AWS Documentation » AWS CloudFormation » User Guide » Release History

Release History

The following table describes important changes in each release of the AWS CloudFormation User Guide after May 2018. For notification about updates to this documentation, you can subscribe to an RSS feed.

Change	Description	Date
Updated resources	The following resources were updated: AWS::EC2::ClientVpnEndpoint, AWS::Greengrass::Group, AWS::Greengrass::ConnectorDefinition, AWS::Greengrass::CoreDefinition, AWS::Greengrass::DeviceDefinition, AWS::Greengrass::FunctionDefinition, AWS::Greengrass::LoggerDefinition, AWS::Greengrass::ResourceDefinition, and AWS::Greengrass::SubscriptionDefinition. AWS::EC2::ClientVpnEndpoint Use the SplitTunnel parameter to specify whether split-tunnel is enabled on the AWS Client VPN endpoint. AWS::Greengrass::ConnectorDefinition Use the Tags property to attach metadata to the AWS::Greengrass::ConnectorDefinition resource. AWS::Greengrass::CoreDefinition Use the Tags property to attach metadata to the AWS::Greengrass::CoreDefinition resource. AWS::Greengrass::DeviceDefinition Use the Tags property to attach metadata to the AWS::Greengrass::DeviceDefinition resource. AWS::Greengrass::FunctionDefinition Use the Tags property to attach metadata to the AWS::Greengrass::FunctionDefinition resource. AWS::Greengrass::Group Use the Tags property to attach metadata to the AWS::Greengrass::Group resource. AWS::Greengrass::LoggerDefinition Use the Tags property to attach metadata to the AWS::Greengrass::LoggerDefinition resource. AWS::Greengrass::ResourceDefinition Use the Tags property to attach metadata to the AWS::Greengrass::ResourceDefinition resource. AWS::Greengrass::SubscriptionDefinition Use the Tags property to attach metadata to the AWS::Greengrass::SubscriptionDefinition resource.	August 8, 2019
Updated resource	The following resource was updated: AWS::AppSync::GraphQLApi. AWS::AppSync::GraphQLApi In the LogConfig property type, when set to TRUE, the excludeVerboseContent property excludes sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level.	August 8, 2019
New resources	The following resources were added: AWS::ManagedBlockchain::Member and AWS::ManagedBlockchain::Node. AWS::ManagedBlockchain::Member Use the Member resource to create the first member or an additional member of an Amazon Managed Blockchain network. AWS::ManagedBlockchain::Node Use the Node resource to create a peer node in a member of an Amazon Managed Blockchain network.	August 8, 2019
New resource	The following resource was added: AWS::Glue::MLTransform AWS::Glue::MLTransform Use the AWS::Glue::MLTransform resource to manage machine learning transforms.	August 8, 2019
New resource	The following resource was added: AWS::LakeFormation::DataLakeSettings AWS::LakeFormation::DataLakeSettings Use the AWS::LakeFormation::DataLakeSettings resource to manage data lake settings.	August 8, 2019
New resource	The following resource was added: AWS::LakeFormation::Permissions AWS::LakeFormation::Permissions Use the AWS::LakeFormation:Permissions resource to grant or revoke AWS Lake Formation permissions.	August 8, 2019
New resource	The following resource was added: AWS::LakeFormation::Resource AWS::LakeFormation::Resource Use the AWS::LakeFormation::Resource resource to define the resources to which permissions are to be granted.	August 8, 2019
New resource	The following resource was added: AWS::CodeBuild::SourceCredential AWS::CodeBuild::SourceCredential Use the AWS::CodeBuild::SourceCredential resource to specify information about the credentials for a GitHub, GitHub Enterprise, or Bitbucket repository used in an AWS CodeBuild build project.	August 7, 2019
Updated resources	The following resources were updated: AWS::Batch::JobDefinition, AWS::Cognito::UserPool, AWS::Cognito::UserPoolClient, and AWS::Glue::Job. AWS::Batch::JobDefinition In the ContainerProperties property type, use the LinuxParameters property to specify Linux-specific modifications that are applied to the container, such as details for device mappings. AWS::Cognito::UserPool Use the UserPoolAddOns property to enable advanced security risk detection. Use the VerificationMessageTemplate property to define the template for verification messages. AWS::Cognito::UserPoolClient Use the AnalyticsConfiguration property to define the Amazon Pinpoint analytics configuration for collecting metrics for this user pool. AWS::Glue::Job Use the GlueVersion property to determine the versions of Apache Spark and Python that AWS Glue supports. The Python version indicates the version supported for jobs of type Spark. Use the MaxCapacity property to specify the number of AWS Glue data processing units (DPUs) that can be allocated when this job runs. A DPU is a relative measure of processing power that consists of 4 vCPUs of compute capacity and 16 GB of memory. For the NumberofWorkers property, when you specify a Python shell job (JobCommand.Name="pythonshell"), you can allocate either 0.0625 or 1 DPU. The default is 0.0625 DPU. When you specify an Apache Spark ETL job (JobCommand.Name="glueetl"), you can allocate from 2 to 100 DPUs. The default is 10 DPUs. This job type cannot have a fractional DPU allocation. Use the WorkerType property to specify the type of predefined worker that is allocated when a job runs. In the JobCommand property type, use the PythonVersion property to specify the Python version being used to execute a Python shell job.	August 2, 2019
Stack set limit increases	You can now create a maximum of 100 stack sets in your administrator account, create a maximum of 2000 stack instances per stack set, and run a maximum of 3500 stack instance operations in each region at the same time, per administrator account. For more details, see AWS CloudFormation Limits.	August 2, 2019
New resource	The following resource was added: AWS::CodeStar::GitHubRepository. AWS::CodeStar::GitHubRepository Use the AWS::CodeStar::GitHubRepository resource to create a GitHub repository where you can store source code for use with AWS workflows. If provided, your source code is uploaded to the repository after it is created.	August 2, 2019
Updated resource	You can now add tags to a CodeCommit repository in your AWS CloudFormation template. AWS::CodeCommit::Repository Use the Tags property to provide information about one or more tag key-value pairs to use when tagging a repository.	July 25, 2019
Updated resources	The following resource was updated: AWS::AmazonMQ::Broker. AWS::AmazonMQ::Broker Use the encryptionOptions property to specify an AWS-owned CMK or a customer-managed CMK.	July 22, 2019
Updated resources	The following resources were updated: AWS::Amplify::App and AWS::Amplify::Branch. AWS::Amplify::App Use the AutoBranchCreationConfig property type to automatically create branches that match a certain pattern. AWS::Amplify::Branch Use the EnableAutoBuild property to enable automatic builds for a branch.	July 18, 2019
New resources	The following resources were added: AWS::IoTEvents::DetectorModel and AWS::IoTEvents::Input. AWS::IoTEvents::DetectorModel Use the DetectorModel resource to create a detector model. AWS::IoTEvents::Input Use the Input resource to create an input.	July 18, 2019
New resource	The following resource was added: AWS::CloudWatch::AnomalyDetector. AWS::CloudWatch::AnomalyDetector Use the AWS::CloudWatch::AnomalyDetector resource to specify an anomaly detection band for a certain metric and statistic. The band represents the expected "normal" range for the metric values.	July 12, 2019
Updated resources	The following resources were updated: AWS::IoTAnalytics::Channel and AWS::IoTAnalytics::Datastore. AWS::IoTAnalytics::Channel Use the ChannelStorage property to specify channel data is stored. AWS::IoTAnalytics::Datastore Use the DatastoreStorage property to specify where data store data is stored.	June 27, 2019
New resources	The following resources were added: AWS::MediaLive::Channel, AWS::MediaLive::Input, and AWS::MediaLive::InputSecurityGroup. AWS::MediaLive::Channel The AWS::MediaLive::Channel resource creates a channel. A MediaLive channel ingests and transcodes (decodes and encodes) source content from the inputs that are attached to that channel, and packages the new content into outputs. AWS::MediaLive::Input The AWS::MediaLive::Input resource creates an input. A MediaLive input holds information that describes how the MediaLive channel is connected to the upstream system that is providing the source content that is to be transcoded. AWS::MediaLive::InputSecurityGroup The AWS::MediaLive::InputSecurityGroup resource creates an input security group. A MediaLive input security group is associated with a MediaLive input. The input security group is an "allow list" of IP addresses that controls whether an external IP address can push content to the associated MediaLive input.	June 27, 2019
Updated resource	The following resource was updated: AWS::EC2::LaunchTemplate AWS::EC2::LaunchTemplate In the SpotOptions property type, use BlockDurationMinutes to specify the required duration for the Spot Instances, and use ValidUntil to specify the end date for the Spot request.	June 25, 2019
New resource	The following resource was added: AWS::SecurityHub::Hub AWS::SecurityHub::Hub Use the AWS::SecurityHub::Hub resource to specify the implementation of the AWS Security Hub service in your account.	June 25, 2019
Updated resources	The following resource were updated: AWS::AppStream::Fleet, AWS::ServiceCatalog::CloudFormationProvisionedProduct AWS::ServiceCatalog::CloudFormationProvisionedProduct Use the ProvisioningPreferences property to specify user-defined preferences that will be applied when updating a provisioned product. AWS::AppStream::Fleet Use the IdleDisconnectTimeoutInSeconds property to specify the amount of time that users can be idle (inactive) before they are disconnected from their streaming session and the DisconnectTimeoutInSeconds time interval begins.	June 20, 2019
New resources	The following resource was added: AWS::Config::RemediationConfiguration, AWS::ServiceCatalog::StackSetConstraint AWS::Config::RemediationConfiguration Use the AWS::Config::RemediationConfiguration resource to specify the details about the remediation configuration, including the remediation action, parameters, and data to execute the action. AWS::ServiceCatalog::StackSetConstraint Use the AWS::ServiceCatalog::StackSetConstraint resource to specify a stack set constraint.	June 20, 2019
Updated resources	The following resources were updated: AWS::AppMesh::VirtualNode, AWS::CodeBuild::Project, AWS::EC2::Host, AWS::EC2::Route, AWS::EC2::VPNConnection, AWS::ECS::Cluster, AWS::ECS::Service, AWS::ECS::TaskDefinition, AWS::EFS::MountTarget, AWS::ElasticLoadBalancingV2::ListenerRule, AWS::EMR::Cluster, AWS::IoTAnalytics::Dataset, AWS::KinesisFirehose::DeliveryStream, AWS::S3::Bucket. AWS::AppMesh::VirtualNode Use ServiceDiscovery to specify whether to use AWSCloudMap or DNS for service discovery. If using AWS Cloud Map for service discovery, use AwsCloudMapServiceDiscovery to specify ServiceName, NamespaceName, and Attributes properties. Use AwsCloudMapInstanceAttribute to specify key and value pairs for AwsCloudMapServiceDiscovery. AWS::CodeBuild::Project Use the SecondarySourceVersions property to specify an array of ProjectSourceVersion objects. If secondarySourceVersions is specified at the build level, then they take over these secondarySourceVersions (at the project level). AWS::DLM::LifecyclePolicy In the PolicyDetails property type: Use the PolicyType property to determine the valid target resource types and actions a policy can manage. This field defaults to EBS_SNAPSHOT_MANAGEMENT if not present. Use the Parameters property to specify a set of optional parameters that can be provided by the policy. In the Schedule property type, use the VariableTags property to specify a collection of key/value pairs with values determined dynamically when the policy is executed. Keys may be any valid Amazon EC2 tag key. Values must be in one of the two following formats: $(instance-id) or $(timestamp). Variable tags are only valid for EBS Snapshot Management – Instance policies. AWS::EC2::Host Use the HostRecovery property to indicates whether to enable or disable host recovery for the Dedicated Host. AWS::EC2::Route Use the TransitGatewayId property to specify the ID of a transit gateway. AWS::EC2::VPNConnection Use the TransitGatewayId property to specify the ID of the transit gateway associated with the VPN connection. Use the VpnGatewayId property to specify the ID of the virtual private gateway at the AWS side of the VPN connection. AWS::ECR::Repository Use the Tags property to specify an array of key-value pairs to apply to this resource. AWS::ECS::Cluster Use the Tags property to apply metadata to clusters to help you categorize and organize them. AWS::ECS::Service Use the EnableECSManagedTags property to specify whether to enable Amazon ECS managed tags for the tasks within the service. Use the PropagateTags property to specify whether to propagate the tags from the task definition or the service to the tasks in the service. Use the Tags property to apply metadata to services to help you categorize and organize them. AWS::ECS::TaskDefinition In the ContainerDefinition property type: Use the ResourceRequirements property to specify the type and amount of a resource to assign to a container. The only supported resource is a GPU. Use the Secrets property to specify the secrets to pass to the container. Use the Tags property to apply metadata to task definitions to help you categorize and organize them. AWS::EFS::FileSystem Use the LifecyclePolicies property to specify a list of policies used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage class. AWS::EFS::MountTarget Use the IpAddress attribute to return the IPv4 address of the mount target. AWS::ElasticLoadBalancingV2::ListenerRule In the RuleCondition property type: Use the HostHeaderConfig property to specify information for a host header condition. Use the HttpHeaderConfig property to specify information for an HTTP header condition. Use the HttpRequestMethodConfig property to specify information for an HTTP method condition. Use the PathPatternConfig property to specify information for a path pattern condition. Use the QueryStringConfig property to specify information for a query string condition. Use the SourceIpConfig property to specify information for a source IP condition. AWS::EMR::Cluster In the JobFlowInstancesConfig property type, use the Ec2SubnetIds property to specify multiple EC2 subnet IDs. AWS::IoTAnalytics::Dataset When data set contents are created they are delivered to destinations specified in the ContentDeliveryRules property. Use the VersioningConfiguration property to specify how many versions of data set contents are kept. If not specified or set to null, only the latest version plus the latest succeeded version (if they are different) are kept for the time period specified by the "retentionPeriod" parameter. AWS::KinesisFirehose::DeliveryStream In the ExtendedS3DestinationConfiguration property type: Use the DataFormatConversionConfiguration property to specify the serializer, deserializer, and schema for converting data from the JSON format to the Parquet or ORC format before writing it to Amazon S3. Use the ErrorOutputPrefix property to specify a prefix that Kinesis Data Firehose evaluates and adds to failed records before writing them to S3. The Prefix property is no longer required. In the S3DestinationConfiguration property type, use the ErrorOutputPrefix property to specify a prefix that Kinesis Data Firehose evaluates and adds to failed records before writing them to S3. AWS::S3::Bucket Use the ObjectLockConfiguration property to specify an object lock configuration for the specified bucket. Use the ObjectLockEnabled property to specify whether this bucket has an object lock configuration enabled.	June 13, 2019
New resources	The following resources were added: AWS::Amplify::App, AWS::Amplify::Branch, AWS::Amplify::Domain, AWS::EC2::ClientVpnAuthorizationRule, AWS::EC2::ClientVpnEndpoint, AWS::EC2::ClientVpnRoute, AWS::EC2::ClientVpnTargetNetworkAssociation, AWS::MSK::Cluster. AWS::Amplify::App Creates apps in AWS Amplify Console. An app is a collection of branches. AWS::Amplify::Branch Creates a new branch within an AWS Amplify Console app. AWS::Amplify::Domain Allows you to connect a custom domain to your AWS Amplify Console app. AWS::EC2::ClientVpnAuthorizationRule Specifies an ingress authorization rule to add to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. AWS::EC2::ClientVpnEndpoint Specifies a Client VPN endpoint. A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated. AWS::EC2::ClientVpnRoute Specifies a network route to add to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traffic to specific resources or networks. AWS::EC2::ClientVpnTargetNetworkAssociation Specifies a target network to associate with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. AWS::MSK::Cluster Use the AWS::MSK::Cluster resource to create an Amazon MSK cluster.	June 13, 2019
