource	March 29, 2018	AWS::EC2::LaunchTemplate Use the AWS::EC2::LaunchTemplate resource to create a launch template for an Amazon EC2 instance.	2010-05-15
Updated resources	March 29, 2018	AWS::AutoScaling::AutoScalingGroup Use the LaunchTemplate property to specify the launch template to use to launch instances. AWS::EC2::SpotFleet In the Amazon EC2 SpotFleet SpotFleetRequestConfigData property type, use the LaunchTemplateConfigs property to describe a launch template and overrides.	2010-05-15
New Fn::Cidr intrinsic function	March 6, 2018	Returns the specified Cidr address block. For more information, see Fn::Cidr.	2010-05-15
New resources	March 6, 2018	AWS::ApiGateway::VpcLink Use the AWS::ApiGateway::VpcLink resource to specify an API Gateway VPC link for a AWS::ApiGateway::RestApi to access resources in an Amazon Virtual Private Cloud (VPC). AWS::GuardDuty::Master Use the AWS::GuardDuty::Master resource to create a GuardDuty master account. AWS::GuardDuty::Member Use the AWS::GuardDuty::Member resource to create a GuardDuty member account. AWS::SES::ConfigurationSet Use the AWS::SES::ConfigurationSet resource to to create groups of rules that you can apply to the emails you send. AWS::SES::ConfigurationSetEventDestination Use the AWS::SES::ConfigurationSetEventDestination resource to specify a configuration set event destination. AWS::SES::ReceiptFilter Use the AWS::SES::ReceiptFilter resource to specify whether to accept or reject mail originating from an IP address or range of IP addresses. AWS::SES::ReceiptRule Use the AWS::SES::ReceiptRule resource to specify which actions Amazon SES should take when it receives mail on behalf of one or more email addresses or domains that you own. AWS::SES::ReceiptRuleSet Use the AWS::SES::ReceiptRuleSet resource to specify an empty rule set for Amazon SES. AWS::SES::Template Use the AWS::SES::Template resource to to specify the content of the email, composed of a subject line, an HTML part, and a text-only part.	2010-05-15
Updated resources	March 6, 2018	AWS::AutoScaling::AutoScalingGroup Use the AutoScalingGroupName property to specify the name of the Auto Scaling group. AWS::ApiGateway::RestApi Use the ApiKeySourceType property to specify the source of the API key for metering requests according to a usage plan. Use the MinimumCompressionSize property to specify a nullable integer that is used to enable compression or disable compression on an API. AWS::ApplicationAutoScaling::ScalingPolicy In the Application Auto Scaling ScalingPolicy TargetTrackingScalingPolicyConfiguration property type, use the DisableScaleIn property to specify whether scale in by the target tracking policy is disabled. AWS::EC2::SpotFleet In the LaunchSpecifications property type, use the TagSpecifications property to specify the tags to apply during SpotFleet creation. AWS::Elasticsearch::Domain Use the Arn attribute to have Fn::GetAtt return the Amazon Resource Name (ARN) of the domain. The DomainArn attribute of Fn::GetAtt has been deprecated. AWS::RDS::DBCluster Use the DBClusterIdentifier property to specify the DB cluster identifier. AWS::RDS::DBCluster Use the DBClusterIdentifier property to specify the DB cluster identifier. AWS::Redshift::Cluster Use the ClusterIdentifier property to specify the unique identifier of the cluster. AWS::Route53::HealthCheck In the HealthCheckConfig property type, use the Regions property to specify the regions from which you want Route 53 health checkers to check the specified endpoint. AWS::SSM::Document Use the Tags property to specify the AWS CloudFormation resource tags to apply to the document.	2010-05-15
Updated resource	February 19, 2018	AWS::CodeBuild::Project Use the Triggers property to configure a webhook for the project to begin to automatically rebuild the source code every time a code change is pushed to the repository. This is available only for GitHub projects in AWS CloudFormation. It is not available for GitHub Enterprise projects.	2010-05-15
Updated resource	February 8, 2018	AWS::DynamoDB::Table Use the SSESpecification property to specify the settings to enable server-side encryption.	2010-05-15
Updated resource	February 5, 2018	AWS::CodeBuild::Project In the AWS CodeBuild Project Source property type: Use the GitCloneDepth property to specify the depth of history to download. Use the InsecureSsl property to specify whether to ignore SSL warnings while connecting to your GitHub Enterprise project repository.	2010-05-15
Updated resources	January 23, 2018	AWS::AutoScaling::LifecycleHook Use the LifecycleHookName property to specify the name of the lifecycle hook. AWS::DynamoDB::Table The AttributeDefinitions property now requires replacement when updated. AWS::EC2::Instance Use the CreditSpecification property to specify the credit option for CPU usage of a T2 instance. Use the ElasticGpuSpecifications property to specify Elastic GPUs, GPU resources that you can attach to your instance to accelerate the graphics performance of your applications. AWS::EC2::VPC The InstanceTenancy property now requires no interruption when updated from "dedicated" to "default". AWS::ECS::Service Use the HealthCheckGracePeriodSeconds property to specify the period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started. AWS::IoT::TopicRule In the DynamoDBAction property type, the RangeKeyField and RangeKeyValue properties are no longer required. AWS::KinesisAnalytics::ApplicationOutput In the ApplicationOutput property type, use the LambdaOutput property to identify a Lambda function as the destination when configuring application output. AWS::Kinesis::Stream Use the StreamEncryption property to enable or update server-side encryption using an AWS KMS key for a specified stream. AWS::Lambda::Function Use the ReservedConcurrentExecutions property to specify the maximum of concurrent executions you want reserved for the function. AWS::RDS::DBSubnetGroup Use the DBSubnetGroupName property to specify the name for the DB Subnet Group. AWS::S3::Bucket Use the BucketEncryption property to specify default encryption for a bucket using server-side encryption with Amazon S3-managed keys SSE-S3 or AWS KMS-managed Keys (SSE-KMS) bucket. In the ReplicationRule property type, use the SourceSelectionCriteria property to specify additional filters in identifying source objects that you want to replicate. In the ReplicationDestination property type: Use the AccessControlTranslation property to specify replica ownership of the AWS account that owns the destination bucket. Use the Account property to specify destination bucket owner account ID. Use the EncryptionConfiguration property to specify encryption-related information for a bucket that is a destination for replicated objects. AWS::SSM::Association Use the AssociationName property to specify the name of the association between an SSM document and EC2 instances that contain a configuration agent to process the document.	2010-05-15
Rollback triggers added to the AWS CloudFormation console.	January 15, 2018	Rollback triggers enable you to have AWS CloudFormation monitor the state of your application during stack creation and updating, and to roll back that operation if the application breaches the threshold of any of the alarms you've specified. For more information, see Monitor and Roll Back Stack Operations.	2010-05-15
Updated resource	January 12, 2018	AWS::SSM::Parameter Use the AllowedPattern property to specify a regular expression used to validate the parameter value.	2010-05-15
New resources	December 5, 2017	AWS::Inspector::AssessmentTarget Use the AWS::Inspector::AsssmentTarget resource to create an Amazon Inspector assessment target. AWS::Inspector::AssessmentTemplate Use the AWS::Inspector::AssessmentTemplate resource to create an Amazon Inspector assessment template. AWS::Inspector::ResourceGroup Use the AWS::Inspector::ResourceGroup resource to create an Amazon Inspector resource group, which defines tags that identify AWS resources that make up an Amazon Inspector assessment target. AWS::ServiceDiscovery::Instance Use the AWS::ServiceDiscovery::Instance resource to specify information about an instance that Amazon Route 53 creates. AWS::ServiceDiscovery::PrivateDnsNamespace Use the AWS::ServiceDiscovery::PrivateDnsNamespace resource to specify information about a private namespace for Amazon Route 53. AWS::ServiceDiscovery::PublicDnsNamespace Use the AWS::ServiceDiscovery::PublicDnsNamespace resource to specify information about a public namespace for Amazon Route 53. AWS::ServiceDiscovery::Service Use the AWS::ServiceDiscovery::Service resource to define a template for up to five records and an optional health check that you want Amazon Route 53 to create when you register an instance.	2010-05-15
Updated resource	December 5, 2017	AWS::KinesisAnalytics::Application In the Input property type, use the InputProcessingConfiguration property to transform records as they are received from the stream.	2010-05-15
Updated resource	December 1, 2017	AWS::CodeBuild::Project Use the BadgeEnabled property to generate a publicly accessible URL for a project's build badge. Use the Cache property to configure cache settings for build dependencies. Use the VpcConfig property to enable AWS CodeBuild to access resources in an Amazon VPC. In the EnvironmentVariable property type, use the Type property to specify the type of environment variable.	2010-05-15
New resource	November 30, 2017	AWS::Cloud9::EnvironmentEC2 Use the AWS::Cloud9::EnvironmentEC2 resource to create an Amazon EC2 development environment in AWS Cloud9.	2010-05-15
Updated resources	November 29, 2017	AWS::ECS::TaskDefinition Use the Cpu property to specify the number of cpu units needed for the task. Use the ExecutionRoleArn property to specify the ARN of the execution role. Use the Memory property to specify the amount (in MiB) of memory needed for the task. Use the RequiresCompatibilities property to specify the launch type the task requires. AWS::ECS::Service Use the LaunchType property to specify the launch type on which to run your service. Use the NetworkConfiguration property to specify the network configuration for the service. Use the PlatformVersion property to specify the platform version on which to run your service.	2010-05-15
New resources	November 28, 2017	AWS::GuardDuty::Detector Use the AWS::GuardDuty::Detector resource to create a single Amazon GuardDuty detector. AWS::GuardDuty::IPSet Use the AWS::GuardDuty::IPSet resource to create an Amazon GuardDuty IP set. AWS::GuardDuty::ThreatIntelSet Use the AWS::GuardDuty::ThreatIntelSet resource to create a ThreatIntelSet.	2010-05-15
Updated resources	November 28, 2017	AWS::CodeDeploy::Application Use the ComputePlatform property to specify an AWS Lambda compute platform for AWS CodeDeploy to deploy an application to. AWS::CodeDeploy::DeploymentGroup In the DeploymentStyle property type, use the DeploymentType property to specify a blue/green deployment on a Lambda compute platform. AWS::EC2::SpotFleet In the SpotFleetRequestConfigData property type, the SpotPrice property is now optional. AWS::Lambda::Alias Use the RoutingConfig property to specify two different versions of an AWS Lambda function, allowing you to dictate what percentage of traffic will invoke each version.	2010-05-15
New CodeDeployLambdaAliasUpdate update policy	November 28, 2017	Use the CodeDeployLambdaAliasUpdate update policy to perform an AWS CodeDeploy deployment when the version changes on an AWS::Lambda::Alias resource. For more information, see UpdatePolicy Attribute.	2010-05-15
New SSM parameter types	November 21, 2017	Use SSM parameter types to use existing parameters from Systems Manager Parameter Store. Note: AWS CloudFormation doesn't currently support the SecureString type. For more information, see SSM Parameter Types.	2010-05-15
New ResolvedValue field for Parameter data type	November 21, 2017	The ResolvedValue field returns the value that's used in the stack definition for an SSM parameter. For more information, see the Parameter data type in the AWS CloudFormation API Reference.	2010-05-15
Updated resources	November 20, 2017	AWS::ApiGateway::ApiKey Use the CustomerId property to specify an AWS Marketplace customer identifier. Use the GenerateDistinctId property to specify whether the key identifier is distinct from the created API key value. AWS::ApiGateway::Authorizer Use the AuthType property to specify a customer-defined field that's used in Swagger imports and exports without functional impact. AWS::ApiGateway::DomainName Use the EndpointConfiguration property to specify the endpoint types of an API Gateway domain name. Use the RegionalCertificateArn property to reference a certificate for use by the regional endpoint for a domain name. AWS::ApiGateway::Method In the Integration and IntegrationResponse property types, use the ContentHandling property to specify how to handle request payload content type conversions. AWS::ApiGateway::RestApi Use the EndpointConfiguration property to specify the endpoint types of an API Gateway REST API. AWS::ApplicationAutoScaling::ScalableTarget Use the ScheduledActions property to specify scheduled actions for an Application Auto Scaling scalable target. AWS::ECR::Repository Use the LifecyclePolicy property to specify a lifecycle policy for an Amazon ECR repository. AWS::ECS::TaskDefinition In the ContainerDefinition property type, use the LinuxParameters property to specify Linux-specific options for an Amazon ECS container. AWS::ElastiCache::ReplicationGroup Use the AtRestEncryptionEnabled property to enable encryption at rest. Use the AuthToken property to specify a password that's used to access a password-protected server. Use the TransitEncryptionEnabled property to enable in-transit encryption. AWS::ElasticLoadBalancingV2::TargetGroup Use the TargetGroupName attribute with the Fn::GetAtt function to get the name of an Elastic Load Balancing target group. AWS::Elasticsearch::Domain Use the VPCOptions property to specify a VPC configuration for the Amazon ES domain. AWS::EMR::Cluster Use the EbsRootVolumeSize property to specify the size of the EBS root volume for an Amazon EMR cluster. AWS::RDS::DBInstance Use the SourceRegion and KmsKeyId properties to create an encrypted read replica from a cross-region source DB instance. AWS::Route53::HostedZone Use the QueryLoggingConfig property to specify a configuration for DNS query logging.	2010-05-15
New NoEcho field for custom resource Response objects	November 20, 2017	You can now use the optional NoEcho field to mask the output of a custom resource. For more information, see Custom Resource Response Objects. The corresponding noEcho parameter is supported by the send method. For more information, see cfn-response Module.	2010-05-15
Stack instance overrides added for stack sets.	November 17, 2017	AWS CloudFormation StackSets allows you to override parameter values in stack instances by account and region. You can override parameter values when you create the stack instances, or when updating existing stack instances. For more information, see Override Parameters on Stack Instances.	2010-05-15
Updated resource	November 15, 2017	AWS::StepFunctions::StateMachine You can use AWS::StepFunctions::StateMachine to specify a StateMachineName when creating a state machine, and both DefinitionString and RoleArn can be updated without replacing the state machine.	2010-05-15
StackSets now supports a maximum of 500 stack instances per stack set.	November 6, 2017	You can now create up to a maximum of 500 stack instances per stack set. For more information on AWS CloudFormation limits, see AWS CloudFormation Limits.	2010-05-15
New resources	November 2, 2017	AWS::CloudFront::CloudFrontOriginAccessIdentity Use the AWS::CloudFront::CloudFrontOriginAccessIdentity resource to specify the Amazon CloudFront origin access identity to associate with the origin of a CloudFront distribution. AWS::CloudFront::StreamingDistribution Use the AWS::CloudFront::StreamingDistribution resource to specify an Adobe Real-Time Messaging Protocol (RTMP) streaming distribution for CloudFront.	2010-05-15
Updated resources	November 2, 2017	AWS::ApiGateway::Deployment The StageName property has been deprecated on the StageDescription property type. AWS::ApiGateway::Method Use the OperationName property to assign a friendly name to an API Gateway method. Use the RequestValidatorId property to associate a request validator with a method. AWS::AutoScaling::AutoScalingGroup Use the LifecycleHookSpecificationList property to specify actions to perform when Auto Scaling launches or terminates instances. AWS::CloudFront::Distribution Use the Tags property to specify an arbitrary set of tags (key–value pairs) to associate with a CloudFront distribution. In the CacheBehavior and DefaultCacheBehavior property types, use the LambdaFunctionAssociations property to specify Lambda function associations for a CloudFront distribution. In the CustomOriginConfig property type, use the OriginKeepaliveTimeout property to specify a custom keep-alive timeout, and use the OriginReadTimeout property to specify a custom origin read timeout. In the DistributionConfig property type, use the IPV6Enabled property to specify whether CloudFront responds to IPv6 DNS requests with an IPv6 address for your distribution. AWS::CodeDeploy::DeploymentGroup In the LoadBalancerInfo property type, use the TargetGroupInfoList property to specify information about a target group in Elastic Load Balancing to use in a deployment. AWS::EC2::SecurityGroup, AWS::EC2::SecurityGroupEgress, and AWS::EC2::SecurityGroupIngress Use the Description property to specify the description of a security group rule. AWS::EC2::Subnet The Ipv6CidrBlock property now supports No interruption updates. AWS::EC2::VPNGateway Use the AmazonSideAsn property to specify a private Autonomous System Number (ASN) for the Amazon side of a BGP session. AWS::EC2::VPNConnection Use the VpnTunnelOptionsSpecifications property to configure tunnel options for a VPN connection. AWS::ElasticBeanstalk::ConfigurationTemplate and AWS::ElasticBeanstalk::Environment In the ConfigurationOptionSetting and OptionSetting property types, use the ResourceName property to specify a resource name for a time-based scaling configuration option. AWS::EMR::Cluster Use the CustomAmiId property to specify a custom Amazon Linux AMI for a cluster. AWS::KinesisFirehose::DeliveryStream Use the Arn attribute with the Fn::GetAtt function to get the Amazon Resource Name (ARN) of the delivery stream. AWS::KMS::Key Use the Tags property to specify an arbitrary set of tags (key–value pairs) to associate with a custom master key (CMS). AWS::OpsWorks::Layer and AWS::OpsWorks::Stack Use the Tags property to specify an arbitrary set of tags (key–value pairs) to associate with an AWS OpsWorks layer or stack. AWS::RDS::OptionGroup In the OptionConfiguration property type, use the OptionVersion property to specify a version for the option. AWS::S3::Bucket Use the AnalyticsConfigurations property to configure an analysis filter for an Amazon S3 bucket.	2010-05-15
New resources	October 24, 2017	AWS::Glue::Classifier Use the AWS::Glue::Classifier resource to create an AWS Glue classifier. AWS::Glue::Connection Use the AWS::Glue::Connection resource to specify an AWS Glue connection to a data source. AWS::Glue::Crawler Use the AWS::Glue::Crawler resource to specify an AWS Glue crawler. AWS::Glue::Database Use the AWS::Glue::Database resource to create an AWS Glue database. AWS::Glue::DevEndpoint Use the AWS::Glue::DevEndpoint resource to specify a development endpoint for remotely debugging ETL scripts. AWS::Glue::Job Use the AWS::Glue::Job resource to specify an AWS Glue job in the data catalog. AWS::Glue::Partition Use the AWS::Glue::Partition resource to create an AWS Glue partition, which represents a slice of table data. AWS::Glue::Table Use the AWS::Glue::Table resource to create an AWS Glue table. AWS::Glue::Trigger Use the AWS::Glue::Trigger resource to specify triggers that run AWS Glue jobs.	2010-05-15
New resources	October 11, 2017	AWS::SSM::MaintenanceWindow Use the AWS::SSM::MaintenanceWindow resource to create an AWS Systems Manager Maintenance Window. AWS::SSM::MaintenanceWindowTarget Use the AWS::SSM::MaintenanceWindowTarget resource to register a target with a Maintenance Window. AWS::SSM::MaintenanceWindowTask Use the AWS::SSM::MaintenanceWindowTask resource to define a Maintenance Window task. AWS::SSM::PatchBaseline Use the AWS::SSM::PatchBaseline resource to define a Systems Manager patch baseline.	2010-05-15
New resource	October 10, 2017	AWS::ElasticLoadBalancingV2::ListenerCertificate Use the AWS::ElasticLoadBalancingV2::ListenerCertificate resource to specify certificates for an Elastic Load Balancing listener.	2010-05-15
New resource	September 27, 2017	AWS::Athena::NamedQuery Use the AWS::Athena::NamedQuery resource to create an Amazon Athena query.	2010-05-15