Updated resources	The following resource was updated: AWS::SageMaker::NotebookInstance. AWS::SageMaker::NotebookInstance Use the AcceleratorTypes property to specify a list of Elastic Inference (EI) instance types to associate with this notebook instance. Use the AdditionalCodeRepositories property to specify an array of up to three Git repositories associated with the notebook instance. Use the DefaultCodeRepository property to specify the Git repository associated with the notebook instance as its default code repository.	June 3, 2019
New resources	The following resources were added: AWS::IoTThingsGraph::FlowTemplate, AWS::Pinpoint::ADMChannel, AWS::Pinpoint::APNSChannel, AWS::Pinpoint::APNSSandboxChannel, AWS::Pinpoint::APNSVoipChannel, AWS::Pinpoint::APNSVoipSandboxChannel, AWS::Pinpoint::App, AWS::Pinpoint::ApplicationSettings, AWS::Pinpoint::BaiduChannel, AWS::Pinpoint::Campaign, AWS::Pinpoint::EmailChannel, AWS::Pinpoint::EventStream, AWS::Pinpoint::GCMChannel, AWS::Pinpoint::SMSChannel, AWS::Pinpoint::Segment, AWS::Pinpoint::VoiceChannel, AWS::SageMaker::CodeRepository, and AWS::MSK::Cluster. AWS::IoTThingsGraph::FlowTemplate Use the AWS::IoTThingsGraph::FlowTemplate resource to specify a workflow template. AWS::Pinpoint::ADMChannel Use the AWS::Pinpoint::ADMChannel resource to specify an ADM channel. You can use the ADM channel to send push notifications through the Amazon Device Messaging (ADM) service to apps that run on Amazon devices, such as Kindle Fire tablets. AWS::Pinpoint::APNSChannel Use the AWS::Pinpoint::APNSChannel resource to specify an APNs channel. You can use the APNs channel to send push notification messages to the Apple Push Notification service (APNs). AWS::Pinpoint::APNSSandboxChannel Use the AWS::Pinpoint::APNSSandboxChannel resource to specify an APNs sandbox channel. You can use the APNs sandbox channel to send push notification messages to the sandbox environment of the Apple Push Notification service (APNs). AWS::Pinpoint::APNSVoipChannel Use the AWS::Pinpoint::APNSVoipChannel resource to specify an APNs VoIP channel. You can use the APNs VoIP channel to send VoIP notification messages to the Apple Push Notification service (APNs). AWS::Pinpoint::APNSVoipSandboxChannel Use the AWS::Pinpoint::APNSVoipSandboxChannel resource to specify an APNs VoIP sandbox channel. You can use the APNs VoIP sandbox channel to send VoIP notification messages to the sandbox environment of the Apple Push Notification service (APNs). AWS::Pinpoint::App Use the AWS::Pinpoint::App resource to specify an app. AWS::Pinpoint::ApplicationSettings Use the AWS::Pinpoint::ApplicationSettings resource to specify the settings for an Amazon Pinpoint app. AWS::Pinpoint::BaiduChannel Use the AWS::Pinpoint::BaiduChannel resource to update the settings of the Baidu channel for an application. AWS::Pinpoint::Campaign Use the AWS::Pinpoint::Campaign resource to update the settings for a campaign. AWS::Pinpoint::EmailChannel Use the AWS::Pinpoint::EmailChannel resource to update the status and settings of the email channel for an application. AWS::Pinpoint::EventStream Use the AWS::Pinpoint::EventStream resource to create a new event stream for an application or update the settings of an existing event stream for an application. AWS::Pinpoint::GCMChannel Use the AWS::Pinpoint::GCMChannel resource to specify a GCM channel. You can use the GCM channel to send push notification messages to the Firebase Cloud Messaging (FCM) service, which replaced the Google Cloud Messaging (GCM) service. AWS::Pinpoint::SMSChannel Use the AWS::Pinpoint::SMSChannel resource to specify an SMS channel. To send an SMS text message, you send the message through the SMS channel. AWS::Pinpoint::Segment Use the AWS::Pinpoint::Segment resource to create a new segment for an application or update the configuration, dimension, and other settings for an existing segment that's associated with an application. AWS::Pinpoint::VoiceChannel Use the AWS::Pinpoint::VoiceChannel resource to update the status and settings of the voice channel for an application. AWS::SageMaker::CodeRepository Use the AWS::SageMaker::CodeRepository resource to specify a Git repository as a resource in your Amazon SageMaker account.	June 3, 2019
Updated resources	The following resources were updated: AWS::CodeCommit::Repository and AWS::EC2::LaunchTemplate. Code Use the Code resource to provide information about code to be committed. S3 Use the S3 resource to provide information about the Amazon S3 bucket that contains the code that will be committed to the new repository. AWS::EC2::LaunchTemplate In the NetworkInterface property, use InterfaceType to specify the type of network interface.	May 23, 2019
New resources	The following resources were added: AWS::Backup::BackupPlan, AWS::Backup::BackupSelection, AWS::Backup::BackupVault, AWS::PinpointEmail::ConfigurationSet, AWS::PinpointEmail::ConfigurationSetEventDestination, AWS::PinpointEmail::DedicatedIpPool, AWS::PinpointEmail::Identity, AWS::Transfer::Server, AWS::Transfer::User, AWS::WAFRegional::GeoMatchSet, AWS::WAFRegional::RateBasedRule, and AWS::WAFRegional::RegexPatternSet. AWS::Backup::BackupPlan Contains an optional backup plan display name and an array of BackupRule objects, each of which specifies a backup rule. Each rule in a backup plan is a separate scheduled task and can back up a different selection of AWS resources. AWS::Backup::BackupSelection Specifies a set of resources to assign to a backup plan. AWS::Backup::BackupVault Creates a logical container where backups are stored. A CreateBackupVault request includes a name, optionally one or more resource tags, an encryption key, and a request ID. AWS::PinpointEmail::ConfigurationSet Use the AWS::PinpointEmail::ConfigurationSet resource to specify configuration sets for the Amazon Pinpoint Email API. AWS::PinpointEmail::ConfigurationSetEventDestination Use the AWS::PinpointEmail::ConfigurationSetEventDestination resource to specify destinations for events related to sending email in the Amazon Pinpoint Email API. AWS::PinpointEmail::DedicatedIpPool Use the AWS::PinpointEmail::DedicatedIpPool resource to specify groups of dedicated IP addresses in the Amazon Pinpoint Email API. AWS::PinpointEmail::Identity Use the AWS::PinpointEmail::Identity resource to specify identities (email addresses or domains) for sending email through the Amazon Pinpoint Email API. AWS::Transfer::Server Creates an autoscaling virtual server based on Secure File Transfer Protocol (SFTP) in AWS. AWS::Transfer::User Creates a user and associates them with an existing Secure File Transfer Protocol (SFTP) server. AWS::WafRegional::GeoMatchSet The AWS::WAFRegional::GeoMatchSet resource contains one or more countries that AWS WAF will search for. AWS::WafRegional::RateBasedRule The AWS::WAFRegional::RateBasedRule resource is identical to a regular Rule, with one addition: a RateBasedRule counts the number of requests that arrive from a specified IP address every five minutes. AWS::WafRegional::RegexPatternSet The AWS::WAFRegional::RegexPatternSet resource specifies the regular expression (regex) pattern that you want AWS WAF to search for.	May 23, 2019
Updated resources	The following resources were updated: AWS::AppSync::GraphQLApi, AWS::Cognito::UserPool, AWS::Glue::Classifier, AWS::Glue::Crawler, AWS::Glue::DevEndpoint, AWS::Glue::Job, and AWS::Glue::Trigger. AWS::AppSync::GraphQLApi Use the AdditionalAuthenticationProviders property to specify a list of additional authentication providers for the GraphqlApi API. Use the Tags property to specify an arbitrary set of tags (key-value pairs) for this GraphQL API. AWS::Cognito::UserPool In the PasswordPolicy property type, use the TemporaryPasswordValidityDays property to specify the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator. Note When you set TemporaryPasswordValidityDays for a user pool, you will no longer be able to set the deprecated UnusedAccountValidityDays value for that user pool. AWS::Glue::Classifier Use the CsvClassifier property to specify a classifier for comma-separated values (CSV). AWS::Glue::Crawler Use the CrawlerSecurityConfiguration property to specify the name of the SecurityConfiguration structure to be used by this crawler. Use the Tags property to specify the tags to use with this crawler request. You can use tags to limit access to the crawler. AWS::Glue::DevEndpoint Use the SecurityConfiguration property to specify the name of the SecurityConfiguration structure to be used by this DevEndpoint. Use the Tags property to specify the tags to use with this DevEndpoint. You can use tags to limit access to the DevEndpoint. AWS::Glue::Job Use the SecurityConfiguration property to specify the name of the SecurityConfiguration structure to be used with this job. Use the Tags property to specify the tags to use with this job. You can use tags to limit access to the job. AWS::Glue::Trigger Use the Tags property to specify the tags to use with this trigger. You can use tags to limit access to the trigger.	May 17, 2019
New resources	The following resources were added: AWS::Glue::DataCatalogEncryptionSettings, AWS::Glue::SecurityConfiguration, and AWS::MediaStore::Container. AWS::Glue::DataCatalogEncryptionSettings Sets the security configuration for a specified catalog. After the configuration has been set, the specified encryption is applied to every catalog write thereafter. AWS::Glue::SecurityConfiguration Creates a new security configuration. AWS::MediaStore::Container The AWS::MediaStore::Container resource specifies a storage container to hold objects. A container is similar to a bucket in Amazon S3. When you create a container using AWS CloudFormation, the template manages data for five API actions: creating a container, setting access logging, updating the default container policy, adding a cross-origin resource sharing (CORS) policy, and adding an object lifecycle policy.	May 17, 2019
Updated resource	The following resource was updated: AWS::ServiceCatalog::CloudFormationProduct. AWS::ServiceCatalog::CloudFormationProduct In the ProvisioningArtifactProperties property type, if DisableTemplateValidation is set to true, AWS Service Catalog stops validating the specified provisioning artifact even if it is invalid.	May 3, 2019
New resources	The following resources were added: AWS::ApiGatewayV2::ApiMapping and AWS::ApiGatewayV2::DomainName. AWS::ApiGatewayV2::ApiMapping The AWS CloudFormation AWS::ApiGatewayV2::ApiMapping resource contains an API mapping. AWS::ApiGatewayV2::DomainName Use the AWS CloudFormation AWS::ApiGatewayV2::DomainName resource to specify a custom, friendly URL for your API in API Gateway.	May 3, 2019
Limit for resources in concurrent stack operations	CloudFormation now enforces an account limit for the number of resources in concurrent stack operations. This limit is determined by region. For more information, see AWS CloudFormation Limits	April 30, 2019
Updated resources	The following resources were updated: AWS::Greengrass::FunctionDefinition and AWS::Greengrass::FunctionDefinitionVersion. AWS::Greengrass::FunctionDefinition In the FunctionConfiguration property type, the MemorySize and Timeout properties are no longer required. AWS::Greengrass::FunctionDefinitionVersion In the FunctionConfiguration property type, the MemorySize and Timeout properties are no longer required.	April 25, 2019
Updated resources	The following resources were updated: AWS::ECS::TaskDefinition, AWS::ElasticLoadBalancingV2::TargetGroup AWS::ECS::TaskDefinition Use the ProxyConfiguration property to specify the configuration details for an App Mesh proxy. In the ContainerDefinition property type: Use the DependsOn property to specify the dependencies defined for container startup and shutdown. Use the StartTimeout property to specify the time duration to wait before giving up on resolving dependencies for a container. Use the StopTimeout property to specify the time duration to wait before the container is forcefully killed if it doesn't exit normally on its own. AWS::ElasticLoadBalancingV2::TargetGroup Use the HealthCheckEnabled property to indicate whether health checks are enabled. The Port, Protocol, and VpcId properties are now required only if the target type is instance or ip.	April 18, 2019
New resource	The following resource was added: AWS::EC2::CapacityReservation. AWS::EC2::CapacityReservation Use the AWS::EC2::CapacityReservation resource to create a Capacity Reservation.	April 18, 2019
Updated resources	The following resource was updated: AWS::Batch::JobDefinition and AWS::ServiceCatalog::CloudFormationProvisionedProduct. AWS::Batch::JobDefinition Use the ResourceRequirement property type to specify the type and amount of a resource to assign to a container. Currently, the only supported resource type is GPU. AWS::ServiceCatalog::CloudFormationProvisionedProduct The Tags property requires the provisioned product to have a RESOURCE_UPDATE constraint with TagUpdatesOnProvisionedProduct set to ALLOWED to allow tag updates. The Tags property now requires no interruption upon update.	April 4, 2019
New resource	The following resource was added: AWS::ServiceCatalog::ResourceUpdateConstraint. AWS::ServiceCatalog::ResourceUpdateConstraint Use the AWS::ServiceCatalog::ResourceUpdateConstraint resource to create a RESOURCE_UPDATE constraint for Service Catalog.	April 4, 2019
Updated resources	The following resources were updated: AWS::AppStream::Fleet, AWS::AppStream::ImageBuilder, AWS::AppStream::Stack, and AWS::EKS::Cluster. AWS::AppStream::Fleet, AWS::AppStream::ImageBuilder, and AWS::AppStream::Stack Use the Tags property to add or overwrite one or more tags for an Amazon AppStream 2.0 fleet, stack, or image builder. AWS::EKS::Cluster Updates to the Version property no longer require replacement.	March 28, 2019
New resources	The following resources were added: AWS::AppMesh::Mesh, AWS::AppMesh::Route, AWS::AppMesh::VirtualNode, AWS::AppMesh::VirtualRouter, and AWS::AppMesh::VirtualService. AWS::AppMesh::Mesh The AWS::AppMesh::Mesh resource to specify a service mesh. A service mesh is a logical boundary for network traffic between the services that reside within it. AWS::AppMesh::Route Use the AWS::AppMesh::Route resource to specify a route that is associated with a virtual router. AWS::AppMesh::VirtualNode Use the AWS::AppMesh::VirtualNode resource to specify a virtual node within a service mesh. AWS::AppMesh::VirtualRouter Use the AWS::AppMesh::VirtualRouter resource to specify a virtual router within a service mesh. AWS::AppMesh::VirtualService Use the AWS::AppMesh::VirtualService resource to specify a virtual service within a service mesh.	March 27, 2019
New resources	The following resources were added: AWS::Greengrass::ConnectorDefinition, AWS::Greengrass::ConnectorDefinitionVersion, AWS::Greengrass::CoreDefinition, AWS::Greengrass::CoreDefinitionVersion, AWS::Greengrass::DeviceDefinition, AWS::Greengrass::DeviceDefinitionVersion, AWS::Greengrass::FunctionDefinition, AWS::Greengrass::FunctionDefinitionVersion, AWS::Greengrass::Group, AWS::Greengrass::GroupVersion, AWS::Greengrass::LoggerDefinition, AWS::Greengrass::LoggerDefinitionVersion, AWS::Greengrass::ResourceDefinition, AWS::Greengrass::ResourceDefinitionVersion, AWS::Greengrass::SubscriptionDefinition, and AWS::Greengrass::SubscriptionDefinitionVersion. AWS::Greengrass::ConnectorDefinition and AWS::Greengrass::ConnectorDefinitionVersion Use the AWS::Greengrass::ConnectorDefinition and AWS::Greengrass::ConnectorDefinitionVersion resources to create and manage your connectors. AWS::Greengrass::CoreDefinition and AWS::Greengrass::CoreDefinitionVersion Use the AWS::Greengrass::CoreDefinition and AWS::Greengrass::CoreDefinitionVersion resources to create and manage your cores. AWS::Greengrass::DeviceDefinition and AWS::Greengrass::DeviceDefinitionVersion Use the AWS::Greengrass::DeviceDefinition and AWS::Greengrass::DeviceDefinitionVersion resources to create and manage your devices. AWS::Greengrass::FunctionDefinition and AWS::Greengrass::FunctionDefinitionVersion Use the AWS::Greengrass::FunctionDefinition and AWS::Greengrass::FunctionDefinitionVersion resources to create and manage your functions. AWS::Greengrass::Group and AWS::Greengrass::GroupVersion Use the AWS::Greengrass::Group and AWS::Greengrass::GroupVersion resources to create and manage your Greengrass groups. AWS::Greengrass::LoggerDefinitionVersion and AWS::Greengrass::LoggerDefinition Use the AWS::Greengrass::LoggerDefinition and AWS::Greengrass::LoggerDefinitionVersion resources to create and manage your logging configuration. AWS::Greengrass::ResourceDefinition and AWS::Greengrass::ResourceDefinitionVersion Use the AWS::Greengrass::ResourceDefinition and AWS::Greengrass::ResourceDefinitionVersion resources to create and manage your local, machine learning, and secret resources. AWS::Greengrass::SubscriptionDefinition and AWS::Greengrass::SubscriptionDefinitionVersion Use the AWS::Greengrass::SubscriptionDefinition and AWS::Greengrass::SubscriptionDefinitionVersion resources to create and manage your subscriptions.	March 15, 2019
Updated resources	The following resources were updated: AWS::CodeBuild::Project, AWS::OpsWorksCM::Server, and AWS::SageMaker::NotebookInstance. AWS::CodeBuild::Project In the Project Source property type, use the GitSubmodulesConfig property to get information about Git submodules for a project. In the Project S3Logs property type, use the EncryptionDisabled property to disable encryption on S3 build logs. AWS::OpsWorksCM::Server Use the AssociatePublicIpAddress property to associate a public IP address with the server. AWS::SageMaker::NotebookInstance Use the RootAccess property to specify whether root access is enabled or disabled for users of the notebook instance.	March 14, 2019
Updated resources	The following resources were updated: AWS::StepFunctions::Activity and AWS::StepFunctions::StateMachine. AWS::StepFunctions::Activity Use the Tags property to specify the tags (key-value pairs) that you want to attach to the Step Functions activity. AWS::StepFunctions::StateMachine Use the Tags property to specify the tags (key-value pairs) that you want to attach to the Step Functions state machine.	March 7, 2019
Updated resource	The following resource was updated: AWS::SageMaker::NotebookInstance. AWS::SageMaker::NotebookInstance Use the VolumeSizeInGB property to specify the size in GB of the persisted machine learning storage volume that is provisioned and attached to the Amazon SageMaker notebook instance.	February 28, 2019
Updated resources	The following resources were updated: AWS::ApiGateway::ApiKey, AWS::CodeBuild::Project, AWS::Elasticsearch::Domain, AWS::RDS::DBCluster, and AWS::RDS::DBInstance. AWS::ApiGateway::ApiKey Use the Value property to specify the value of the API key. AWS::CodeBuild::Project In the ProjectCache property type, you can use the Modes property to specify the type cache an AWS CodeBuild project uses. AWS::Elasticsearch::Domain Use the NodeToNodeEncryptionOptions property to specify whether node-to-node encryption is enabled. AWS::RDS::DBCluster Use the SourceRegion property to specify the AWS Region which contains the source DB cluster when replicating a DB cluster. AWS::RDS::DBInstance Use the UseDefaultProcessorFeatures property to specify that the DB instance class of the DB instance uses its default processor features.	February 21, 2019
New resources	The following resources were added: AWS::RAM::ResourceShare, AWS::RoboMaker::Fleet, AWS::RoboMaker::Robot, AWS::RoboMaker::RobotApplication, AWS::RoboMaker::RobotApplicationVersion, AWS::RoboMaker::SimulationApplication, and AWS::RoboMaker::SimulationApplicationVersion. AWS::RAM::ResourceShare Use the AWS::RAM::ResourceShare resource to create, update, and delete an Amazon ResourceShare. AWS::RoboMaker::Fleet Use the AWS::RoboMaker::Fleet resource to to create an AWS RoboMaker fleet. AWS::RoboMaker::Robot Use the AWS::RoboMaker::Robot resource to create an AWS RoboMaker robot. AWS::RoboMaker::RobotApplication Use the AWS::RoboMaker::RobotApplication resource to create an AWS RoboMaker robot application. AWS::RoboMaker::RobotApplicationVersion Use the AWS::RoboMaker::RobotApplicationVersion resource to create a version of an AWS RoboMaker robot application. AWS::RoboMaker::SimulationApplication Use the AWS::RoboMaker::SimulationApplication resource to create an AWS RoboMaker simulation application. AWS::RoboMaker::SimulationApplicationVersion Use the AWS::RoboMaker::SimulationApplicationVersion resource to create a version of an AWS RoboMaker simulation application.	February 21, 2019
Updated resource	The following resource was updated: AWS::CodeBuild::Project. AWS::CodeBuild::Project In the ProjectTriggers property type, you can use the WebhookFilters property to specify the webhook events that trigger a new AWS CodeBuild build.	February 15, 2019
New resources	The following resources were added: AWS::FSx::FileSystem, AWS::KinesisAnalyticsv2::Application, AWS::KinesisAnalyticsv2::ApplicationCloudWatchLoggingOption, AWS::KinesisAnalyticsv2::ApplicationOutput, and AWS::KinesisAnalyticsv2::ApplicationReferenceDataSource. AWS::FSx::FileSystem Use the AWS::FSx::FileSystem resource to create a new Amazon FSx for Lustre or Amazon FSx for Windows File Server file system. AWS::KinesisAnalyticsV2::Application Use the AWS::KinesisAnalyticsV2::Application resource to create an Amazon Kinesis Data Analytics application. AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption Use the AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption resource to add an Amazon CloudWatch log stream to monitor application configuration errors. AWS::KinesisAnalyticsV2::ApplicationOutput Use the AWS::KinesisAnalyticsV2::ApplicationOutput resource to describe a SQL-based Amazon Kinesis Data Analytics application's output configuration. AWS::KinesisAnalyticsV2::ApplicationReferenceDataSource Use the AWS::KinesisAnalyticsV2::ApplicationReferenceDataSource resource to describe a reference data source for a SQL-based Amazon Kinesis Data Analytics application.	February 15, 2019
Updated resources	The following resources were updated: AWS::OpsWorksCM::Server, AWS::ServiceDiscovery::Instance, and AWS::ServiceDiscovery::Service. AWS::OpsWorksCM::Server EngineAttributes were updated to include additional attributes that you can use to create an AWS OpsWorks for Puppet Enterprise master server. AWS::ServiceDiscovery::Instance The InstanceAttributes property now takes a String map value. AWS::ServiceDiscovery::Service The DNSConfig property is no longer required. An update to the HealthCheckCustomConfig property now requires replacement.	February 8, 2019
New resources	The following resources were added: AWS::ApiGatewayV2::Api, AWS::ApiGatewayV2::Authorizer, AWS::ApiGatewayV2::Deployment, AWS::ApiGatewayV2::Integration, AWS::ApiGatewayV2::IntegrationResponse, AWS::ApiGatewayV2::Model, AWS::ApiGatewayV2::Route, AWS::ApiGatewayV2::RouteResponse, and AWS::ApiGatewayV2::Stage. AWS::ApiGatewayV2::Api Use the AWS::ApiGatewayV2::Api resource to manage an API Gateway WebSocket API. AWS::ApiGatewayV2::Authorizer Use the AWS::ApiGatewayV2::Authorizer resource to represent an API Gateway authorizer function. AWS::ApiGatewayV2::Deployment Use the AWS::ApiGatewayV2::Deployment resource to create an API Gateway WebSocket API deployment. AWS::ApiGatewayV2::Integration Use the AWS::ApiGatewayV2::Integration resource to specify information about the target backend that an API Gateway route calls. AWS::ApiGatewayV2::IntegrationResponse Use the AWS::ApiGatewayV2::IntegrationResponse resource to specify the response that API Gateway sends after a route's backend finishes processing a WebSocket message. AWS::ApiGatewayV2::Model Use the AWS::ApiGatewayV2::Model resource to define the structure of a route request or response payload for an API Gateway WebSocket API. AWS::ApiGatewayV2::Route Use the AWS::ApiGatewayV2::Route resource to specify information that is expected to be present in a WebSocket message payload. AWS::ApiGatewayV2::RouteResponse Use the AWS::ApiGatewayV2::RouteResponse resource to define the responses that can be sent to the client that sends a message to an API Gateway WebSocket API. AWS::ApiGatewayV2::Stage Use the AWS::ApiGatewayV2::Stage resource to create a stage for an API Gateway WebSocket API deployment.	February 8, 2019
Updated resources	The following resources were updated: AWS::CodeBuild::Project and AWS::ElasticLoadBalancingV2::Listener. AWS::CodeBuild::Project In the Environment property type, you can use the ImagePullCredentialsType property to specify the type of credentials AWS CodeBuild uses to pull images in your build. In the Environment property type, you can use the RegistryCredential property to provide information about credentials that provide access to a private Docker registry. AWS::ElasticLoadBalancingV2::Listener Create TLS listeners for your Network Load Balancers.	January 24, 2019
New resource	The following resource was added: AWS::OpsWorksCM::Server. AWS::OpsWorksCM::Server Use the AWS::OpsWorksCM::Server resource to create an AWS OpsWorks for Chef Automate or AWS OpsWorks for Puppet Enterprise server.	January 24, 2019
UpdateReplacePolicy attribute added	Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation. For more information, see UpdateReplacePolicy Attribute.	January 23, 2019
Updated resource	The following resource was updated: AWS::Inspector::AssessmentTarget AWS::Inspector::AssessmentTarget The ResourceGroupArn property is no longer required. If unspecified, all Amazon EC2 instances in your AWS account in the current region will be included in the assessment target.	January 17, 2019
Updated resource	The following resource was updated: AWS::ServiceCatalog::CloudFormationProvisionedProduct. AWS::ServiceCatalog::CloudFormationProvisionedProduct The ProductId property now requires no interruption upon update. The ProductName property now requires no interruption upon update. Each time a stack is created or updated, if ProductName is provided it will successfully resolve to ProductId as long as only one product exists in the account/region with that ProductName.	January 10, 2019
New resources	The following resources were added: AWS::DocDB::DBCluster, AWS::DocDB::DBClusterParameterGroup, AWS::DocDB::DBInstance, and AWS::DocDB::DBSubnetGroup. AWS::DocDB::DBCluster Use the AWS::DocDB::DBCluster resource to manage an Amazon DocumentDB cluster. AWS::DocDB::DBClusterParameterGroup Use the AWS::DocDB::DBClusterParameterGroup resource to manage an Amazon DocumentDB cluster parameter group. AWS::DocDB::DBInstance Use the AWS::DocDB::DBInstance resource to manage an Amazon DocumentDB instance. AWS::DocDB::DBSubnetGroup Use the AWS::DocDB::DBSubnetGroup resource to describe an Amazon DocumentDB subnet group.	January 10, 2019
Updated resources	The following resources were updated: AWS::AmazonMQ::Broker, AWS::AmazonMQ::Configuration, and AWS::SageMaker::Model. AWS::AmazonMQ::Broker Use the Tags property to specify an array of key-value pairs for cost allocation tagging. AWS::AmazonMQ::Configuration Use the Tags property to specify an array of key-value pairs for cost allocation tagging. AWS::SageMaker::Model Use the Containers property to specify the list of containers in the inference pipeline.	January 3, 2019
New resource	The following resource was added: AWS::Route53Resolver::ResolverRuleAssociation. AWS::Route53Resolver::ResolverRuleAssociation Use the AWS::Route53Resolver::ResolverRuleAssociation resource to associate an Amazon Route 53 Resolver rule and a VPC that you created using Amazon Virtual Private Cloud (Amazon VPC).	January 3, 2019
Updated resource	The following resource was updated: AWS::AmazonMQ::Broker. AWS::AmazonMQ::Broker The following attributes are now available using the Fn::Getatt intrinsic function: IpAddresses MqttEndpoints OpenWireEndpoints AmqpEndpoints StompEndpoints WssEndpoints	December 13, 2018
Stack instance operation limit	For StackSets, you can have a maximum of 1500 stack instance operations running in a given region at the same time, per administrator account. For more information, see AWS CloudFormation Limits.	December 13, 2018
New resources	The following resources were added: AWS::AmazonMQ::ConfigurationAssociation, AWS::IoTAnalytics::Channel, AWS::IoTAnalytics::Dataset, AWS::IoTAnalytics::Datastore, and AWS::IoTAnalytics::Pipeline. AWS::AmazonMQ::ConfigurationAssociation Use the AWS::AmazonMQ::ConfigurationAssociation resource to associate a configuration with a broker, or return information about the specified configuration association. AWS::IoTAnalytics::Channel Use the AWS::IoTAnalytics::Channel resource to create a channel. A channel collects data from an MQTT topic and archives the raw, unprocessed messages before publishing the data to a pipeline. AWS::IoTAnalytics::Dataset Use the AWS::IoTAnalytics::Dataset resource to create a data set. A data set retrieves data from a data store and allows you to explore and analyze your data using machine learning tools. AWS::IoTAnalytics::Datastore Use the AWS::IoTAnalytics::Datastore resource to create a data store. A data store holds messages from a channel which have been processed through a pipeline. AWS::IoTAnalytics::Pipeline Use the AWS::IoTAnalytics::Pipeline resource to create a pipeline. A pipeline consumes messages from one or more channels and allows you to process the messages before storing them in a data store.	December 13, 2018
The CAPABILITY_AUTO_EXPAND capability is now available.	Use the CAPABILITY_AUTO_EXPAND capability to create or update a stack directly from a stack template that contains macros, without first reviewing the resulting changes in a change set first. For more information, see CreateStack or UpdateStack in AWS CloudFormation API Reference.	December 7, 2018
Updated resource	The following resource was updated: AWS::CodeBuild::Project. AWS::CodeBuild::Project In the Environment property type, you can use the Certificate property to specify a certificate to use with your build project. In the Artifacts property type, you can use the ArtifactIdentifier property to identify the project artifact. In the Source property type, you can use the SourceIdentifier property to identify the project source.	December 6, 2018
Updated resource	The following resource was updated: AWS::Lambda::Function AWS::Lambda::Function Use the Layers property to specify a list of Amazon Resource Names (ARNs) for the function layers to add to the function's execution environment.	November 29, 2018
New resources	The following resources were added: AWS::Lambda::LayerVersion, AWS::Lambda::LayerVersionPermission. AWS::Lambda::LayerVersion Use the AWS CloudFormation AWS::Lambda::LayerVersion resource to create a layer version in AWS Lambda. AWS::Lambda::LayerVersionPermission Use the AWS CloudFormation AWS::Lambda::LayerVersionPermission resource to give other accounts permission to use a layer version in AWS Lambda.	November 29, 2018
Updated resources	The following resources were updated: AWS::DynamoDB::Table, AWS::EC2::Instance, and AWS::ServiceDiscovery::Service. AWS::DynamoDB::Table Use the BillingMode property to specify how you are charged for read and write throughput and how you manage capacity. The ProvisionedThroughput property is now conditional. In the GlobalSecondaryIndex property type, the ProvisionedThroughput property is now conditional. AWS::EC2::Instance Use the ElasticInferenceAccelerators property to specify a list of elastic inference accelerators for an instance. Use the LicenseSpecifications property to associate a list of license configuration with an instance. AWS::ServiceDiscovery::Service Use the NamespaceId property to specify the ID of the namespace that you want to use to create the service. In the DnsConfig property type, use the RoutingPolicy property to specify the routing policy that you want to apply to all DNS records that AWS Cloud Map creates when you register an instance and specify this service.	November 28, 2018
New resource	The following resource was added: AWS::ServiceDiscovery::HttpNamespace. AWS::ServiceDiscovery::HttpNamespace Use the HttpNamespace resource to create an HTTP namespace for Cloud Map.	November 28, 2018
New resources	The following resources were added: AWS::EC2::TransitGateway, AWS::EC2::TransitGatewayAttachment, AWS::EC2::TransitGatewayRoute, AWS::EC2::TransitGatewayRouteTable, AWS::EC2::TransitGatewayRouteTableAssociation, and AWS::EC2::TransitGatewayRouteTablePropagation. AWS::EC2::TransitGateway Use the AWS::EC2::TransitGateway resource to create a transit gateway. AWS::EC2::TransitGatewayAttachment Use the AWS::EC2::TransitGatewayAttachment resource to create an attachment between a VPC and a transit gateway. AWS::EC2::TransitGatewayRoute Use the AWS::EC2::TransitGatewayRoute resource to create a static route for a transit gateway route table. AWS::EC2::TransitGatewayRouteTable Use the AWS::EC2::TransitGatewayRouteTable resource to create a route table for a transit gateway. AWS::EC2::TransitGatewayRouteTableAssociation Use the AWS::EC2::TransitGatewayRouteTableAssociation resource to associate an attachment with a transit gateway route table. AWS::EC2::TransitGatewayRouteTablePropagation Use the AWS::EC2::TransitGatewayRouteTablePropagation resource to enable an attachment to propagate routes.	November 26, 2018