Updated resources	September 27, 2017	AWS::EC2::NatGateway Use the Tags property to specify resource tags for a NAT gateway. AWS::ElasticBeanstalk::Application Use the ResourceLifecycleConfig property to define lifecycle settings for resources that belong to the application, and the service role that Elastic Beanstalk assumes in order to apply lifecycle settings. AWS::ElasticBeanstalk::ConfigurationTemplate and AWS::ElasticBeanstalk::Environment Use the PlatformArn property to specify a custom platform for Elastic Beanstalk. AWS::ElasticLoadBalancingV2::TargetGroup In the TargetDescription property type, use the AvailabilityZone property to specify the Availability Zone where the IP address is to be registered. AWS::Events::Rule In the Target property type, use the following properties for input transformation of events and setting Amazon ECS task and Kinesis stream targets. EcsParameters InputTransformer KinesisParameters RunCommandParameters AWS::KinesisFirehose::DeliveryStream Use the DeliveryStreamType property to specify the stream type and the KinesisStreamSourceConfiguration property to specify the stream and role ARNs for a Kinesis stream used as the source for a delivery stream. AWS::RDS::DBInstance For the Engine property, if you have specified oracle-se or oracle-se1, you can update to oracle-se2 without the database instance being replaced. AWS::S3::Bucket Use the AccelerateConfiguration property to configure the transfer acceleration state for an Amazon S3 bucket.	2010-05-15
Termination protection added for stacks.	September 26, 2017	Enabling termination protection on a stack prevents it from being accidentally deleted. A user cannot delete a stack with termination protection enabled. For more information, see Protecting a Stack From Being Deleted.	2010-05-15
Changed default umask value from version 1.4-22 onwards	September 14, 2017	The default umask parameter value for the cfn-hup.conf configuration file is now 022. For more information, see cfn-hup.
Updated resources	September 7, 2017	AWS::ElasticLoadBalancingV2::LoadBalancer Use the SubnetMappings property to specify the IDs of the subnets to attach to the load balancer. Use the Type property to specify the type of load balancer to create. AWS::ElasticLoadBalancingV2::TargetGroup Use the TargetType property to specify the registration type of the targets in this target group.	2010-05-15
Rollback triggers added to the AWS CloudFormation API	August 31, 2017	Rollback triggers enable you to have AWS CloudFormation monitor the state of your application during stack creation and updating, and to roll back that operation if the application breaches the threshold of any of the alarms you've specified. For more information, see RollbackConfiguration in the AWS CloudFormation API Reference.	2010-05-15
New umask parameter for cfn-hup.conf file	August 31, 2017	Use the umask parameter in the cfn-hup.conf configuration file to control file permissions used by the cfn-hup daemon (version 1.4-21). For more information, see cfn-hup.
Updated resources for VPC Sizing support	August 29, 2017	AWS::EC2::VPCCidrBlock Use the CidrBlock property to associate an IPv4 CIDR block with a VPC. AWS::EC2::VPC Use the CidrBlockAssociations attribute with the Fn::GetAtt function to get a list of IPv4 CIDR block association IDs associated with the VPC.	2010-05-15
Updated resources	August 23, 2017	AWS::S3::Bucket In the Rule property type, use the TagFilters property to specify tags to use in identifying a subset of objects for an Amazon S3 bucket. Use the MetricsConfiguration property to specify a metrics configuration for the CloudWatch request metrics from an Amazon S3 bucket. AWS::IoT::TopicRule In the Action property type, use the DynamoDBv2Action property to describe an AWS IoT action that writes data to a DynamoDB table. In the Action property type, the DynamoDBAction property now supports the HashKeyType and RangeKeyType properties. AWS::Lambda::Permission Use the EventSourceToken property to specify a unique token that must be supplied by the principal invoking the function.	2010-05-15
New pseudo parameters	August 23, 2017	Use the AWS::Partition pseudo parameter to return the partition that a resource is in. Use the AWS::URLSuffix pseudo parameter to return the suffix for a domain. For more information, see Pseudo Parameters Reference.	2010-05-15
New resources for DAX support	August 22, 2017	AWS::DAX::Cluster Use the AWS::DAX::Cluster resource to create a DAX cluster for use with Amazon DynamoDB. AWS::DAX::ParameterGroup Use the AWS::DAX::ParameterGroup resource to create a parameter group for use with Amazon DynamoDB. AWS::DAX::SubnetGroup Use the AWS::DAX::SubnetGroup resource to create a subnet group for use with DAX (DynamoDB Accelerator).	2010-05-15
New resources	August 18, 2017	AWS::ApiGateway::DocumentationPart and AWS::ApiGateway::DocumentationVersion Use the AWS::ApiGateway::DocumentationPart and AWS::ApiGateway::DocumentationVersion resources to create documentation for your API Gateway API. AWS::ApiGateway::GatewayResponse Use the AWS::ApiGateway::GatewayResponse resource to create a custom response for your API Gateway API. AWS::ApiGateway::RequestValidator Use the AWS::ApiGateway::RequestValidator resource to set up validation rules for incoming requests to your API Gateway API. AWS::EC2::NetworkInterfacePermission Use the AWS::EC2::NetworkInterfacePermission resource to grant an AWS account permission to a network interface.	2010-05-15
Updated resources	August 18, 2017	AWS::ApiGateway::Stage Use the DocumentationVersion property to specify a versioned snapshot of the API documentation. AWS::AutoScaling::ScalingPolicy Use the TargetTrackingConfiguration property to specify an Auto Scaling target tracking scaling policy configuration. AWS::CloudTrail::Trail Use the EventSelectors property for Amazon S3 Data Events support. AWS::CodeDeploy::DeploymentGroup Use the LoadBalancerInfo and DeploymentStyle properties to specify an Elastic Load Balancing load balancer for an in-place deployment. Use the AutoRollbackConfiguration property to configure automatic rollback for the deployment. AWS::EC2::SpotFleet In the SpotFleetRequestConfigData property type, use the ReplaceUnhealthyInstances property to indicate whether the Spot fleet should replace unhealthy instances and the Type property to specify the type of request. AWS::EC2::Subnet Use the AssignIpv6AddressOnCreation and Ipv6CidrBlock properties to create a subnet with an IPv6 CIDR block. AWS::KinesisFirehose::DeliveryStream Use the ExtendedS3DestinationConfiguration property to configure a destination in Amazon S3. Use the ProcessingConfiguration subproperty within each destination configuration to invoke Lambda functions that transform incoming source data and deliver the transformed data to destinations. AWS::RDS::DBCluster and AWS::RDS::DBInstance The default DeletionPolicy is now Snapshot for AWS::RDS::DBCluster resources and for AWS::RDS::DBInstance resources that don't specify the DBClusterIdentifier property. For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute. AWS::S3::Bucket In the Rule property type, use the AbortIncompleteMultipartUpload property to specify a lifecycle rule that aborts incomplete multipart uploads to an Amazon S3 bucket. AWS::SQS::Queue Use the KmsMasterKeyId and KmsDataKeyReusePeriodSeconds properties to configure server-side encryption for Amazon SQS. Added the Arn attribute to the Fn::GetAtt intrinsic function for the following resources: AWS::CloudTrail::Trail. Also added SnsTopicArn. AWS::CloudWatch::Alarm AWS::DynamoDB::Table AWS::ECS::Cluster AWS::IoT::Policy AWS::IoT::TopicRule AWS::Logs::Destination	2010-05-15
Support for stack tags in AWS CodePipeline artifacts	August 18, 2017	You can now specify tags for stacks in template configuration files for use as artifacts for AWS CodePipeline pipelines. Specified tags are applied to stacks created using the template configuration file. For more information, see AWS CloudFormation Artifacts.	2010-05-15
Create encrypted file systems	August 14, 2017	AWS::EFS::FileSystem Use the Encrypted property to encrypt an Amazon EFS file system during creation. Use the KmsKeyId property to optionally specify a custom customer master key to use to protect the encrypted file system.	2010-05-15
New resources for AWS Batch support	August 8, 2017	AWS::Batch::ComputeEnvironment Use the AWS::Batch::ComputeEnvironment resource to define your AWS Batch compute environment. AWS::Batch::JobDefinition Use the AWS::Batch::JobDefinition resource to specify the parameters for an AWS Batch job definition. AWS::Batch::JobQueue Use the AWS::Batch::JobQueue resource to define your AWS Batch job queue.	2010-05-15
New resources for Amazon Kinesis Data Analytics support	July 28, 2017	AWS::KinesisAnalytics::Application Use the AWS::KinesisAnalytics::Application resource to create an Amazon Kinesis Data Analytics application. AWS::KinesisAnalytics::ApplicationOutput Use the AWS::KinesisAnalytics::ApplicationOutput resource to add an external destination to your Amazon Kinesis Data Analytics application. AWS::KinesisAnalytics::ApplicationReferenceDataSource Use the AWS::KinesisAnalytics::ApplicationReferenceDataSource resource to add a reference data source to an existing Amazon Kinesis Data Analytics application.	2010-05-15
Use StackSets to centrally manage stacks across accounts and regions	July 25, 2017	StackSets enables you to create, update, or delete stacks across multiple accounts and regions in a single operation. Using an administrator account, you define and manage an AWS CloudFormation template, and use the template as the basis for provisioning stacks into selected target accounts across specified regions. For more information about StackSets, see Working with AWS CloudFormation StackSets.	2010-05-15
View stack events by client request token	July 14, 2017	In the console, stack operations display the client request token on the Events tab. All events triggered by a given stack operation are assigned the same client request token, which you can use to track operations. For more information, see Viewing Stack Data and Resources and StackEvent in the AWS CloudFormation API Reference.	2010-05-15
Use stack quick-create links	July 14, 2017	Use quick-create links to get stacks up and running quickly. You can specify the template URL, stack name, and template parameters to prepopulate a single Create Stack Wizard page. For more information, see Creating Quick-Create Links for Stacks.