New resources	The following resources were added: Alexa::ASK::Skill, AWS::AppSync::FunctionConfiguration, AWS::EC2::EC2Fleet, AWS::Kinesis::StreamConsumer, AWS::Route53Resolver:ResolverEndpoint, and AWS::Route53Resolver::ResolverRule. Alexa::ASK::Skill Use the Alexa::ASK::Skill resource to create an Alexa skill. AWS::AppSync::FunctionConfiguration Use the AWS::AppSync::FunctionConfiguration resource to describe the functions defined with appsync datasource in AWS AppSync. AWS::EC2::EC2Fleet Use the AWS::EC2::EC2Fleet resource to launch an EC2 Fleet that can include multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet. AWS::Kinesis::StreamConsumer Use the AWS::Kinesis::StreamConsumer resource to to register a consumer with a Kinesis data stream. AWS::Route53Resolver::ResolverEndpoint Use the AWS::Route53Resolver::ResolverEndpoint resource to specify settings for inbound or outbound endpoints for Amazon Route 53. AWS::Route53Resolver::ResolverRule Use the AWS::Route53Resolver::ResolverRule resource to specify detailed information about a resolver rule, which specifies how to route DNS queries out of a VPC for Amazon Route 53.	November 20, 2018
Updated resources	The following resources were updated: AWS::ApiGateway::Deployment, AWS::ApiGateway::Stage, AWS::AutoScaling::AutoScalingGroup, AWS::EC2::EIP, AWS::ElasticLoadBalancingV2::Listener, AWS::EMR::Cluster, AWS::OpsWorks::Layer, AWS::RDS::DBCluster, AWS::RDS::DBInstance, AWS::S3::Bucket, and AWS::SNS::Topic. AWS::ApiGateway::Deployment In the StageDescription property type, use the Tags property to specify the AWS CloudFormation resource tags to associate with the stage. AWS::ApiGateway::Stage Use the Tags property to specify the AWS CloudFormation resource tags to associate with the stage. AWS::AutoScaling::AutoScalingGroup Use the MixedInstancesPolicy property to provision a combination of On-Demand Instances and Spot Instances across multiple instance types. When you create your Auto Scaling group, you can specify a launch configuration or template as a parameter for the top-level object, or you can specify a mixed instances policy, but not both at the same time. AWS::EC2::EIP Use the PublicIpv4Pool property to specify the ID of an address pool that you own to let Amazon EC2 select an address from the address pool. AWS::ElasticLoadBalancingV2::Listener In the Action property type: Use the AuthenticateCognitoConfig property to specify request parameters to use when integrating with Amazon Cognito to authenticate users. Use the AuthenticateOidcConfig property to request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users. Use the FixedResponseConfig property to specify information about an action that returns a custom HTTP response. Use the RedirectConfig property to specify information about a redirect action. AWS::ElasticLoadBalancingV2::ListenerRule In the Actions property type: Use the AuthenticateCognitoConfig property to specify request parameters to use when integrating with Amazon Cognito to authenticate users. Use the AuthenticateOidcConfig property to request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users. Use the FixedResponseConfig property to specify information about an action that returns a custom HTTP response. Use the RedirectConfig property to specify information about a redirect action. AWS::EMR::Cluster Use the HadoopJarStepConfig property type to specify a job flow step consisting of a JAR file whose main function will be executed. Use the StepConfig property type to specify a cluster (job flow) step. Use the KeyValue property type to specify a key value pair. In the JobFlowInstancesConfig property type, use KeepJobFlowAliveWhenNoSteps property to specify whether the cluster should remain available after completing all steps. AWS::OpsWorks::Layer In the VolumeConfiguration property type, use the Encrypted property to specify whether an Amazon EBS volume is encrypted. AWS::RDS::DBCluster Use the DeletionProtection property to indicate whether the DB cluster should have deletion protection enabled. The database can't be deleted when this value is set to true. If you want to delete a stack with a protected cluster, update this value to false before you delete the stack. AWS::RDS::DBInstance Use the DeleteAutomatedBackups property to indicate whether automated backups should be deleted (true) or retained (false) when you delete a DB instance. The default is true. Use the DeletionProtection property to indicate whether the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to true. If you want to delete a stack with a protected instance, update this value to false before you delete the stack. AWS::S3::Bucket Use the PublicAccessBlockConfiguration property to specify the public access configuration for an Amazon S3 bucket. AWS::SNS::Topic Use the KmsMasterKeyId property to specify an AWS KMS key identifier. This can be a key ID, key ARN, or key alias.	November 19, 2018
Updated resource	The following resource was updated: AWS::CodePipeline::Pipeline. AWS::CodePipeline::Pipeline Use the ArtifactStores property to specify a list of ArtifactStoreMap mappings. There must be an artifact store for the pipeline region and for each cross-region action within the pipeline. You can only use either ArtifactStore or ArtifactStores, not both. In the Actions property type, use the Region property to specify the action’s AWS Region, such as us-east-1.	November 13, 2018
Stack drift detection added	Drift detection enables you to detect whether a stack's actual configuration differs, or has drifted, from its expected template configuration as defined within AWS CloudFormation. You can have AWS CloudFormation detect drift on an entire stack, or individual stack resources. For more information, see Detecting Unmanaged Configuration Changes to Stacks and Resources.	November 13, 2018
Updated resources	The following resources have been updated: AWS::ApiGateway::Deployment, AWS::ApiGateway::Stage, AWS::CloudWatch::Alarm, AWS::EC2::SecurityGroupIngress, AWS::IAM::Role, AWS::IAM::User, AWS::IoT::TopicRule, AWS::KMS::Key, AWS::RDS::DBCluster, AWS::RDS::DBInstance, AWS::Route53::RecordSet, AWS::S3::Bucket, and AWS::Workspaces::Workspace. AWS::ApiGateway::Deployment In the StageDescription property type, use the TracingEnabled property to specify whether active tracing with X-ray is enabled for this stage. AWS::ApiGateway::Stage Use the TracingEnabled property to specify whether active tracing with X-ray is enabled for this stage. AWS::CloudWatch::Alarm Use the DatapointsToAlarm property to specify the number of datapoints that must be breaching to trigger the alarm. This is used only if you are setting an "M out of N" alarm. In that case, this value is the M. AWS::EC2::SecurityGroupIngress Use the SourcePrefixListId property to specify the AWS service prefix of an Amazon VPC endpoint. AWS::IAM::Role Use the PermissionsBoundary property to specify the policy that is used to set the permissions boundary for the role. AWS::IAM::User Use the PermissionsBoundary property to specify the policy that is used to set the permissions boundary for the user. AWS::IoT::TopicRule In the TopicRulePayload property type, use the ErrorActions property to specify the action to take when an error occurs. In the Action property type: Use the IoTAnalytics property to send message data to an AWS IoT Analytics channel. Use the StepFunctionsAction property to start execution of a Step Functions state machine. AWS::KMS::Key Use the PendingWindowInDays property to specify the waiting period, specified in number of days, after which AWS KMS deletes the customer master key (CMK). AWS::RDS::DBInstance Use the EnableCloudwatchLogsExports property to specify the list of log types that need to be enabled for exporting to CloudWatch Logs. Use the EnableIAMDatabaseAuthentication property to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. Use the EnablePerformanceInsights property to enable Performance Insights for the DB instance. Use the PerformanceInsightsKMSKeyId property to specify the AWS KMS key identifier for encryption of Performance Insights data. The AWS KMS key ID is the Amazon Resource Name (ARN), AWS KMS key identifier, or the AWS KMS key alias for the AWS KMS encryption key. Use the PerformanceInsightsRetentionPeriod property to specify the amount of time, in days, to retain Performance Insights data. Use the ProcessorFeatures property to specify the number of CPU cores and the number of threads per core for the DB instance class of the DB instance. Use the PromotionTier property to specify the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. AWS::RDS::DBCluster Use the EnableCloudwatchLogsExports property to specify the list of log types that need to be enabled for exporting to CloudWatch Logs. Use the EnableIAMDatabaseAuthentication property to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. Use the BacktrackWindow property to specify the target backtrack window, in seconds. To disable backtracking, specify 0. If specified, this property must be set to a number from 0 to 259,200 (72 hours). AWS::Route53::RecordSet Use the MultiValueAnswer property to route traffic approximately randomly to multiple resources, such as web servers. Create one multivalue answer record for each resource and specify true for MultiValueAnswer. AWS::S3::Bucket Use the RegionalDomainName attribute with the Fn::GetAtt function to return the regional domain name of the specified bucket. AWS::Workspaces::Workspace Use the Tags property to specify the tags (key-value pairs) that you want to attach to the WorkSpace. Use the WorkspaceProperties property to specify information about a WorkSpace.	November 9, 2018
The secretsmanager dynamic reference is now available.	Use the secretsmanager dynamic reference to retrieve entire secrets or secret values that are stored in AWS Secrets Manager for use in your templates. Secrets can be database credentials, passwords, third-party API keys, and even arbitrary text. Using the secretsmanager dynamic reference guarantees that neither Secrets Manager nor CloudFormation logs or persists any resolved secret value. For more information, see Using Dynamic References to Specify Template Values.	November 9, 2018
New resources	The following resources were added: AWS::DLM::LifecyclePolicy, AWS::SecretsManager::ResourcePolicy, AWS::SecretsManager::RotationSchedule, AWS::SecretsManager::Secret, and AWS::SecretsManager::SecretTargetAttachment. AWS::DLM::LifecyclePolicy The AWS::DLM::LifecyclePolicy resource creates a lifecycle policy for Amazon Data Lifecycle Manager. AWS::SecretsManager::ResourcePolicy Use the AWS::SecretsManager::ResourcePolicy resource to define a resource-based policy and attach it to a secret that's stored in Secrets Manager. AWS::SecretsManager::RotationSchedule Use the AWS::SecretsManager::RotationSchedule resource to configure rotation for a secret. AWS::SecretsManager::Secret Use the AWS::SecretsManager::Secret resource to create a secret and stores it in Secrets Manager. AWS::SecretsManager::SecretTargetAttachment Use the AWS::SecretsManager::SecretTargetAttachment resource to complete the final link between a Secrets Manager secret and its associated database.	November 9, 2018
Updated resource	The following resource was updated: AWS::SSM:MaintenanceWindow. AWS::SSM:MaintenanceWindow Use the StartDate and StartDate property types to specify when you want the Maintenance Window to become active or inactive. Use the ScheduleTimezone property type to specify the time zone to base scheduled Maintenance Window executions on, in Internet Assigned Numbers Authority (IANA) format.	November 1, 2018
Updated resources	The following resources were updated: AWS::AppSync::DataSource, AWS::AppSync::Resolver, AWS::AutoScalingPlans::ScalingPlan, AWS::Batch::JobDefinition, AWS::Batch::ComputeEnvironment, AWS::CloudWatch::Alarm, AWS::IoT1Click::Placement, and AWS::IoT1Click::Project. AWS::AppSync::DataSource Use the RelationalDatabaseConfig property type to specify RelationalDatabaseConfig for an AWS AppSync data source. In the HttpConfig property type, use the AuthorizationConfig property to specify the authorization type and configurations for an AWS AppSync http data source. AWS::AppSync::Resolver Use the PipelineConfig property type to specify PipelineConfig for an AWS AppSync data source to connect with functions. AWS::AutoScalingPlans::ScalingPlan Use the ScalingInstruction property type to configure predictive scaling as part of the scaling configuration for an Amazon EC2 Auto Scaling group in an AWS Auto Scaling scaling plan. Use the PredefinedLoadMetricSpecification property type to specify a predefined load metric for predictive scaling to use with AWS Auto Scaling. Use the CustomizedLoadMetricSpecification property type to specify a customized load metric for predictive scaling to use with AWS Auto Scaling. AWS::Batch::JobDefinition The AWS::Batch::JobDefinition resource was updated to support AWS Batch multi-node parallel jobs. AWS::Batch::ComputeEnvironment The AWS::Batch::ComputeEnvironment resource was updated to support Amazon EC2 launch templates and placement groups. AWS::CloudWatch::Alarm Use the Metrics property to specify the metric data to return. The MetricName, Namespace, and Period properties are now optional. AWS::IoT1Click::Placement The PlacementName property is now optional. AWS::IoT1Click::Project The ProjectName property is now optional.	October 25, 2018
New resources	The following resources were added: AWS::AppStream::DirectoryConfig, AWS::AppStream::Fleet, AWS::AppStream::ImageBuilder, AWS::AppStream::Stack, AWS::AppStream::StackFleetAssociation, AWS::AppStream::StackUserAssociation, AWS::AppStream::User. AWS::AppStream::DirectoryConfig Use the AWS::AppStream::DirectoryConfig resource to describe the configuration information required to join Amazon AppStream 2.0 fleets and image builders to Microsoft Active Directory domains. AWS::AppStream::Fleet Use the AWS::AppStream::Fleet resource to create a fleet for Amazon AppStream 2.0. A fleet consists of streaming instances that run a specified image. AWS::AppStream::ImageBuilder Use the AWS::AppStream::ImageBuilder resource to create an image builder for Amazon AppStream 2.0. AWS::AppStream::Stack Use the AWS::AppStream::Stack resource to create a stack to start streaming applications to Amazon AppStream 2.0 users. AWS::AppStream::StackFleetAssociation Use the AWS::AppStream::StackFleetAssociation resource to associate a fleet with a stack for Amazon AppStream 2.0. AWS::AppStream::StackUserAssociation Use the AWS::AppStream::StackUserAssociation resource to associate the specified stacks with the specified users for Amazon AppStream 2.0. Users in a user pool cannot be assigned to stacks with fleets that are joined to an Active Directory domain. AWS::AppStream::User Use the AWS::AppStream::User resource to create a new user in the user pool for Amazon AppStream 2.0.	October 25, 2018
Updated resource	Updated the following resources: AWS::AmazonMQ::Broker, AWS::GuardDuty::Detector, and AWS::SSM::PatchBaseline. AWS::AmazonMQ::Broker Amazon MQ now supports engine versions 5.15.6 and 5.15.0. Property changes include: The EngineVersion property now requires some interruptions upon update. The AutoMinorVersionUpgrade property now requires no interruption upon update. AWS::GuardDuty::Detector Use the FindingPublishingFrequency property to specify the frequency of notifications sent about the subsequent finding occurrences. AWS::SSM::PatchBaseline Use the PatchSource property type to provide information about the patches to use to update target instances.	October 18, 2018
New resource	Added the AWS::Events::EventBusPolicy resource. AWS::Events::EventBusPolicy Use the AWS::Events::EventBusPolicy resource to grant permission to other AWS accounts that send events to your account.	October 18, 2018
UseOnlineResharding update policy now available.	To modify a replication group's shards by adding or removing shards, rather than replacing the entire AWS::ElastiCache::ReplicationGroup resource, use the UseOnlineResharding update policy. For more information, see UseOnlineResharding Policy.	September 20, 2018