New resources for AWS Database Migration Service support	July 12, 2017	AWS::DMS::Certificate Use the AWS::DMS::Certificate resource to create an SSL certificate that encrypts connections between AWS DMS endpoints and the replication instance. AWS::DMS::Endpoint Use the AWS::DMS::Endpoint resource to create an AWS DMS endpoint. AWS::DMS::EventSubscription Use the AWS::DMS::EventSubscription resource to get notifications for AWS DMS events through the Amazon Simple Notification Service. AWS::DMS::ReplicationInstance Use the AWS::DMS::ReplicationInstance resource to create an AWS DMS replication instance. AWS::DMS::ReplicationSubnetGroup Use the AWS::DMS::ReplicationSubnetGroup resource to create an AWS DMS replication subnet group. AWS::DMS::ReplicationTask Use the AWS::DMS::ReplicationTask resource to create an AWS DMS replication task.	2010-05-15
New resources	July 5, 2017	AWS::CloudWatch::Dashboard Use the AWS::CloudWatch::Dashboard resource to specify a custom CloudWatch dashboard for your CloudWatch console. AWS::ApiGateway::DomainName Use the AWS::ApiGateway::DomainName resource to specify a custom, friendly URL for your API that's deployed to Amazon API Gateway. AWS::EC2::EgressOnlyInternetGateway Use the AWS::EC2::EgressOnlyInternetGateway resource to create an egress-only internet gateway for your VPC. AWS::EMR::InstanceFleetConfig Use the InstanceFleetConfig resource to configure a Spot Instance fleet for an Amazon EMR cluster.	2010-05-15
Updated resources	July 5, 2017	AWS::ApiGateway::RestApi Use the BinaryMediaTypes property to specify supported binary media types. AWS::ApplicationAutoScaling::ScalingPolicy Use the TargetTrackingScalingPolicyConfiguration property to specify a a target tracking scaling policy configuration. AWS::CloudTrail::Trail Use the TrailName property to specify a custom name for an AWS CloudTrail resource. Use the Tags property to specify resource tags. AWS::CodeDeploy::DeploymentGroup Use the AlarmConfiguration property to configure alarms for the deployment group. Use the TriggerConfigurations property to configure notification triggers for the deployment group. AWS::EMR::Cluster Use the CoreInstanceFleet property and the MasterInstanceFleet property in the Amazon EMR Cluster JobFlowInstancesConfig property type to configure the Spot Instance fleet for an Amazon EMR cluster. AWS::DynamoDB::Table Use the TimeToLiveSpecification property to specify the Time to Live (TTL) settings for an Amazon DynamoDB table. Use the Tags property to specify resource tags for a DynamoDB table. AWS::EC2::Instance The IamInstanceProfile property now supports No interruption updates. AWS::EC2::Route Use the EgressOnlyInternetGatewayId property to specify an egress-only Internet gateway for an EC2 route. AWS::Kinesis::Stream Use the RetentionPeriodHours property to specify the number of hours that data records stored in shards remain accessible. AWS::RDS::DBCluster Use the ReplicationSourceIdentifier property to create a DB cluster as a Read Replica of another DB cluster or an Amazon RDS MySQL DB instance. AWS::Redshift::Cluster Use the LoggingProperties property to create audit log files and store them in Amazon S3.	2010-05-15
New resources	June 6, 2017	AWS::EMR::SecurityConfiguration Use the AWS::EMR::SecurityConfiguration resource to create a security configuration, which is stored in the service and can be specified when a cluster is created.	2010-05-15
Updated resources	June 6, 2017	AWS::AutoScaling::LifecycleHook The NotificationTargetARN and RoleARN properties are now optional. AWS::CloudWatch::Alarm You can now use the EvaluateLowSampleCountPercentile, ExtendedStatistic, and TreatMissingData properties when creating AWS::CloudWatch::Alarm resources. AWS::EC2::SpotFleet AWS CloudFormation supports mutable changes to Spot fleet properties. The following properties of the SpotFleetRequestConfigData property support Replacement updates: AllocationStrategy IamFleetRole LaunchSpecifications SpotPrice TerminateInstancesWithExpiration ValidFrom ValidUntil The following properties of the SpotFleetRequestConfigData property support No interruption updates: ExcessCapacityTerminationPolicy TargetCapacity AWS::EMR::InstanceGroupConfig AWS CloudFormation now supports Auto Scaling for Amazon EMR task instance groups. AWS::Events::Rule The RoleArn property is deprecated on the Rule resource. Use the RoleArn property on the Target property type to specify the IAM role to use for a target. AWS::Kinesis::Stream The ShardCount property now supports No interruption updates. AWS::Lambda::Function Use the TracingConfig property to configure tracing settings for Lambda functions. AWS::Redshift::Cluster, AWS::Redshift::ClusterParameterGroup, AWS::Redshift::ClusterSecurityGroup, and AWS::Redshift::ClusterSubnetGroup Use the Tags property to specify resource tags. AWS::RDS::DBCluster Added the ReadEndpoint.Address attribute to the Fn::GetAtt intrinsic function. AWS::S3::Bucket Added the Arn attribute to the Fn::GetAtt intrinsic function.	2010-05-15
New resources	May 11, 2017	The following new resources support using AWS WAF with Elastic Load Balancing (ELB) Application Load Balancers. AWS::WAFRegional::ByteMatchSet Use the AWS::WAFRegional::ByteMatchSet resource to identify a part of a web request that you want to inspect. AWS::WAFRegional::IPSet Use the AWS::WAFRegional::IPSet resource to specify which web requests to permit or block based on the IP addresses from which the requests originate. AWS::WAFRegional::Rule Use the AWS::WAFRegional::Rule resource to specify a combination of IPSet, ByteMatchSet, and SqlInjectionMatchSet objects that identify the web requests to allow, block, or count. AWS::WAFRegional::SizeConstraintSet Use the AWS::WAFRegional::SizeConstraintSet resource to specify a size constraint used to check the size of a web request and which parts of the request to check. AWS::WAFRegional::SqlInjectionMatchSet Use the AWS::WAFRegional::SqlInjectionMatchSet resource to allow, block, or count requests that contain malicious SQL code in a specific part of web requests. AWS::WAFRegional::WebACL Use the AWS::WAFRegional::WebACL resource to identify the web requests that you want to allow, block, or count. AWS::WAFRegional::WebACLAssociation Use the AWS::WAFRegional::WebACLAssociation resource to associate a web access control group (ACL) with a resource. AWS::WAFRegional::XssMatchSet Use the AWS::WAFRegional::XssMatchSet resource to specify the parts of web requests that you want AWS WAF to inspect for cross-site scripting attacks and the name of the header to inspect.	2010-05-15
New resources	April 28, 2017	AWS::Cognito::IdentityPool Use the AWS::Cognito::IdentityPool resource to create an Amazon Cognito identity pool. AWS::Cognito::IdentityPoolRoleAttachment Use the AWS::Cognito::IdentityPoolRoleAttachment resource to manage the role configuration for an Amazon Cognito identity pool. AWS::Cognito::UserPool Use the AWS::Cognito::UserPool resource to create an Amazon Cognito user pool. AWS::Cognito::UserPoolClient Use the AWS::Cognito::UserPoolClient resource to create a user pool client. AWS::Cognito::UserPoolGroup Use the AWS::Cognito::UserPoolGroup resource to create a user group in an Amazon Cognito user pool. AWS::Cognito::UserPoolUser Use the AWS::Cognito::UserPoolUser resource to create an Amazon Cognito user pool user. AWS::Cognito::UserPoolUserToGroupAttachment Use the AWS::Cognito::UserPoolUserToGroupAttachment resource to attach a user to an Amazon Cognito user pool group.	2010-05-15
Updated resources	April 28, 2017	AWS Config ConfigRule SourceDetails Use the MaximumExecutionFrequency subproperty of the AWS::Config::ConfigRule resource to run evaluations for a custom rule using a periodic trigger. AWS::EC2::Volume We now support Elastic Volumes for Amazon Elastic Block Store (Amazon EBS) in CloudFormation. We now support No interruption updates on three properties: VolumeType, Size, and Iops. AWS::EC2::SecurityGroup Use the GroupName property to specify a name for your Amazon EC2 security group. AWS::ECS::Service There are three new properties for AWS::ECS::Service: PlacementConstraints, PlacementStrategies, and ServiceName. AWS::ECS::TaskDefinition Use the PlacementConstraints property to define placement constraints for tasks in the service. AWS::ElastiCache::ReplicationGroup Added the ConfigurationEndPoint.Address attribute and the ConfigurationEndPoint.Port attribute to the Fn::GetAtt intrinsic function. AWS::ElasticLoadBalancingV2::LoadBalancer Use the IpAddressType property to specify the type of IP addresses that are used by the load balancer's subnets. AWS::EMR::Cluster AWS CloudFormation now supports Auto Scaling for Amazon EMR clusters. AWS::IAM::ManagedPolicy Use the ManagedPolicyName property to specify a custom name for your IAM managed policy. AWS::Lambda::Function Use the Tags property to add tags to your Lambda function. AWS::OpsWorks::Instance Added the following attributes to the Fn::GetAtt intrinsic function: AvailabilityZone, PrivateDnsName, PrivateIp, and PublicDnsName. AWS::OpsWorks::UserProfile Use the SshUsername property to specify a user's SSH name. Added the SshUsername attribute to the Fn::GetAtt intrinsic function. AWS::Redshift::Cluster Use the IamRoles property to provide a list of one or more AWS Identity and Access Management roles that the Amazon Redshift cluster can use to access other AWS services.	2010-05-15