Updated resources	The following resources have been updated: AWS::ApiGateway::Deployment, AWS::ApiGateway::Method, AWS::ApiGateway::Stage, AWS::ApiGateway::UsagePlan, AWS::CodeBuild::Project, AWS::CodeDeploy::DeploymentGroup, AWS::EC2::FlowLog, AWS::EC2::SpotFleet, AWS::EC2::VPCEndpoint, AWS::ECS::Service, AWS::ECS::TaskDefinition, and AWS::RDS::DBCluster. AWS::ApiGateway::Deployment Use the DeploymentCanarySettings property to specify settings for the canary deployment. In the StageDescription property type: Use the AccessLogSetting property to specify settings for logging access in this stage. Use the CanarySetting property to specify settings for the canary deployment in this stage. AWS::ApiGateway::Method Use the AuthorizationScopes property to specify a list of authorization scopes configured on the method. In the Integration: Use the ConnectionId property to specify the ID of the VpcLink used for the integration when connectionType=VPC_LINK. Use the ConnectionType property to specify the type of the network connection to the integration endpoint. Use the TimeoutInMillis property to specify a custom timeout between 50 and 29,000 milliseconds. AWS::ApiGateway::Stage Use the AccessLogSetting property to specify settings for logging access in this stage. Use the CanarySetting property to specify settings for the canary deployment in this stage. AWS::ApiGateway::UsagePlan In the ApiStage property type, use the Throttle property to specify a map containing method-level throttling information for API stage in a usage plan. AWS::CodeBuild::Project Use the LogsConfig property specify logs for a project. Logs can be CloudWatch Logs, uploaded to a specified S3 bucket, or both. In the LogsConfig property type: Use the CloudWatchLogs property to specify details about CloudWatch Logs. Use the S3Logs property to specify details about logs that are uploaded to an S3 bucket. AWS::CodeDeploy::DeploymentGroup Use the Ec2TagSet property to specify information about groups of tags applied to EC2 instances. The deployment group will include only EC2 instances identified by all the tag groups. Use the OnPremisesInstanceTagSet property to specify information about groups of tags applied to on-premises instances. The deployment group will include only on-premises instances identified by all the tag groups. The DeliverLogsPermissionArn and LogGroupName properties are no longer required. AWS::EC2::FlowLog Use the LogDestination property to specify the destination to which the flow log data is to be published. Use the LogDestinationType property to specify the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3. AWS::EC2::SpotFleet In the SpotFleetRequestConfigData property type, use the InstanceInterruptionBehavior property to specify the behavior when a Spot Instance is interrupted. In the SpotFleetRequestConfigData property type, use the LoadBalancersConfig property to specify one or more Classic Load Balancers and target groups to attach to the Spot Fleet request. Spot Fleet registers the running Spot Instances with the specified Classic Load Balancers and target groups. In the Placement property type, use the Tenancy property to specify the tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for Spot Instances. AWS::EC2::VPCEndpoint Use the following attributes with the Fn::GetAtt function to return attribute values. Use CreationTimestamp to return the date and time the VPC endpoint was created. Use DnsEntries to return the DNS entries for the endpoint. Use NetworkInterfaceIds to return the network interfaces for the endpoint. AWS::ECS::Service The ServiceRegistries property now requires replacement upon update. Use the SchedulingStrategy property to specify the scheduling strategy to use for the service. In the ServiceRegistry property type: Use the ContainerName property to specify the container name value, already specified in the task definition, to be used for your service discovery service. Use the ContainerPort property to specify the port value, already specified in the task definition, to be used for your service discovery service. AWS::ECS::TaskDefinition In the LinuxParameters property type: Use the Tmpfs property to specify the container path, mount options, and size of the tmpfs mount. Use the SharedMemorySize property to specify the size (in MiB) of the /dev/shm volume. In the Volumes property type, use the DockerVolumeConfiguration property to specify the configuration of a Docker volume. In the ContainerDefinition property type, use the RepositoryCredentials property to specify the repository credentials for private registry authentication. AWS::ElastiCache::ReplicationGroup The NodeGroupConfiguration and NumNodeGroups properties are now conditional for some update operations. In the NodeGroupConfiguration property type, use the NodeGroupId property to specify either the ElastiCache for Redis supplied 4-digit id or a user supplied id for the node group these configuration values apply to. AWS::RDS::DBCluster Use the EngineMode property to specify the DB engine mode of the DB cluster. Use the ScalingConfiguration property to specify the scaling properties of the DB cluster, for DB clusters in serverless DB engine mode.	September 20, 2018
New resources	The following resources were added: AWS::IoT1Click::Device, AWS::IoT1Click::Placement, and AWS::IoT1Click::Project. AWS::IoT1Click::Device Use the AWS::IoT1Click::Device resource to change the enabled state of an AWS IoT 1-Click compatible device. AWS::IoT1Click::Placement Use the AWS::IoT1Click::Placement resource to create an empty AWS IoT 1-Click placement. AWS::IoT1Click::Project Use the AWS::IoT1Click::Project resource to create an empty project with a placement template.	September 20, 2018
New resource	Added the AWS::CloudFormation::Macro resource. AWS::CloudFormation::Macro Use the AWS::CloudFormation::Macro resource to create a template macro to perform custom processing on AWS CloudFormation templates.	September 6, 2018
Macros now available	Use macros to to perform custom processing on templates, from simple actions like find-and-replace operations to extensive transformations of entire templates. See Using AWS CloudFormation Macros to Perform Custom Processing on Templates for more information.	September 6, 2018
Updated resources	Added the Logs property to AWS::AmazonMQ::Broker. Added the SecondaryArtifacts and SecondarySources properties to AWS::CodeBuild::Project. AWS::AmazonMQ::Broker Use the Logs property to enable general or audit logging for an Amazon MQ broker. AWS::CodeBuild::Project In the Artifacts property type, you can use the SecondaryArtifacts property to specify secondary artifacts for a build project. You can use the SecondarySources property to specify secondary inputs for a build project.	August 30, 2018
Updated resources	Added the Configuration property to AWS::Glue::Crawler. Added the JsonClassifier and XMLClassifier properties to AWS::Glue::Classifier. AWS::Glue::Crawler Use the Configuration property to specify crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior. AWS::Glue::Classifier Use the JsonClassifier property to specify AWS Glue classifier for JSON. Use the XMLClassifier property to specify AWS Glue classifier for XML content.	August 23, 2018
AWS CloudFormation now supports VPC endpoints powered by PrivateLink.	You can use a VPC endpoint to create a private connection between your VPC and AWS CloudFormation without requiring access over the Internet, through a NAT instance, a VPN connection, or AWS Direct Connect. For more information, see Setting Up VPC Endpoints for AWS CloudFormation.	August 22, 2018
Dynamic references support secure strings	Use new dynamic references to specify values that are stored and managed in other services, including Systems Manager Parameter Store SecureString type parameters, in your stack templates. For more information, see Using Dynamic References to Specify Template Values.	August 16, 2018
Updated resources	The following resources were updated: AWS::ApiGateway::DomainName, AWS::CertificateManager::Certificate, AWS::EC2::VPCPeeringConnection, AWS::EFS::FileSystem, AWS::EMR::Cluster, AWS::RDS::DBClusterParameterGroup, AWS::SNS::Subscription, and AWS::SQS::Queue. AWS::ApiGateway::DomainName Use the following attributes with the Fn::GetAtt intrinsic function: The DistributionHostedZoneId attribute returns the region-agnostic Amazon Route 53 Hosted Zone ID of the edge-optimized endpoint. The RegionalDomainName attribute returns the domain name associated with the regional endpoint for this custom domain name. The RegionalHostedZoneId attribute returns the region-specific Amazon Route 53 Hosted Zone ID of the regional endpoint. AWS::CertificateManager::Certificate> Use the ValidationMethod property to specify the method you want to use if you are requesting a public certificate to validate that you own or control a domain. AWS::EC2::VPCPeeringConnection Use the PeerRegion property to specify the region code for the accepter VPC, if the accepter VPC is located in a region other than the region in which you make the request. AWS::EFS::FileSystem Use the ProvisionedThroughputInMibps property to specify the throughput, measured in MiB/s, that you want to provision for a file system that you're creating. Use the ThroughputMode property to specify the throughput mode for the file system to be created. AWS::EMR::Cluster Use the KerberosAttributes property to specify attributes for Kerberos configuration when Kerberos authentication is enabled using a security configuration. AWS::RDS::DBClusterParameterGroup The Tags property now requires no interruption to update. AWS::SNS::Subscription Use the DeliveryPolicy property to specify the JSON serialization of the subscription's delivery policy. Use the FilterPolicy property to specify the filter policy JSON that is assigned to the subscription. Use the RawMessageDelivery property to specify if raw message delivery is enabled for the subscription. Use the Region property to specify the region in which the topic resides. AWS::SQS::Queue Use the Tags property to specify the tags that you want to attach to this queue.	August 15, 2018
Updated resource	Added the SSESpecification property to AWS::DAX::Cluster. AWS::DAX::Cluster Use the SSESpecification property to specify the settings to enable server-side encryption.	August 9, 2018
New resource	Added the AWS::EC2::VPCEndpointServicePermissions resource. AWS::EC2::VPCEndpointServicePermissions Grant or revoke permissions for service consumers to connect the VPC endpoint service.	August 9, 2018
Updated resource	Added the OverrideArtifactName property to AWS::CodeBuild::Project. AWS::CodeBuild::Project In the Artifacts property type, set the OverrideArtifactName property to true to override the artifact name with a name specified in the buildspec file. The name specified in a buildspec file is calculated at build time and uses the Shell command language. For example, you can append a date and time to your artifact name so that it is always unique.	August 7, 2018
Updated resource	Added the EncryptionDisabled property to AWS::CodeBuild::Project. AWS::CodeBuild::Project In the Artifacts property type, set the EncryptionDisabled property to true to disable encryption for build output artifacts. This option is only valid if your artifact type is Amazon S3. If this is set to true with another artifact type, an invalidInputException will be thrown.	July 26, 2018
Updated resource	Added the Timeout property to AWS::Batch::JobDefinition. AWS::Batch::JobDefinition Use the Timeout property type to specify a job timeout configuration.	July 19, 2018
New resource	The following resource was added: AWS::IAM::ServiceLinkedRole. AWS::IAM::ServiceLinkedRole Use the AWS::IAM::ServiceLinkedRole resource to create a service-linked role in IAM. A service-linked role is a unique type of IAM role that is linked directly to an AWS service. Service-linked roles are predefined by the service and include all the permissions that the service requires to call other AWS services on your behalf.	July 19, 2018
Updated resources	Added the FieldLevelEncryptionId property to AWS::CloudFront::Distribution property types. AWS::CloudFront::Distribution In the CacheBehavior and DefaultCacheBehavior property types, use the FieldLevelEncryptionId property to specify the ID for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for a cache behavior or for the default cache behavior.	July 18, 2018
Updated resource	Added the HttpConfig property to AWS::AppSync::DataSource. AWS::AppSync::DataSource Use the HttpConfig property type to specify HttpConfig for an AWS AppSync data source.	July 12, 2018
Updated resource	Added the ReportBuildStatus property to AWS::CodeBuild::Project. AWS::CodeBuild::Project In the Source property type, use the ReportBuildStatus property to specify whether to send your source provider the status of a build's start and completion.	July 10, 2018
New resource	The following resource was added: AWS::CodePipeline::Webhook. AWS::CodePipeline::Webhook Use the AWS::CodePipeline::Webhook resource to create a webhook that connects your pipeline to an external event, such as a GitHub source repository change, which triggers your pipeline to start every time the external event occurs.	July 5, 2018
Updated resource	Added the following properties to AWS::EC2::VPCEndpoint: PrivateDnsEnabled, SecurityGroupIds, SubnetIds, and VpcEndpointType. AWS::EC2::VPCEndpoint Use the PrivateDnsEnabled property to indicate whether to associate a private hosted zone with the specified VPC. Use the SecurityGroupIds property to specify the ID of one or more security groups to associate with the endpoint network interface. Use the SubnetIds property to specify the ID of one or more subnets in which to create an endpoint network interface. Use the VpcEndpointType property to specify the type of endpoint.	June 21, 2018
New resources	The following resources were added: AWS::EC2::VPCEndpointConnectionNotification and AWS::EC2::VPCEndpointService. AWS::EC2::VPCEndpointConnectionNotification Use the AWS::EC2::VPCEndpointConnectionNotification resource to create a connection notification for the specified VPC endpoint or VPC endpoint service. AWS::EC2::VPCEndpointService Use the AWS::EC2::VPCEndpointService resource to create a VPC endpoint service configuration to which service consumers (AWS accounts, IAM users, and IAM roles) can connect.	June 21, 2018
Updated resource	Added the following property to AWS::ServiceDiscovery::Service: HealthCheckCustomConfig. AWS::ServiceDiscovery::Service Use the HealthCheckCustomConfig property to specify information about an optional custom health check.	June 14, 2018
New resources	The following new resources were released: AWS::AmazonMQ::Broker and AWS::AmazonMQ::Configuration. AWS::AmazonMQ::Broker Use the AWS::AmazonMQ::Broker resource to create a broker, add configuration changes or modify users for the specified broker, return information about the specified broker, or delete the specified broker. AWS::AmazonMQ::Configuration Use the AWS::AmazonMQ::Configuration resource to create a configuration, update the specified configuration, or return information about the specified configuration.	June 14, 2018
New resource	The following resource was added: AWS::SSM::ResourceDataSync. AWS::SSM::ResourceDataSync Use the AWS::SSM::ResourceDataSync resource to create or delete a Resource Data Sync for Systems Manager Inventory. You can use Resource Data Sync to send Inventory data collected from all of your Systems Manager managed instances to a single Amazon S3 bucket.	June 11, 2018
New resource	The following resource was released: AWS::EKS::Cluster. AWS::EKS::Cluster Use the AWS::EKS::Cluster resource to create Amazon EKS clusters.	June 5, 2018
Updated resource	For the AWS::GuardDuty::Master resource, the InvitationId property is now optional. AWS::GuardDuty::Master The InvitationId property is now optional.	May 31, 2018
New resources	The following new resources were released: AWS::SageMaker::Endpoint, AWS::SageMaker::EndpointConfig, AWS::SageMaker::Model, AWS::SageMaker::NotebookInstance, and AWS::SageMaker::NotebookInstanceLifecycleConfig. AWS::SageMaker::Endpoint Use the AWS::SageMaker::Endpoint resource to create a SageMaker endpoint to host trained models. AWS::SageMaker::EndpointConfig Use the AWS::SageMaker::EndpointConfig resource to create a configuration for an endpoint. AWS::SageMaker::Model Use the AWS::SageMaker::Model resource to create a model to host at an Amazon SageMaker endpoint. AWS::SageMaker::NotebookInstance Use the AWS::SageMaker::NotebookInstance resource to create an Amazon SageMaker notebook instance. AWS::SageMaker::NotebookInstanceLifecycleConfig Use the AWS::SageMaker::NotebookInstanceLifecycleConfig resource to specify shell scripts that run when you create or start a notebook instance.	May 31, 2018