Edit templates in YAML and JSON using AWS CloudFormation Designer	April 6, 2017	When you create AWS CloudFormation templates using Designer, you can now edit your template in both YAML and JSON in the integrated editor. You can also convert JSON templates to YAML and vice-versa, depending on your preferred template authoring language. For more information, see What Is AWS CloudFormation Designer?.	2010-05-15
New resource	April 6, 2017	AWS::SSM::Parameter Use the AWS::SSM::Parameter resource to create an SSM parameter in Parameter Store.	2010-05-15
AWS::Include transform	March 28, 2017	Use the AWS::Include transform to reference reusable snippets stored in an Amazon S3 bucket. For more information, see AWS::Include Transform.	2010-05-15
Peer your Amazon VPC with another account	March 28, 2017	You can now use AWS CloudFormation to peer your Amazon VPC with a VPC in another AWS account. For more information, see Walkthrough: Peer with an Amazon VPC in Another AWS Account.	2010-05-15
New resource	March 28, 2017	AWS::ApiGateway::UsagePlanKey Use the AWS::ApiGateway::UsagePlanKey resource to associate a usage plan key and determine which users the usage plan is applied to.	2010-05-15
Updated resources	March 28, 2017	AWS::EC2::VPCPeeringConnection Use the PeerOwnerId property and the PeerRoleArn property to peer with a VPC in another AWS account. For more information, see Walkthrough: Peer with an Amazon VPC in Another AWS Account. AWS::IAM::InstanceProfile Use the InstanceProfileName property to configure an instance profile. AWS::Lambda::Function Use the DeadLetterConfig property to configure how AWS Lambda handles events that it can't process. Node.js v0.10 is no longer supported for the Runtime property. AWS::Route53::HealthCheck There are seven new resource subproperty types for the Route 53 HealthCheck HealthCheckConfig HealthCheckConfig property: AlarmIdentifier, ChildHealthChecks, EnableSNI, HealthThreshold, InsufficientDataHealthStatus, Inverted, and MeasureLatency. AWS::SQS::Queue Use the ContentBasedDeduplication and FifoQueue properties to create First-In-First-Out (FIFO) Amazon Simple Queue Service queues. AWS::S3::Bucket You can now specify IPv6 domain names for your Amazon S3 buckets.	2010-05-15
New resources	February 10, 2017	AWS::StepFunctions::Activity Use the AWS::StepFunctions::Activity resource to create an AWS Step Functions activity. AWS::StepFunctions::StateMachine Use the AWS::StepFunctions::StateMachine resource to create a Step Functions state machine.	2010-05-15
New intrinsic function	January 17, 2017	Use the Fn::Split function to split a string into a list of string values. For more information, see Fn::Split.	2010-05-15
Console support for listing imports	January 17, 2017	Use the AWS CloudFormation console to see all of the stacks that are importing an exported output value. For more information, see Listing Stacks That Import an Exported Output Value.	2010-05-15
Updated resources	January 17, 2017	AWS::AutoScaling::AutoScalingGroup The LoadBalancerNames property can be updated without replacing the Auto Scaling group. AWS::ECS::TaskDefinition Added the NetworkMode and MemoryReservation properties. AWS::RDS::DBCluster AWS CloudFormation supports updates to the Tags property. AWS::RDS::DBInstance Added the Timezone property. AWS IoT TopicRule FirehoseAction Added the Separator property. AWS::OpsWorks::Instance Added the PublicIp attribute for the Fn::GetAtt intrinsic function.	2010-05-15
New resources	December 01, 2016	AWS::CodeBuild::Project Use the AWS::CodeBuild::Project resource to create an AWS CodeBuild project that defines how AWS CodeBuild builds your source code. AWS::SSM::Association Use the AWS::SSM::Association resource to associate an Amazon EC2 Systems Manager document with EC2 instances. AWS::EC2::SubnetCidrBlock Use the AWS::EC2::SubnetCidrBlock resource to associate a single IPv6 CIDR block with an Amazon VPC subnet. AWS::EC2::VPCCidrBlock Use the AWS::EC2::VPCCidrBlock resource to associate a single Amazon-provided IPv6 CIDR block with an Amazon VPC VPC.	2010-05-15
Updated resources for IPv6 support	December 01, 2016	AWS::EC2::Instance Added the Ipv6AddressCount and Ipv6Addresses properties. AWS::EC2::NetworkAclEntry Added the Ipv6CidrBlock property. AWS::EC2::NetworkInterface Added the Ipv6AddressCount and Ipv6Addresses properties. AWS::EC2::Route Added the DestinationIpv6CidrBlock property. AWS::EC2::SecurityGroupEgress Added the CidrIpv6 property. AWS::EC2::SecurityGroupIngress Added the CidrIpv6 property. AWS::EC2::SpotFleet Added the Ipv6AddressCount and Ipv6Addresses properties for the launch specification network interfaces. AWS::EC2::Subnet Added the Ipv6CidrBlocks attribute for the Fn::GetAtt function. AWS::EC2::VPC Added the Ipv6CidrBlocks attribute for the Fn::GetAtt function. AWS::SSM::Document Added the DocumentType property.	2010-05-15
Resource specification	November 22, 2016	Use the AWS CloudFormation resource specification to builds tools that help you create AWS CloudFormation templates. The specification is a machine-readable, JSON-formatted text file. For more information, see AWS CloudFormation Resource Specification.	2010-05-15
New resources	November 22, 2016	AWS::OpsWorks::UserProfile Use the AWS::OpsWorks::UserProfile resource to configure SSH access for users who require access to instances in an AWS OpsWorks stack. AWS::OpsWorks::Volume Use the AWS::OpsWorks::Volume resource to register an Amazon Elastic Block Store volume with an AWS OpsWorks stack.	2010-05-15
Updated resources	November 22, 2016	AWS::OpsWorks::App Added the DataSources property. AWS::OpsWorks::Instance Added the BlockDeviceMappings, AgentVersion, ElasticIps, Hostname, Tenancy, and Volumes properties. AWS::OpsWorks::Layer Added the CustomJson and VolumeConfigurations properties. AWS::OpsWorks::Stack Added the ElasticIps, EcsClusterArn, RdsDbInstances, CloneAppIds, ClonePermissions, and SourceStackId properties. AWS::RDS::DBInstance Added the CopyTagsToSnapshot property.	2010-05-15
List imports	November 22, 2016	List imports of an exported output value to track which AWS CloudFormation stacks are importing the value. For more information, see Listing Stacks That Import an Exported Output Value.	2010-05-15
Transforms	November 17, 2016	Specify the AWS Serverless Application Model (AWS SAM) that AWS CloudFormation uses to process AWS SAM syntax for serverless applications. For more information, see Transform.	2010-05-15
New resource	November 17, 2016	AWS::SNS::Subscription Use the AWS::SNS::Subscription resource to subscribe an endpoint to an Amazon Simple Notification Service topic.	2010-05-15
Updated resource	November 17, 2016	AWS::Lambda::Function Use the Environment property to specify key-value pairs (environment variables) that your AWS Lambda function can access. Use the KmsKeyArn property to specify an AWS Key Management Service key that AWS Lambda uses to encrypt and decrypt environment variables.	2010-05-15
New CLI commands	November 17, 2016	Uploading Local Artifacts to an S3 Bucket Use the aws cloudformation package command to upload local artifacts that are referenced in an AWS CloudFormation template to an S3 bucket. Quickly Deploying Templates with Transforms Use the aws cloudformation deploy command to combine the create and execute change set actions into a single command. This command is useful for quickly creating or updating stacks that contain transforms.	2010-05-15
Updated resource	November 03, 2016	AWS::CloudFront::Distribution For the CloudFront Distribution DistributionConfig property, use the HttpVersion property to specify the latest HTTP version that viewers can use to communicate with Amazon CloudFront. For the CloudFront Distribution ForwardedValues property, use the QueryStringCacheKeys property to specify the query string parameters that CloudFront uses to determine which content to cache.	2010-05-15
List stack exports	November 03, 2016	Use the AWS CloudFormation console, API, or AWS CLI to see a list of all the exported output values for a region. For more information, see Exporting Stack Output Values.	2010-05-15
Continuous delivery with stacks	November 03, 2016	Use AWS CodePipeline to build continuous delivery workflows with AWS CloudFormation stacks. For more information, see Continuous Delivery with AWS CodePipeline.	2010-05-15
Skip resources during rollback	November 03, 2016	If you have a stack in the UPDATE_ROLLBACK_FAILED state, use the ResourcesToSkip parameter for the ContinueUpdateRollback action to skip resources that AWS CloudFormation can't rollback. For more information, see the Troubleshooting section in Update Rollback Failed.	2010-05-15
Change sets enhancement	November 03, 2016	You can create a new stack using a change set.	2010-05-15
Updated resource	October 12, 2016	AWS::ElastiCache::CacheCluster Update the CacheNodeType property without replacing the cluster. AWS::ElastiCache::ReplicationGroup You can create a Redis (cluster mode enabled) replication group that can contain multiple node groups (shards), each with a primary cluster and read replicas. AWS::ElastiCache::SubnetGroup Use the CacheSubnetGroupName property to specify a name for an Amazon ElastiCache subnet group.	2010-05-15
New resources	October 06, 2016	AWS::ApiGateway::UsagePlan Use the AWS::ApiGateway::UsagePlan resource to specify a usage plan for deployed Amazon API Gateway APIs. AWS::CodeCommit::Repository Use the AWS::CodeCommit::Repository resource to create an AWS CodeCommit repository that is hosted by Amazon Web Services.	2010-05-15
Updated resources	October 06, 2016	AWS::ApiGateway::Authorizer Use the ProviderARNs property to use Amazon Cognito user pools as Amazon API Gateway API authorizers. AWS::ApiGateway::Deployment The StageName property is no longer required. AWS::ElasticLoadBalancingV2::TargetGroup For the GetAtt function, use the LoadBalancerArns attribute to retrieve the Amazon Resource Names (ARNs) of the load balancers that route traffic to the target group. AWS::RDS::DBInstance Use the Domain and DomainIAMRoleName properties to use Windows Authentication when users connect to the RDS DB instance. AWS::EC2::SecurityGroupEgress Use the DestinationPrefixListId property to specify the AWS service prefix of an Amazon VPC endpoint.	2010-05-15
Cross-stack reference enhancement	October 06, 2016	Use intrinsic functions to customize the Name value of an export or to refer to a value in the ImportValue function.	2010-05-15
AWS CloudFormation service role	September 26, 2016	Use an AWS Identity and Access Management (IAM) service role for AWS CloudFormation stack operations. AWS CloudFormation uses the role's credentials to make calls to stack resources on your behalf. For more information, see AWS CloudFormation Service Role.	2010-05-15
New feature	September 19, 2016	You can use the Export output field and the Fn::ImportValue intrinsic function to have one stack refer to resource outputs in another stack. For more information, see Outputs, Fn::ImportValue, and Walkthrough: Refer to Resource Outputs in Another AWS CloudFormation Stack.	2010-05-15
YAML support	September 19, 2016	You can use the YAML format to author AWS CloudFormation templates. YAML also allows you to, for example, add comments to your templates or use the short form for intrinsic functions. For more information, see AWS CloudFormation Template Formats.	2010-05-15
New intrinsic function	September 19, 2016	Use the Fn::Sub function to substitute variables in an input string with values that you specify. For more information, see Fn::Sub.	2010-05-15
New resources	September 19, 2016	AWS::KMS::Alias Use the AWS::KMS::Alias resource to create an alias for an AWS Key Management Service customer master key.
Updated resources	September 19, 2016	AWS::EC2::SpotFleet For the LaunchSpecifications property, use the SpotPrice property to specify a bid price for a specific instance type. AWS::ECS::Cluster Use the ClusterName property to specify a name for an Amazon Elastic Container Service cluster. AWS::ECS::TaskDefinition Use the TaskRoleArn property to specify an AWS Identity and Access Management role that Amazon Elastic Container Service containers use to make AWS calls on your behalf. Use the Family property to register a task definition to a specific family. AWS::Elasticsearch::Domain Use the ElasticsearchVersion property to specify which version of Elasticsearch to use.	2010-05-15
New resources	August 11, 2016	Use the following Elastic Load Balancing Application Load Balancer resources to distribute incoming application traffic to multiple targets, such as EC2 instances, in multiple Availability Zones: AWS::ElasticLoadBalancingV2::Listener AWS::ElasticLoadBalancingV2::ListenerRule AWS::ElasticLoadBalancingV2::LoadBalancer AWS::ElasticLoadBalancingV2::TargetGroup	2010-05-15
Updated resource	August 11, 2016	AWS::AutoScaling::AutoScalingGroup Use the TargetGroupARNs property to associate the Auto Scaling group with one or more Application Load Balancer target groups. AWS::ECS::Service For the load LoadBalancers property, use the TargetGroupArn property to associate an Amazon Elastic Container Service service with an Application Load Balancer target group.	2010-05-15
New resources	August 09, 2016	AWS CloudFormation added the following resources: AWS::ApplicationAutoScaling::ScalableTarget and AWS::ApplicationAutoScaling::ScalingPolicy Use an Application Auto Scaling scaling policy to define when and how a target resource scales. AWS::CertificateManager::Certificate Provision an AWS Certificate Manager certificate that you can use with other AWS services to enable secure connections.	2010-05-15
Updated resources	August 09, 2016	AWS CloudFormation updated the following resources: AWS::CloudFront::Distribution For the distribution configuration ViewerCertificate property, you can specify an AWS Certificate Manager certificate. For the distribution configuration Origin property, you can specify custom headers and the SSL protocols for custom origins. AWS::EFS::FileSystem You can specify the performance mode for an Amazon Elastic File System file system.	2010-05-15
New resources	July 20, 2016	AWS IoT Use AWS IoT to declare an AWS IoT policy, an X.509 certificate, an association between a policy and a principal (an X.509 certificate or other credential), an AWS IoT thing, an association between a principal and a thing, or an AWS IoT rule. AWS::IoT::Certificate AWS::IoT::Policy AWS::IoT::PolicyPrincipalAttachment AWS::IoT::Thing AWS::IoT::ThingPrincipalAttachment AWS::IoT::TopicRule	2010-05-15
Updated resources	July 20, 2016	AWS CloudFormation updated the following resources: AWS::IAM::Group, AWS::IAM::Role, AWS::IAM::User Use the name properties to specify a custom name for AWS Identity and Access Management (IAM) resources. AWS::ApiGateway::Method For the Integration property, you can use the PassthroughBehavior property to specify when Amazon API Gateway passes requests to the targeted back end. AWS::ApiGateway::Model and AWS::ApiGateway::RestApi You can specify JSON objects for the Schema and Body properties.	2010-05-15
Auto Scaling group UpdatePolicy	June 9, 2016	For the UpdatePolicy attribute, use the AutoScalingReplacingUpdate property to specify whether an Auto Scaling group and the instances it contains are replaced when you update the Auto Scaling group. During a replacement, AWS CloudFormation retains the old Auto Scaling group until it creates the new one successfully so that AWS CloudFormation can roll back to the old Auto Scaling group if the update fails. For more information, see UpdatePolicy Attribute.	2010-05-15
New resource	June 9, 2016	AWS CloudFormation added the following resources: AWS::EC2::FlowLog Creates an Amazon Elastic Compute Cloud flow log that captures IP traffic for a specified network interface, subnet, or VPC. AWS::KinesisFirehose::DeliveryStream Creates a delivery stream that delivers real-time streaming data to a destination, such as Amazon Simple Storage Service, Amazon Redshift, or Amazon Elasticsearch Service.	2010-05-15
Updated resources	June 9, 2016	AWS CloudFormation updated the following resources: AWS::Kinesis::Stream Use the Name property to specify a name for an Amazon Kinesis stream. AWS::Lambda::Function For the Code property, you can use the ZipFile property and cfn response module for nodejs4.3 runtime environments. AWS::SNS::Topic AWS CloudFormation enabled updates for the Amazon Simple Notification Service topic resource.	2010-05-15
New resource	April 25, 2016	Use the AWS::EC2::Host resource to allocate a fully dedicated physical server for launching EC2 instances.	2010-05-15