Stack sets now support customized execution roles	Use customized execution roles in target accounts to control the stack resources that users or groups can include in their stack sets. For more information, see Granting Permissions for Stack Set Operations.	May 30, 2018
Selective updates of stack instances	Use the optional Accounts and Regions parameters to specify the accounts and regions in which to update stack instances during a stack set update operation. For more information, see UpdateStackSet in the AWS CloudFormation API Reference.	May 30, 2018
New resources	The following new resources were released: AWS::Neptune::DBCluster, AWS::Neptune::DBClusterParameterGroup, AWS::Neptune::DBInstance, AWS::Neptune::DBParameterGroup, and AWS::Neptune::DBSubnetGroup. AWS::Neptune::DBCluster Use the AWS::Neptune::DBCluster resource to create an Amazon Neptune DB cluster. AWS::Neptune::DBClusterParameterGroup Use the AWS::Neptune::DBClusterParameterGroup resource to create a DB cluster parameter group. AWS::Neptune::DBInstance Use the AWS::Neptune::DBInstance resource to create an Amazon Neptune database instance. AWS::Neptune::DBParameterGroup Use the AWS::Neptune::DBParameterGroup resource to create a custom parameter group for Amazon Neptune. AWS::Neptune::DBSubnetGroup Use the AWS::Neptune::DBSubnetGroup resource to create an Amazon Neptune database subnet group that contains subnets.	May 30, 2018
Updated resources	The following resources were updated: AWS::ApiGateway::RestApi, AWS::AutoScaling::AutoScalingGroup, AWS::AutoScaling::LaunchConfiguration, AWS::DirectoryService::MicrosoftAD, AWS::DynamoDB::Table, AWS::EC2::Instance, AWS::ECS::Service, AWS::ECS::TaskDefinition, AWS::Elasticsearch::Domain, AWS::IAM::Role, AWS::KinesisFirehose::DeliveryStream, AWS::Lambda::EventSourceMapping, AWS::Logs::MetricFilter, and AWS::SSM::Association. AWS::ApiGateway::RestApi Use the Policy property to specify a policy document that contains the permissions for the specified RestAPI. AWS::AutoScaling::AutoScalingGroup Use the ServiceLinkedRoleARN property to specify the Amazon Resource Name (ARN) of the service-linked role that the Auto Scaling group uses to call other AWS services on your behalf. AWS::AutoScaling::LaunchConfiguration Use the LaunchConfigurationName property to specify the name of the launch configuration. AWS::DirectoryService::MicrosoftAD Use the Edition property to specify the AWS Microsoft AD edition to use. AWS::DynamoDB::Table Use the PointInTimeRecoverySpecification property to specify the settings used to enable point in time recovery. AWS::EC2::Instance Use the LaunchTemplate property to specify the launch template to use for an Amazon EC2 instance. AWS::ECS::Service Use the ServiceRegistry property type to specify the details of the service registry. AWS::ECS::TaskDefinition Use the HealthCheck property type to specify a container health check. AWS::Elasticsearch::Domain Use the EncryptionAtRestOptions property type to specify whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use. AWS::IAM::Role Use the RoleId attribute to have Fn::GetAtt return the stable and unique string identifying the role. Use the MaxSessionDuration property to specify the maximum session duration (in seconds) for the specified role. AWS::KinesisFirehose::DeliveryStream Use the SplunkDestinationConfiguration property to specify the configuration of a destination in Splunk for a Kinesis Data Firehose delivery stream. AWS::Lambda::EventSourceMapping The StartingPosition property is no longer required. AWS::Logs::MetricFilter In the MetricTransformation property type, use the DefaultValue property to specify the value to emit when a filter pattern does not match a log event. AWS::SSM::Association Use the OutputLocation property to specify an Amazon S3 bucket where you want to store the results of an association request.	May 24, 2018
New resources	The following new resources were released: AWS::ServiceCatalog::AcceptedPortfolioShare, AWS::ServiceCatalog::CloudFormationProduct, AWS::ServiceCatalog::LaunchNotificationConstraint, AWS::ServiceCatalog::LaunchRoleConstraint, AWS::ServiceCatalog::LaunchTemplateConstraint, AWS::ServiceCatalog::Portfolio, AWS::ServiceCatalog::PortfolioPrincipalAssociation, AWS::ServiceCatalog::PortfolioProductAssociation, AWS::ServiceCatalog::PortfolioShare, AWS::ServiceCatalog::TagOption, and AWS::ServiceCatalog::TagOptionAssociation. AWS::ServiceCatalog::AcceptedPortfolioShare Use the AWS::ServiceCatalog::AcceptedPortfolioShare resource to accept an offer to share the specified portfolio for AWS Service Catalog. AWS::ServiceCatalog::CloudFormationProduct Use the AWS::ServiceCatalog::CloudFormationProduct resource to create a product for AWS Service Catalog. AWS::ServiceCatalog::LaunchNotificationConstraint Use the AWS::ServiceCatalog::LaunchNotificationConstraint resource to create a notification constraint for AWS Service Catalog. AWS::ServiceCatalog::LaunchRoleConstraint Use the AWS::ServiceCatalog::LaunchRoleConstraint resource to create a launch constraint for AWS Service Catalog. AWS::ServiceCatalog::LaunchTemplateConstraint Use the AWS::ServiceCatalog::LaunchTemplateConstraint resource to create a template constraint for AWS Service Catalog. AWS::ServiceCatalog::Portfolio Use the AWS::ServiceCatalog::Portfolio resource to create a portfolio for AWS Service Catalog. AWS::ServiceCatalog::PortfolioPrincipalAssociation Use the AWS::ServiceCatalog::PortfolioPrincipalAssociation resource to associate a principal with a portfolio for AWS Service Catalog. AWS::ServiceCatalog::PortfolioProductAssociation Use the AWS::ServiceCatalog::PortfolioProductAssociation resource to associate a product with a portfolio for AWS Service Catalog. AWS::ServiceCatalog::PortfolioShare Use the AWS::ServiceCatalog::PortfolioShare resource to share a portfolio for AWS Service Catalog. AWS::ServiceCatalog::TagOption Use the AWS::ServiceCatalog::TagOption resource to create a TagOption. AWS::ServiceCatalog::TagOptionAssociation Use the AWS::ServiceCatalog::TagOptionAssociation resource to associate a TagOption with a resource for AWS Service Catalog.	May 24, 2018
AWS CloudFormation now creates S3 buckets with encryption enabled	For Amazon S3 buckets that AWS CloudFormation creates to store uploaded stack templates, server-side encryption is now enabled by default, thereby encrypting all objects stored in those buckets. For more information, see Selecting a Stack Template.	May 24, 2018
New resource	The following resource was released: AWS::Budgets::Budget. AWS::Budgets::Budget Use the AWS::Budgets::Budget resource to create a budget.	May 22, 2018
FIPS endpoints added	AWS CloudFormation now offers new endpoints which use FIPS 140-2 validated cryptographic modules in the following public US regions: US-East-1, US-East-2, US-West-1, and US-West-2. See Regions and Endpoints in the Amazon Web Services General Reference for the new FIPS-compliant endpoint URLs.	May 17, 2018
New resource	The following resource was released: AWS::AutoScalingPlans::ScalingPlan. AWS::AutoScalingPlans::ScalingPlan Use the AWS::AutoScalingPlans::ScalingPlan resource to create a scaling plan for the scalable resources for your application.	May 9, 2018
New resource	The following resource was released: AWS::GuardDuty::Filter. AWS::GuardDuty::Filter Use the AWS::GuardDuty::Filter resource to create a filter for your GuardDuty findings.	May 8, 2018
Updated resources	The following resources were updated: AWS::AppSync::GraphQLApi and AWS::GuardDuty::Member. AWS::AppSync::GraphQLApi Use the OpenIDConnectConfig property to specify the authorization configuration for using an OpenId Connect compliant service with your GraphQL endpoint. AWS::GuardDuty::Member Use the DisableEmailNotification property to specify whether an email notification is to be sent to the accounts that you want to invite to GuardDuty as members. When set to 'True', email notification is not sent to the invitees.	May 1, 2018
New resource	The following resource was released: AWS::ServiceCatalog::CloudFormationProvisionedProduct. AWS::ServiceCatalog::CloudFormationProvisionedProduct Use the AWS::ServiceCatalog::CloudFormationProvisionedProduct resource to provision the specified product for AWS Service Catalog.	May 1, 2018

Earlier Updates

The following table describes important changes in each release of the AWS CloudFormation User Guide before May 2018.

Change	Release Date	Description	API Version
Updated resources	July 22, 2019	Use the encryptionOptions property to specify an AWS-owned CMK or a customer-managed CMK for Amazon MQ brokers.	2010-05-15
Stack set naming convention	April 10, 2018	AWS CloudFormation stacks created using stack sets now follow a new naming convention, in which the stack name contains the stack set name.	2010-05-15
New resources	April 10, 2018	AWS::AppSync::ApiKey Use the AWS::AppSync::ApiKey resource to create a unique key that you can distribute to clients who are executing GraphQL operations with AWS AppSync. AWS::AppSync::DataSource Use the AWS::AppSync::DataSource resource to create data sources for resolvers in AWS AppSync. AWS::AppSync::GraphQLApi Use the AWS::AppSync::GraphQLApi resource to create a new AWS AppSync GraphQL API. AWS::AppSync::GraphQLSchema Use the AWS::AppSync::GraphQLSchema resource to create the data model for your AWS AppSync GraphQL API. AWS::AppSync::Resolver Use the AWS::AppSync::Resolver resource to define the logical GraphQL resolver that you will attach to fields in a schema.	2010-05-15
Updated resource	April 10, 2018	AWS::Config::ConfigurationAggregator Use the OrganizationAggregationSource property type to specify the regions of AWS Config data to aggregate into an AWS Config configuration aggregator and the IAM role to use to retrieve AWS Organizations details.	2010-05-15
New resources	April 4, 2018	AWS::Config::AggregationAuthorization Use the AWS::Config::AggregationAuthorization resource to grant permission to an aggregator account to collect your AWS Config data. AWS::Config::ConfigurationAggregator Use the AWS::Config::ConfigurationAggregator resource to create a configuration aggregator for AWS Config.	2010-05-15
Stack sets now support customized administrator roles	March 29, 2018	Use customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see Granting Permissions for Stack Set Operations.	2010-05-15
New resource	March 29, 2018	AWS::EC2::LaunchTemplate Use the AWS::EC2::LaunchTemplate resource to create a launch template for an Amazon EC2 instance.	2010-05-15
Updated resources	March 29, 2018	AWS::AutoScaling::AutoScalingGroup Use the LaunchTemplate property to specify the launch template to use to launch instances. AWS::EC2::SpotFleet In the SpotFleetRequestConfigData property type, use the LaunchTemplateConfigs property to describe a launch template and overrides.	2010-05-15
New Fn::Cidr intrinsic function	March 6, 2018	Returns the specified Cidr address block. For more information, see Fn::Cidr.	2010-05-15
New resources	March 6, 2018	AWS::ApiGateway::VpcLink Use the AWS::ApiGateway::VpcLink resource to specify an API Gateway VPC link for a AWS::ApiGateway::RestApi to access resources in an Amazon Virtual Private Cloud (VPC). AWS::GuardDuty::Master Use the AWS::GuardDuty::Master resource to create a GuardDuty master account. AWS::GuardDuty::Member Use the AWS::GuardDuty::Member resource to create a GuardDuty member account. AWS::SES::ConfigurationSet Use the AWS::SES::ConfigurationSet resource to to create groups of rules that you can apply to the emails you send. AWS::SES::ConfigurationSetEventDestination Use the AWS::SES::ConfigurationSetEventDestination resource to specify a configuration set event destination. AWS::SES::ReceiptFilter Use the AWS::SES::ReceiptFilter resource to specify whether to accept or reject mail originating from an IP address or range of IP addresses. AWS::SES::ReceiptRule Use the AWS::SES::ReceiptRule resource to specify which actions Amazon SES should take when it receives mail on behalf of one or more email addresses or domains that you own. AWS::SES::ReceiptRuleSet Use the AWS::SES::ReceiptRuleSet resource to specify an empty rule set for Amazon SES. AWS::SES::Template Use the AWS::SES::Template resource to to specify the content of the email, composed of a subject line, an HTML part, and a text-only part.	2010-05-15
Updated resources	March 6, 2018	AWS::AutoScaling::AutoScalingGroup Use the AutoScalingGroupName property to specify the name of the Auto Scaling group. AWS::ApiGateway::RestApi Use the ApiKeySourceType property to specify the source of the API key for metering requests according to a usage plan. Use the MinimumCompressionSize property to specify a nullable integer that is used to enable compression or disable compression on an API. AWS::ApplicationAutoScaling::ScalingPolicy In the TargetTrackingScalingPolicyConfiguration property type, use the DisableScaleIn property to specify whether scale in by the target tracking policy is disabled. AWS::EC2::SpotFleet In the LaunchSpecifications property type, use the TagSpecifications property to specify the tags to apply during SpotFleet creation. AWS::Elasticsearch::Domain Use the Arn attribute to have Fn::GetAtt return the Amazon Resource Name (ARN) of the domain. The DomainArn attribute of Fn::GetAtt has been deprecated. AWS::RDS::DBCluster Use the DBClusterIdentifier property to specify the DB cluster identifier. AWS::RDS::DBCluster Use the DBClusterIdentifier property to specify the DB cluster identifier. AWS::Redshift::Cluster Use the ClusterIdentifier property to specify the unique identifier of the cluster. AWS::Route53::HealthCheck In the HealthCheckConfig property type, use the Regions property to specify the regions from which you want Route 53 health checkers to check the specified endpoint. AWS::SSM::Document Use the Tags property to specify the AWS CloudFormation resource tags to apply to the document.	2010-05-15
Updated resource	February 19, 2018	AWS::CodeBuild::Project Use the Triggers property to configure a webhook for the project to begin to automatically rebuild the source code every time a code change is pushed to the repository. This is available only for GitHub projects in AWS CloudFormation. It is not available for GitHub Enterprise projects.	2010-05-15
Updated resource	February 8, 2018	AWS::DynamoDB::Table Use the SSESpecification property to specify the settings to enable server-side encryption.	2010-05-15
Updated resource	February 5, 2018	AWS::CodeBuild::Project In the Source AWS CodeBuild Project Source property type: Use the GitCloneDepth property to specify the depth of history to download. Use the InsecureSsl property to specify whether to ignore SSL warnings while connecting to your GitHub Enterprise project repository.	2010-05-15
Updated resources	January 23, 2018	AWS::AutoScaling::LifecycleHook Use the LifecycleHookName property to specify the name of the lifecycle hook. AWS::DynamoDB::Table The AttributeDefinitions property now requires replacement when updated. AWS::EC2::Instance Use the CreditSpecification property to specify the credit option for CPU usage of a T2 instance. Use the ElasticGpuSpecifications property to specify Elastic GPUs, GPU resources that you can attach to your instance to accelerate the graphics performance of your applications. AWS::EC2::VPC The InstanceTenancy property now requires no interruption when updated from "dedicated" to "default". AWS::ECS::Service Use the HealthCheckGracePeriodSeconds property to specify the period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started. AWS::IoT::TopicRule In the DynamoDBAction property type, the RangeKeyField and RangeKeyValue properties are no longer required. AWS::KinesisAnalytics::ApplicationOutput In the ApplicationOutput property type, use the LambdaOutput property to identify a Lambda function as the destination when configuring application output. AWS::Kinesis::Stream Use the StreamEncryption property to enable or update server-side encryption using an AWS KMS key for a specified stream. AWS::Lambda::Function Use the ReservedConcurrentExecutions property to specify the maximum of concurrent executions you want reserved for the function. AWS::RDS::DBSubnetGroup Use the DBSubnetGroupName property to specify the name for the DB Subnet Group. AWS::S3::Bucket Use the BucketEncryption property to specify default encryption for a bucket using server-side encryption with Amazon S3-managed keys SSE-S3 or AWS KMS-managed Keys (SSE-KMS) bucket. In the ReplicationRule property type, use the SourceSelectionCriteria property to specify additional filters in identifying source objects that you want to replicate. In the ReplicationDestination property type: Use the AccessControlTranslation property to specify replica ownership of the AWS account that owns the destination bucket. Use the Account property to specify destination bucket owner account ID. Use the EncryptionConfiguration property to specify encryption-related information for a bucket that is a destination for replicated objects. AWS::SSM::Association Use the AssociationName property to specify the name of the association between an SSM document and EC2 instances that contain a configuration agent to process the document.	2010-05-15