Updated resources	April 25, 2016	AWS::EC2::Instance Use the Affinity and HostId properties to launch instances onto an Amazon Elastic Compute Cloud dedicated host. AWS::ECS::Service Use the DeploymentConfiguration property to configure how many tasks can run during a deployment. AWS::ECS::TaskDefinition AWS CloudFormation added support for additional Amazon Elastic Container Service container definition properties. AWS::GameLift::Fleet Use the MaxSize and MinSize properties to specify the maximum and minimum number of EC2 instances allowed in your Amazon GameLift fleet. AWS::Lambda::Function Use the FunctionName property to specify a name for your AWS Lambda function. You can also use Python 2.7 to specify an inline function.	2010-05-15
New resources	April 18, 2016	Amazon API Gateway Use the Amazon API Gateway resources to publish, maintain, and monitor APIs at any scale. You can create APIs that clients can call to access your back-end services, such as applications running EC2 instances or code running on AWS Lambda. AWS::ApiGateway::Account AWS::ApiGateway::ApiKey AWS::ApiGateway::Authorizer AWS::ApiGateway::BasePathMapping AWS::ApiGateway::ClientCertificate AWS::ApiGateway::Deployment AWS::ApiGateway::Method AWS::ApiGateway::Model AWS::ApiGateway::Resource AWS::ApiGateway::RestApi AWS::ApiGateway::Stage AWS::Events::Rule Create an Amazon CloudWatch Events rule that monitors changes to AWS resources in your account (events). If an incoming event matches the conditions that you described in the rule, Amazon CloudWatch Events sends messages to and activates your specified targets, such as AWS Lambda functions or Amazon Simple Notification Service topics. AWS::WAF::SizeConstraintSet and AWS::WAF::XssMatchSet Use the two AWS WAF rules to check the size of a web request or to prevent cross-site scripting attacks.	2010-05-15
New resources	March 31, 2016	Use the AWS::Lambda::Alias resource to create aliases for your AWS Lambda functions and the AWS::Lambda::Version resource to create versions of your functions.	2010-05-15
Updated resources	March 31, 2016	AWS CloudFormation updated the following resources: AWS::EMR::Cluster and AWS::EMR::InstanceGroupConfig Use the EbsConfiguration property to configure Amazon Elastic Block Store storage volumes for your Amazon EMR clusters or instance groups. AWS::Lambda::Function Use the VpcConfig property to enable AWS Lambda functions to access resources in a VPC. AWS::S3::Bucket For the Amazon Simple Storage Service life cycle rules, you can specify multiple transition rules that specify when objects transition to a specified storage class.	2010-05-15
Change sets	March 29, 2016	Before updating stacks, use change sets to see how your changes might affect your running resources. For more information, see Updating Stacks Using Change Sets.	2010-05-15
New resources	March 15, 2016	Use the AWS::GameLift::Alias, AWS::GameLift::Build, and AWS::GameLift::Fleet resources to deploy multiplayer game servers in AWS.	2010-05-15
New resources	February 26, 2016	AWS CloudFormation added the following resources: AWS::ECR::Repository Create Amazon Elastic Container Registry repositories where users can push and pull Docker images. AWS::EC2::NatGateway Use the network address translator (NAT) gateway to enable EC2 instances in a private subnet to connect to the Internet. AWS::Elasticsearch::Domain Create Amazon Elasticsearch Service (Amazon ES) domains that contain the Amazon ES engine instances, which process Amazon ES requests. AWS::EMR::Cluster, AWS::EMR::InstanceGroupConfig, AWS::EMR::Step Use the Amazon EMR resources to help you analyze and process vast amounts of data. You can create clusters and then run jobs on them.	2010-05-15
Updated resources	February 26, 2016	AWS CloudFormation updated the following resources: AWS::CloudTrail::Trail Use the IsMultiRegionTrail property to specify whether to create an AWS CloudTrail trail in the region in which you create a stack or in all regions. AWS::Config::ConfigurationRecorder For the recording group, use the IncludeGlobalResourceTypes property to record all global resource types. AWS::RDS::DBCluster Use the KmsKeyId and StorageEncrypted properties to encrypt database instances in the cluster.	2010-05-15
Retain resources	February 26, 2016	For stacks in the DELETE_FAILED state, use the RetainResources parameter to retain resources that AWS CloudFormation can't delete. For more information, see Delete Stack Fails.	2010-05-15
Update stack tags	February 26, 2016	You can add, modify, or remove stack tags when you update a stack. For more information, see AWS CloudFormation Stacks Updates.	2010-05-15
Continue rolling back failed update rollbacks	January 25, 2016	For a stack in the UPDATE_ROLLBACK_FAILED state, you can continue rolling back the update to get your stack in a working state. That way, you can return the stack to its original settings and try to update it again. For more information, see Continue Rolling Back an Update.	2010-05-15
New sample templates available for the Asia Pacific (Seoul) region.	January 7, 2016	The following collection of AWS CloudFormation sample templates are for the ap-northeast-2 region: Sample Solutions Application Frameworks Services For more information, see Sample Templates.	2010-05-15
New resources	December 28, 2015	AWS CloudFormation added the following resources: AWS::DirectoryService::MicrosoftAD Use the Microsoft Active Directory resource to create a Microsoft Active Directory directory in AWS. AWS::Logs::Destination and AWS::Logs::LogStream Use the Amazon CloudWatch Logs resources to create a destination for real-time processing of log data or to create log streams, respectively. AWS::WAF::ByteMatchSet, AWS::WAF::IPSet, AWS::WAF::Rule, AWS::WAF::SqlInjectionMatchSet, and AWS::WAF::WebACL Use the AWS WAF resources to control and monitor web requests to your content.	2010-05-15
Resource updates	December 28, 2015	AWS CloudFormation updated the following resources: AWS::CloudFront::Distribution For the distribution configuration, use the WebACLId property to associate an AWS WAF web access control list (ACL) with an Amazon CloudFront distribution. For the cache behavior and default cache behavior, you can specify a default and maximum Time to Live (TTL) value. AWS::DynamoDB::Table You can create, update, or delete a global secondary index without replacing your Amazon DynamoDB table. AWS::S3::Bucket Use the ReplicationConfiguration property to specify which objects to replicate and where they are stored. Use the properties in the NotificationConfiguration property to specify filters so that Amazon Simple Storage Service sends notifications for objects that you specify.	2010-05-15
Parameter grouping and sorting	December 3, 2015	Use the AWS::CloudFormation::Interface metadata key to group and sort parameters in the AWS CloudFormation console when users create or update a stack with your template.	2010-05-15
Update policy attribute	December 3, 2015	For an Auto Scaling update policy attribute, use the MinSuccessfulInstancesPercent property to specify the percentage of instances that must signal success for a successful update.	2010-05-15
New resources	December 3, 2015	AWS CloudFormation added the following resources: AWS::CodePipeline::Pipeline and AWS::CodePipeline::CustomActionType Use the AWS CodePipeline resources to create a pipeline that describes how software changes go through a release process. AWS::Config::ConfigurationRecorder, AWS::Config::DeliveryChannel, and AWS::Config::ConfigRule Use the AWS Config resources to monitor configuration changes to specific AWS resources. AWS::KMS::Key Use the AWS Key Management Service (AWS KMS) resource to create customer master keys in AWS KMS that users can use to encrypt small amounts of data. AWS::SSM::Document Use the Amazon EC2 Systems Manager to create a document that specifies on-instance configurations.	2010-05-15
Resources update	December 3, 2015	AWS CloudFormation updated the following resources: AWS::AutoScaling::LaunchConfiguration Specify whether EBS volumes are encrypted. AWS::AutoScaling::ScalingPolicy You can use two different policy types (simple and step scaling) to specify how an Auto Scaling group scales when an Amazon CloudWatch (CloudWatch) alarm is breached. AWS::CloudTrail::Trail Use the CloudWatch properties to send logs to a CloudWatch log group. You can add tags to a trail and specify an AWS KMS key that you want to use to encrypt logs. AWS::CodeDeploy::Application, AWS::CodeDeploy::DeploymentConfig, and AWS::CodeDeploy::DeploymentGroup Use the ApplicationName, DeploymentConfigName, and DeploymentGroupName properties to specify custom names for AWS CodeDeploy resources. AWS::DynamoDB::Table Use the StreamSpecification property to specify settings for capturing changes to items stored in an Amazon DynamoDB (DynamoDB) table. AWS::EC2::Instance Use the SsmAssociations property to associate an Amazon EC2 Systems Manager document with an instance. AWS::EC2::SpotFleet Use the AllocationStrategy property to specify how to allocate target capacity across Spot pools. Use the ExcessCapacityTerminationPolicy property to specify how instances are terminated if the target capacity is below the size of the Spot fleet. AWS::Redshift::Cluster Use the KmsKeyId property to specify an AWS KMS key to encrypt data in an Amazon Redshift cluster. AWS::WorkSpaces::Workspace Use the encryption properties to encrypt data stored on volumes.	2010-05-15
Resource update	November 4, 2015	For the AWS::EC2::Volume resource, use the AutoEnableIO property to automatically resume I/O operations if a volume's data becomes inconsistent.	2010-05-15
New resources	October 1, 2015	AWS CloudFormation added the following resources: AWS::CodeDeploy::Application, AWS::CodeDeploy::DeploymentGroup, and AWS::CodeDeploy::DeploymentConfig Use the AWS CodeDeploy resources to create and apply deployments to EC2 or on-premises instances. AWS::DirectoryService::SimpleAD Use the Simple Active Directory resource to create an AWS Directory Service Simple AD, which is a Microsoft Active Directory-compatible directory. AWS::EC2::PlacementGroup Use a placement group to create a cluster of instances in a low-latency network. AWS::EC2::SpotFleet Use a Spot fleet to launch a collection of Spot instances that run interruptible tasks. AWS::Lambda::EventSourceMapping Use the event source mapping resource to specify a stream as an event source for an AWS Lambda (Lambda) function. AWS::Lambda::Permission Use a Lambda permission to add a statement to a Lambda function's policy. AWS::Logs::SubscriptionFilter Use the subscription filter to define which log events are delivered to your Kinesis stream. AWS::RDS::DBCluster and AWS::RDS::DBClusterParameterGroup Use the cluster and cluster parameter group resources to create an Amazon Aurora DB cluster. AWS::WorkSpaces::Workspace Use Amazon WorkSpaces to create cloud-based desktop experiences.	2010-05-15
Resource updates	October 1, 2015	AWS CloudFormation updated the following resources: AWS::ElastiCache::ReplicationGroup Use the Fn::GetAtt intrinsic function to get a list of read-only replica addresses and ports. AWS::OpsWorks::Stack Use the AgentVersion property to specify a particular AWS OpsWorks agent. AWS::OpsWorks::App Use the Environment property to specify environment variables for an AWS OpsWorks app. AWS::S3::Bucket For the NotificationConfiguration property, you can configure notification settings for Lambda functions and Amazon Simple Queue Service (Amazon SQS) queues.	2010-05-15
IAM condition keys	October 1, 2015	For AWS Identity and Access Management (IAM) policies, use AWS CloudFormation-specific condition keys to specify when an IAM policy takes effect. For more information, see Controlling Access with AWS Identity and Access Management.	2010-05-15
AWS CloudFormation Designer	October 1, 2015	Use AWS CloudFormation Designer to create and modify templates using a drag-and-drop interface.	2010-05-15
New resource	August 24, 2015	Use the AWS::EC2::VPCEndpoint resource to establish a private connection between your VPC and another AWS service.	2010-05-15
Resource updates	August 24, 2015	AWS CloudFormation updated the following resources: AWS::ElasticBeanstalk::Environment Use the Tags property to specify tags (key-value pairs) for an AWS Elastic Beanstalk (Elastic Beanstalk) environment. AWS::Lambda::Function For the Code property, use the ZipFile property to write the source code of your Lambda function directly in a template. Currently, you can use the ZipFile property only for nodejs runtime environments. You can still point to a file in an S3 bucket for all runtime environments, such as java8 and nodejs. AWS::OpsWorks::Instance Use the EbsOptimized property to indicate whether an instance is optimized for Amazon Elastic Block Store (Amazon EBS) I/O. AWS::RDS::DBInstance For the SourceDBInstanceIdentifier property, you can specify a database instance in another region to create a cross-region read replica.	2010-05-15
Amazon S3 template URL	August 24, 2015	For versioning-enabled buckets, you can specify a version ID in an Amazon S3 template URL when you create or update a stack, such as https://s3.amazonaws.com/templates/myTemplate.template?versionId=123ab1cdeKdOW5IH4GAcYbEngcpTJTDW.	2010-05-15
New resource	August 3, 2015	Use the AWS::EFS::FileSystem resource to create an Amazon Elastic File System (Amazon EFS) file system and the AWS::EFS::MountTarget resource to create a mount point for a file system.	2010-05-15
Permission requirement change	June 11, 2015	When you create or update an AWS::RDS::DBInstance resource, you must now also have permission to call the ec2:DescribeAccountAttributes action.	2010-05-15
New resources	June 11, 2015	AWS CloudFormation added the following resources: AWS::DataPipeline::Pipeline Use data pipelines to automate the movement and transformation of data. Amazon Elastic Container Service resources Use the AWS::ECS::Service, AWS::ECS::Cluster, and AWS::ECS::TaskDefinition resources to create Docker containers on a cluster of EC2 instances. AWS::ElastiCache::ReplicationGroup Use replication groups to create a collection of nodes with one primary read-write cluster and a maximum of five secondary read-only clusters. AWS::IAM::ManagedPolicy Use managed policies to create policies in your AWS account that you can use to apply permissions to IAM users, groups, and roles. AWS::Lambda::Function Use Lambda functions to run code in response to events. AWS::RDS::OptionGroup Use option groups to help you create and manage Amazon Relational Database Service (Amazon RDS) databases.	2010-05-15
Resource updates	June 11, 2015	AWS CloudFormation updated the following resources: AWS::EC2::Subnet Use the MapPublicIpOnLaunch property to automatically assign public IP addresses to instances in a subnet. AWS::ElastiCache::CacheCluster Use the SnapshotName property to restore snapshot data into a new Redis cache cluster. AWS::IAM::User For the LoginProfile property, use the PasswordResetRequired property so that users are required to set a new password when they log in to the AWS Management Console. AWS::OpsWorks::Layer Use the LifecycleEventConfiguration property to configure lifecycle events for an AWS OpsWorks layer. AWS::S3::Bucket For the LifecycleConfiguration property, use the NoncurrentVersionExpirationInDays and NoncurrentVersionTransition properties to specify lifecycle rules for non-current object versions.	2010-05-15
New parameter types	May 19, 2015	Whenever you use the AWS CloudFormation console to create or update a stack, you can search for AWS-specific parameter type values by ID, name, or Name tag value. AWS CloudFormation also added support for the following AWS-specific parameter types. For more information, see Parameters. AWS::EC2::AvailabilityZone::Name List<AWS::EC2::AvailabilityZone::Name> AWS::EC2::Instance::Id List<AWS::EC2::Instance::Id> AWS::EC2::Image::Id List<AWS::EC2::Image::Id> AWS::EC2::SecurityGroup::GroupName List<AWS::EC2::SecurityGroup::GroupName> AWS::EC2::Volume::Id List<AWS::EC2::Volume::Id> AWS::Route53::HostedZone::Id List<AWS::Route53::HostedZone::Id>	2010-05-15
New resources	April 16, 2015	AWS CloudFormation added the following resources: AWS::AutoScaling::LifecycleHook Use Auto Scaling lifecycle hooks to control the state of an instance after it is launched or terminated. AWS::RDS::EventSubscription Use event subscriptions to get notifications about Amazon RDS events.	2010-05-15
Resource updates	April 16, 2015	AWS CloudFormation updated the following resources: AWS::AutoScaling::AutoScalingGroup Use the NotificationConfigurations property to specify multiple notifications. AWS::AutoScaling::LaunchConfiguration Use the PlacementTenancy property to specify the tenancy of instances. Use the ClassicLinkVPCId and ClassicLinkVPCSecurityGroups properties to link EC2-Classic instances to a ClassicLink-enabled VPC. AWS::AutoScaling::ScalingPolicy Use the MinAdjustmentStep property to specify the minimum number of instances that are added or removed during a scaling event. AWS::CloudFront::Distribution For viewer certificates, use the MinimumProtocolVersion property to specify a minimum protocol version. For cache behaviors, use the CachedMethods property to specify which methods Amazon CloudFront (CloudFront) caches responses for. For origins, use the OriginPath to specify a path that CloudFront uses to request content. AWS::ElastiCache::CacheCluster For Memcached cache clusters, use the AZMode and PreferredAvailabilityZones properties to specify nodes in multiple Availability Zones (AZs). AWS::EC2::Volume Use the KmsKeyId property to specify a master key for encrypted volumes. AWS::OpsWorks::Instance Use the TimeBasedAutoScaling property to automatically scale instances based on a schedule that you specify.