Rollback triggers added to the AWS CloudFormation console.	January 15, 2018	Rollback triggers enable you to have AWS CloudFormation monitor the state of your application during stack creation and updating, and to roll back that operation if the application breaches the threshold of any of the alarms you've specified. For more information, see Monitor and Roll Back Stack Operations.	2010-05-15
Updated resource	January 12, 2018	AWS::SSM::Parameter Use the AllowedPattern property to specify a regular expression used to validate the parameter value.	2010-05-15
New resources	December 5, 2017	AWS::Inspector::AsssmentTarget Use the AWS::Inspector::AsssmentTarget resource to create an Amazon Inspector assessment target. AWS::Inspector::AssessmentTemplate Use the AWS::Inspector::AssessmentTemplate resource to create an Amazon Inspector assessment template. AWS::Inspector::ResourceGroup Use the AWS::Inspector::ResourceGroup resource to create an Amazon Inspector resource group, which defines tags that identify AWS resources that make up an Amazon Inspector assessment target. AWS::ServiceDiscovery::Instance Use the AWS::ServiceDiscovery::Instance resource to specify information about an instance that Amazon Route 53 creates. AWS::ServiceDiscovery::PrivateDnsNamespace Use the AWS::ServiceDiscovery::PrivateDnsNamespace resource to specify information about a private namespace for Amazon Route 53. AWS::ServiceDiscovery::PublicDnsNamespace Use the AWS::ServiceDiscovery::PublicDnsNamespace resource to specify information about a public namespace for Amazon Route 53. AWS::ServiceDiscovery::Service Use the AWS::ServiceDiscovery::Service resource to define a template for up to five records and an optional health check that you want Amazon Route 53 to create when you register an instance.	2010-05-15
Updated resource	December 5, 2017	AWS::KinesisAnalytics::Application In the Input property type, use the InputProcessingConfiguration property to transform records as they are received from the stream.	2010-05-15
Updated resource	December 1, 2017	AWS::CodeBuild::Project Use the BadgeEnabled property to generate a publicly accessible URL for a project's build badge. Use the Cache property to configure cache settings for build dependencies. Use the VpcConfig property to enable AWS CodeBuild to access resources in an Amazon VPC. In the EnvironmentVariable property type, use the Type property to specify the type of environment variable.	2010-05-15
New resource	November 30, 2017	AWS::Cloud9::EnvironmentEC2 Use the AWS::Cloud9::EnvironmentEC2 resource to create an Amazon EC2 development environment in AWS Cloud9.	2010-05-15
Updated resources	November 29, 2017	AWS::ECS::TaskDefinition Use the Cpu property to specify the number of cpu units needed for the task. Use the ExecutionRoleArn property to specify the ARN of the execution role. Use the Memory property to specify the amount (in MiB) of memory needed for the task. Use the RequiresCompatibilities property to specify the launch type the task requires. AWS::ECS::Service Use the LaunchType property to specify the launch type on which to run your service. Use the NetworkConfiguration property to specify the network configuration for the service. Use the PlatformVersion property to specify the platform version on which to run your service.	2010-05-15
New resources	November 28, 2017	AWS::GuardDuty::Detector Use the AWS::GuardDuty::Detector resource to create a single Amazon GuardDuty detector. AWS::GuardDuty::IPSet Use the AWS::GuardDuty::IPSet resource to create an Amazon GuardDuty IP set. AWS::GuardDuty::ThreatIntelSet Use the AWS::GuardDuty::ThreatIntelSet resource to create a ThreatIntelSet.	2010-05-15
Updated resources	November 28, 2017	AWS::CodeDeploy::Application Use the ComputePlatform property to specify an AWS Lambda compute platform for CodeDeploy to deploy an application to. AWS::CodeDeploy::DeploymentGroup In the DeploymentStyle property type, use the DeploymentType property to specify a blue/green deployment on a Lambda compute platform. AWS::EC2::SpotFleet In the SpotFleetRequestConfigData property type, the SpotPrice property is now optional. AWS::Lambda::Alias Use the RoutingConfig property to specify two different versions of an AWS Lambda function, allowing you to dictate what percentage of traffic will invoke each version.	2010-05-15
New CodeDeployLambdaAliasUpdate update policy	November 28, 2017	Use the CodeDeployLambdaAliasUpdate update policy to perform an CodeDeploy deployment when the version changes on an AWS::Lambda::Alias resource. For more information, see UpdatePolicy Attribute.	2010-05-15
New SSM parameter types	November 21, 2017	Use SSM parameter types to use existing parameters from Systems Manager Parameter Store. Note: AWS CloudFormation doesn't currently support the SecureString type. For more information, see SSM Parameter Types.	2010-05-15
New ResolvedValue field for Parameter data type	November 21, 2017	The ResolvedValue field returns the value that's used in the stack definition for an SSM parameter. For more information, see the Parameter data type in the AWS CloudFormation API Reference.	2010-05-15
Updated resources	November 20, 2017	AWS::ApiGateway::ApiKey Use the CustomerId property to specify an AWS Marketplace customer identifier. Use the GenerateDistinctId property to specify whether the key identifier is distinct from the created API key value. AWS::ApiGateway::Authorizer Use the AuthType property to specify a customer-defined field that's used in Swagger imports and exports without functional impact. AWS::ApiGateway::DomainName Use the EndpointConfiguration property to specify the endpoint types of an API Gateway domain name. Use the RegionalCertificateArn property to reference a certificate for use by the regional endpoint for a domain name. AWS::ApiGateway::Method In the Integration and IntegrationResponse property types, use the ContentHandling property to specify how to handle request payload content type conversions. AWS::ApiGateway::RestApi Use the EndpointConfiguration property to specify the endpoint types of an API Gateway REST API. AWS::ApplicationAutoScaling::ScalableTarget Use the ScheduledActions property to specify scheduled actions for an Application Auto Scaling scalable target. AWS::ECR::Repository Use the LifecyclePolicy property to specify a lifecycle policy for an Amazon ECR repository. AWS::ECS::TaskDefinition In the ContainerDefinition property type, use the LinuxParameters property to specify Linux-specific options for an Amazon ECS container. AWS::ElastiCache::ReplicationGroup Use the AtRestEncryptionEnabled property to enable encryption at rest. Use the AuthToken property to specify a password that's used to access a password-protected server. Use the TransitEncryptionEnabled property to enable in-transit encryption. AWS::ElasticLoadBalancingV2::TargetGroup Use the TargetGroupName attribute with the Fn::GetAtt function to get the name of an Elastic Load Balancing target group. AWS::Elasticsearch::Domain Use the VPCOptions property to specify a VPC configuration for the Amazon ES domain. AWS::EMR::Cluster Use the EbsRootVolumeSize property to specify the size of the EBS root volume for an Amazon EMR cluster. AWS::RDS::DBInstance Use the SourceRegion and KmsKeyId properties to create an encrypted read replica from a cross-region source DB instance. AWS::Route53::HostedZone Use the QueryLoggingConfig property to specify a configuration for DNS query logging.	2010-05-15
New NoEcho field for custom resource Response objects	November 20, 2017	You can now use the optional NoEcho field to mask the output of a custom resource. For more information, see Custom Resource Response Objects. The corresponding noEcho parameter is supported by the send method. For more information, see cfn-response Module.	2010-05-15
Stack instance overrides added for stack sets.	November 17, 2017	AWS CloudFormation StackSets allows you to override parameter values in stack instances by account and region. You can override parameter values when you create the stack instances, or when updating existing stack instances. For more information, see Override Parameters on Stack Instances.	2010-05-15
Updated resource	November 15, 2017	AWS::StepFunctions::StateMachine> You can use AWS::StepFunctions::StateMachine to specify a StateMachineName when creating a state machine, and both DefinitionString and RoleArn can be updated without replacing the state machine.	2010-05-15
StackSets now supports a maximum of 500 stack instances per stack set.	November 6, 2017	You can now create up to a maximum of 500 stack instances per stack set. For more information on AWS CloudFormation limits, see AWS CloudFormation Limits.	2010-05-15
New resources	November 2, 2017	AWS::CloudFront::CloudFrontOriginAccessIdentity Use the AWS::CloudFront::CloudFrontOriginAccessIdentity resource to specify the Amazon CloudFront origin access identity to associate with the origin of a CloudFront distribution. AWS::CloudFront::StreamingDistribution Use the AWS::CloudFront::StreamingDistribution resource to specify an Adobe Real-Time Messaging Protocol (RTMP) streaming distribution for CloudFront.	2010-05-15
Updated resources	November 2, 2017	AWS::ApiGateway::Deployment The StageName property has been deprecated on the StageDescription property type. AWS::ApiGateway::Method Use the OperationName property to assign a friendly name to an API Gateway method. Use the RequestValidatorId property to associate a request validator with a method. AWS::AutoScaling::AutoScalingGroup Use the LifecycleHookSpecificationList property to specify actions to perform when Auto Scaling launches or terminates instances. AWS::CloudFront::Distribution Use the Tags property to specify an arbitrary set of tags (key–value pairs) to associate with a CloudFront distribution. In the CacheBehavior and DefaultCacheBehavior property types, use the LambdaFunctionAssociations property to specify Lambda function associations for a CloudFront distribution. In the CustomOriginConfig property type, use the OriginKeepaliveTimeout property to specify a custom keep-alive timeout, and use the OriginReadTimeout property to specify a custom origin read timeout. In the DistributionConfig property type, use the IPV6Enabled property to specify whether CloudFront responds to IPv6 DNS requests with an IPv6 address for your distribution. AWS::CodeDeploy::DeploymentGroup In the LoadBalancerInfo property type, use the TargetGroupInfoList property to specify information about a target group in Elastic Load Balancing to use in a deployment. AWS::EC2::SecurityGroup, AWS::EC2::SecurityGroupEgress, and AWS::EC2::SecurityGroupIngress Use the Description property to specify the description of a security group rule. AWS::EC2::Subnet The Ipv6CidrBlock property now supports No interruption updates. AWS::EC2::VPNGateway Use the AmazonSideAsn property to specify a private Autonomous System Number (ASN) for the Amazon side of a BGP session. AWS::EC2::VPNConnection Use the VpnTunnelOptionsSpecifications property to configure tunnel options for a VPN connection. AWS::ElasticBeanstalk::ConfigurationTemplate and AWS::ElasticBeanstalk::Environment In the ConfigurationOptionSetting and OptionSetting property types, use the ResourceName property to specify a resource name for a time-based scaling configuration option. AWS::EMR::Cluster Use the CustomAmiId property to specify a custom Amazon Linux AMI for a cluster. AWS::KinesisFirehose::DeliveryStream Use the Arn attribute with the Fn::GetAtt function to get the Amazon Resource Name (ARN) of the delivery stream. AWS::KMS::Key Use the Tags property to specify an arbitrary set of tags (key–value pairs) to associate with a custom master key (CMS). AWS::OpsWorks::Layer and AWS::OpsWorks::Stack Use the Tags property to specify an arbitrary set of tags (key–value pairs) to associate with an AWS OpsWorks layer or stack. AWS::RDS::OptionGroup In the OptionConfiguration property type, use the OptionVersion property to specify a version for the option. AWS::S3::Bucket Use the AnalyticsConfigurations property to configure an analysis filter for an Amazon S3 bucket.	2010-05-15
New resources	October 24, 2017	AWS::Glue::Classifier Use the AWS::Glue::Classifier resource to create an AWS Glue classifier. AWS::Glue::Connection Use the AWS::Glue::Connection resource to specify an AWS Glue connection to a data source. AWS::Glue::Crawler Use the AWS::Glue::Crawler resource to specify an AWS Glue crawler. AWS::Glue::Database Use the AWS::Glue::Database resource to create an AWS Glue database. AWS::Glue::DevEndpoint Use the AWS::Glue::DevEndpoint resource to specify a development endpoint for remotely debugging ETL scripts. AWS::Glue::Job Use the AWS::Glue::Job resource to specify an AWS Glue job in the data catalog. AWS::Glue::Partition Use the AWS::Glue::Partition resource to create an AWS Glue partition, which represents a slice of table data. AWS::Glue::Table Use the AWS::Glue::Table resource to create an AWS Glue table. AWS::Glue::Trigger Use the AWS::Glue::Trigger resource to specify triggers that run AWS Glue jobs.	2010-05-15
New resources	October 11, 2017	AWS::SSM::MaintenanceWindow Use the AWS::SSM::MaintenanceWindow resource to create an AWS Systems Manager Maintenance Window. AWS::SSM::MaintenanceWindowTarget Use the AWS::SSM::MaintenanceWindowTarget resource to register a target with a Maintenance Window. AWS::SSM::MaintenanceWindowTask Use the AWS::SSM::MaintenanceWindowTask resource to define a Maintenance Window task. AWS::SSM::PatchBaseline Use the AWS::SSM::PatchBaseline resource to define a Systems Manager patch baseline.	2010-05-15
New resource	October 10, 2017	AWS::ElasticLoadBalancingV2::ListenerCertificate Use the AWS::ElasticLoadBalancingV2::ListenerCertificate resource to specify certificates for an Elastic Load Balancing listener.	2010-05-15
New resource	September 27, 2017	AWS::Athena::NamedQuery Use the AWS::Athena::NamedQuery resource to create an Amazon Athena query.	2010-05-15
Updated resources	September 27, 2017	AWS::EC2::NatGateway Use the Tags property to specify resource tags for a NAT gateway. AWS::ElasticBeanstalk::Application Use the ResourceLifecycleConfig property to define lifecycle settings for resources that belong to the application, and the service role that Elastic Beanstalk assumes in order to apply lifecycle settings. AWS::ElasticBeanstalk::ConfigurationTemplate and AWS::ElasticBeanstalk::Environment Use the PlatformArn property to specify a custom platform for Elastic Beanstalk. AWS::ElasticLoadBalancingV2::TargetGroup In the TargetDescription property type, use the AvailabilityZone property to specify the Availability Zone where the IP address is to be registered. AWS::Events::Rule In the Target property type, use the following properties for input transformation of events and setting Amazon ECS task and Kinesis stream targets. EcsParameters InputTransformer KinesisParameters RunCommandParameters AWS::KinesisFirehose::DeliveryStream Use the DeliveryStreamType property to specify the stream type and the KinesisStreamSourceConfiguration property to specify the stream and role ARNs for a Kinesis stream used as the source for a delivery stream. AWS::RDS::DBInstance For the Engine property, if you have specified oracle-se or oracle-se1, you can update to oracle-se2 without the database instance being replaced. AWS::S3::Bucket Use the AccelerateConfiguration property to configure the transfer acceleration state for an Amazon S3 bucket.	2010-05-15
Termination protection added for stacks.	September 26, 2017	Enabling termination protection on a stack prevents it from being accidentally deleted. A user cannot delete a stack with termination protection enabled. For more information, see Protecting a Stack From Being Deleted.	2010-05-15
Changed default umask value from version 1.4-22 onwards	September 14, 2017	The default umask parameter value for the cfn-hup.conf configuration file is now 022. For more information, see cfn-hup .
Updated resources	September 7, 2017	AWS::ElasticLoadBalancingV2::LoadBalancer Use the SubnetMappings property to specify the IDs of the subnets to attach to the load balancer. Use the Type property to specify the type of load balancer to create. AWS::ElasticLoadBalancingV2::TargetGroup Use the TargetType property to specify the registration type of the targets in this target group.	2010-05-15
Rollback triggers added to the AWS CloudFormation API	August 31, 2017	Rollback triggers enable you to have AWS CloudFormation monitor the state of your application during stack creation and updating, and to roll back that operation if the application breaches the threshold of any of the alarms you've specified. For more information, see RollbackConfiguration in the AWS CloudFormation API Reference.	2010-05-15
New umask parameter for cfn-hup.conf file	August 31, 2017	Use the umask parameter in the cfn-hup.conf configuration file to control file permissions used by the cfn-hup daemon (version 1.4-21). For more information, see cfn-hup.
Updated resources for VPC Sizing support	August 29, 2017	AWS::EC2::VPCCidrBlock Use the CidrBlock property to associate an IPv4 CIDR block with a VPC. AWS::EC2::VPC Use the CidrBlockAssociations attribute with the Fn::GetAtt function to get a list of IPv4 CIDR block association IDs associated with the VPC.	2010-05-15
Updated resources	August 23, 2017	AWS::S3::Bucket In the Rule property type, use the TagFilters property to specify tags to use in identifying a subset of objects for an Amazon S3 bucket. Use the MetricsConfiguration property to specify a metrics configuration for the CloudWatch request metrics from an Amazon S3 bucket. AWS::IoT::TopicRule In the Action property type, use the DynamoDBv2Action property to describe an AWS IoT action that writes data to a DynamoDB table. In the Action property type, the DynamoDBAction property now supports the HashKeyType and RangeKeyType properties. AWS::Lambda::Permission Use the EventSourceToken property to specify a unique token that must be supplied by the principal invoking the function.	2010-05-15
New pseudo parameters	August 23, 2017	Use the AWS::Partition pseudo parameter to return the partition that a resource is in. Use the AWS::URLSuffix pseudo parameter to return the suffix for a domain. For more information, see Pseudo Parameters Reference.	2010-05-15
New resources for DAX support	August 22, 2017	AWS::DAX::Cluster Use the AWS::DAX::Cluster resource to create a DAX cluster for use with Amazon DynamoDB. AWS::DAX::ParameterGroup Use the AWS::DAX::ParameterGroup resource to create a parameter group for use with Amazon DynamoDB. AWS::DAX::SubnetGroup Use the AWS::DAX::SubnetGroup resource to create a subnet group for use with DAX (DynamoDB Accelerator).	2010-05-15
New resources	August 18, 2017	AWS::ApiGateway::DocumentationPart and AWS::ApiGateway::DocumentationPart Use the AWS::ApiGateway::DocumentationPart and AWS::ApiGateway::DocumentationVersion resources to create documentation for your API Gateway API. AWS::ApiGateway::GatewayResponse Use the AWS::ApiGateway::GatewayResponse resource to create a custom response for your API Gateway API. AWS::ApiGateway::RequestValidator Use the AWS::ApiGateway::RequestValidator resource to set up validation rules for incoming requests to your API Gateway API. AWS::EC2::NetworkInterfacePermission Use the AWS::EC2::NetworkInterfacePermission resource to grant an AWS account permission to a network interface.	2010-05-15
Updated resources	August 18, 2017	AWS::ApiGateway::Stage Use the DocumentationVersion property to specify a versioned snapshot of the API documentation. AWS::AutoScaling::ScalingPolicy Use the TargetTrackingConfiguration property to specify an Auto Scaling target tracking scaling policy configuration. AWS::CloudTrail::Trail Use the EventSelectors property for Amazon S3 Data Events support. AWS::CodeDeploy::DeploymentGroup Use the LoadBalancerInfo and DeploymentStyle properties to specify an Elastic Load Balancing load balancer for an in-place deployment. Use the AutoRollbackConfiguration property to configure automatic rollback for the deployment. AWS::EC2::SpotFleet In the SpotFleetRequestConfigData property type, use the ReplaceUnhealthyInstances property to indicate whether the Spot fleet should replace unhealthy instances and the Type property to specify the type of request. AWS::EC2::Subnet Use the AssignIpv6AddressOnCreation and Ipv6CidrBlock properties to create a subnet with an IPv6 CIDR block. AWS::KinesisFirehose::DeliveryStream Use the ExtendedS3DestinationConfiguration property to configure a destination in Amazon S3. Use the ProcessingConfiguration subproperty within each destination configuration to invoke Lambda functions that transform incoming source data and deliver the transformed data to destinations. AWS::RDS::DBCluster and AWS::RDS::DBInstance The default DeletionPolicy is now Snapshot for AWS::RDS::DBCluster resources and for AWS::RDS::DBInstance resources that don't specify the DBClusterIdentifier property. For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute. AWS::S3::Bucket In the Rule property type, use the AbortIncompleteMultipartUpload property to specify a lifecycle rule that aborts incomplete multipart uploads to an Amazon S3 bucket. AWS::SQS::Queue Use the KmsMasterKeyId and KmsDataKeyReusePeriodSeconds properties to configure server-side encryption for Amazon SQS. Added the Arn attribute to the Fn::GetAtt intrinsic function for the following resources: AWS::CloudTrail::Trail. Also added SnsTopicArn. AWS::CloudWatch::Alarm AWS::DynamoDB::Table AWS::ECS::Cluster AWS::IoT::Policy AWS::IoT::TopicRule AWS::Logs::Destination	2010-05-15
Support for stack tags in CodePipeline artifacts	August 18, 2017	You can now specify tags for stacks in template configuration files for use as artifacts for CodePipeline pipelines. Specified tags are applied to stacks created using the template configuration file. For more information, see AWS CloudFormation Artifacts.	2010-05-15
Create encrypted file systems	August 14, 2017	AWS::EFS::FileSystem Use the Encrypted property to encrypt an Amazon EFS file system during creation. Use the KmsKeyId property to optionally specify a custom customer master key to use to protect the encrypted file system.	2010-05-15
New resources for AWS Batch support	August 8, 2017	AWS::Batch::ComputeEnvironment Use the AWS::Batch::ComputeEnvironment resource to define your AWS Batch compute environment. AWS::Batch::JobDefinition Use the AWS::Batch::JobDefinition resource to specify the parameters for an AWS Batch job definition. AWS::Batch::JobQueue Use the AWS::Batch::JobQueue resource to define your AWS Batch job queue.	2010-05-15
New resources for Amazon Kinesis Data Analytics support	July 28, 2017	AWS::KinesisAnalytics::Application Use the AWS::KinesisAnalytics::Application resource to create an Amazon Kinesis Data Analytics application. AWS::KinesisAnalytics::ApplicationOutput Use the AWS::KinesisAnalytics::ApplicationOutput resource to add an external destination to your Amazon Kinesis Data Analytics application. AWS::KinesisAnalytics::ApplicationReferenceDataSource Use the AWS::KinesisAnalytics::ApplicationReferenceDataSource resource to add a reference data source to an existing Amazon Kinesis Data Analytics application.	2010-05-15
Use StackSets to centrally manage stacks across accounts and regions	July 25, 2017	StackSets enables you to create, update, or delete stacks across multiple accounts and regions in a single operation. Using an administrator account, you define and manage an AWS CloudFormation template, and use the template as the basis for provisioning stacks into selected target accounts across specified regions. For more information about StackSets, see Working with AWS CloudFormation StackSets.	2010-05-15
View stack events by client request token	July 14, 2017	In the console, stack operations display the client request token on the Events tab. All events triggered by a given stack operation are assigned the same client request token, which you can use to track operations. For more information, see Viewing AWS CloudFormation Stack Data and Resources on the AWS Management Console and StackEvent in the AWS CloudFormation API Reference.	2010-05-15
Use stack quick-create links	July 14, 2017	Use quick-create links to get stacks up and running quickly. You can specify the template URL, stack name, and template parameters to prepopulate a single Create Stack Wizard page. For more information, see Creating Quick-Create Links for Stacks.	2010-05-15
New resources for AWS Database Migration Service support	July 12, 2017	AWS::DMS::Certificate Use the AWS::DMS::Certificate resource to create an SSL certificate that encrypts connections between AWS DMS endpoints and the replication instance. AWS::DMS::Endpoint Use the AWS::DMS::Endpoint resource to create an AWS DMS endpoint. AWS::DMS::EventSubscription Use the AWS::DMS::EventSubscription resource to get notifications for AWS DMS events through the Amazon Simple Notification Service. AWS::DMS::ReplicationInstance Use the AWS::DMS::ReplicationInstance resource to create an AWS DMS replication instance. AWS::DMS::ReplicationSubnetGroup Use the AWS::DMS::ReplicationSubnetGroup resource to create an AWS DMS replication subnet group. AWS::DMS::ReplicationTask Use the AWS::DMS::ReplicationTask resource to create an AWS DMS replication task.	2010-05-15
New resources	July 5, 2017	AWS::CloudWatch::Dashboard Use the AWS::CloudWatch::Dashboard resource to specify a custom CloudWatch dashboard for your CloudWatch console. AWS::ApiGateway::DomainName Use the AWS::ApiGateway::DomainName resource to specify a custom, friendly URL for your API that's deployed to Amazon API Gateway. AWS::EC2::EgressOnlyInternetGateway Use the AWS::EC2::EgressOnlyInternetGateway resource to create an egress-only internet gateway for your VPC. InstanceFleetConfig Use the InstanceFleetConfig resource to configure a Spot Instance fleet for an Amazon EMR cluster.	2010-05-15
Updated resources	July 5, 2017	AWS::ApiGateway::RestApi Use the BinaryMediaTypes property to specify supported binary media types. AWS::ApplicationAutoScaling::ScalingPolicy Use the TargetTrackingScalingPolicyConfiguration property to specify a a target tracking scaling policy configuration. AWS::CloudTrail::Trail Use the TrailName property to specify a custom name for an AWS CloudTrail resource. Use the Tags property to specify resource tags. AWS::CodeDeploy::DeploymentGroup Use the AlarmConfiguration property to configure alarms for the deployment group. Use the TriggerConfigurations property to configure notification triggers for the deployment group. AWS::EMR::Cluster Use the CoreInstanceFleet property and the MasterInstanceFleet property in the JobFlowInstancesConfig property type to configure the Spot Instance fleet for an Amazon EMR cluster. AWS::DynamoDB::Table Use the TimeToLiveSpecification property to specify the Time to Live (TTL) settings for an Amazon DynamoDB table. Use the Tags property to specify resource tags for a DynamoDB table. AWS::EC2::Instance The IamInstanceProfile property now supports No interruption updates. AWS::EC2::Route Use the EgressOnlyInternetGatewayId property to specify an egress-only Internet gateway for an EC2 route. AWS::Kinesis::Stream Use the RetentionPeriodHours property to specify the number of hours that data records stored in shards remain accessible. AWS::RDS::DBCluster Use the ReplicationSourceIdentifier property to create a DB cluster as a Read Replica of another DB cluster or an Amazon RDS MySQL DB instance. AWS::Redshift::Cluster Use the LoggingProperties property to create audit log files and store them in Amazon S3.	2010-05-15
New resources	June 6, 2017	AWS::EMR::SecurityConfiguration Use the AWS::EMR::SecurityConfiguration resource to create a security configuration, which is stored in the service and can be specified when a cluster is created.	2010-05-15
Updated resources	June 6, 2017	AWS::AutoScaling::LifecycleHook The NotificationTargetARN and RoleARN properties are now optional. AWS::CloudWatch::Alarm You can now use the EvaluateLowSampleCountPercentile, ExtendedStatistic, and TreatMissingData properties when creating AWS::CloudWatch::Alarm resources. AWS::EC2::SpotFleet AWS CloudFormation supports mutable changes to Spot fleet properties. The following properties of the SpotFleetRequestConfigData property support Replacement updates: AllocationStrategy IamFleetRole LaunchSpecifications SpotPrice TerminateInstancesWithExpiration ValidFrom ValidUntil The following properties of the SpotFleetRequestConfigData property support No interruption updates: ExcessCapacityTerminationPolicy TargetCapacity AWS::EMR::InstanceGroupConfig AWS CloudFormation now supports Auto Scaling for Amazon EMR task instance groups. AWS::Events::Rule The RoleArn property is deprecated on the Rule resource. Use the RoleArn property on the Target property type to specify the IAM role to use for a target. AWS::Kinesis::Stream The ShardCount property now supports No interruption updates. AWS::Lambda::Function Use the TracingConfig property to configure tracing settings for Lambda functions. AWS::Redshift::Cluster, AWS::Redshift::ClusterParameterGroup, AWS::Redshift::ClusterSecurityGroup, and AWS::Redshift::ClusterSubnetGroup Use the Tags property to specify resource tags. AWS::RDS::DBCluster Added the ReadEndpoint.Address attribute to the Fn::GetAtt intrinsic function. AWS::S3::Bucket Added the Arn attribute to the Fn::GetAtt intrinsic function.	2010-05-15
New resources	May 11, 2017	The following new resources support using AWS WAF with Elastic Load Balancing (ELB) Application Load Balancers. AWS::WAFRegional::ByteMatchSet Use the AWS::WAFRegional::ByteMatchSet resource to identify a part of a web request that you want to inspect. AWS::WAFRegional::IPSet Use the AWS::WAFRegional::IPSet resource to specify which web requests to permit or block based on the IP addresses from which the requests originate. AWS::WAFRegional::Rule Use the AWS::WAFRegional::Rule resource to specify a combination of IPSet, ByteMatchSet, and SqlInjectionMatchSet objects that identify the web requests to allow, block, or count. AWS::WAFRegional::SizeConstraintSet Use the AWS::WAFRegional::SizeConstraintSet resource to specify a size constraint used to check the size of a web request and which parts of the request to check. AWS::WAFRegional::SqlInjectionMatchSet Use the AWS::WAFRegional::SqlInjectionMatchSet resource to allow, block, or count requests that contain malicious SQL code in a specific part of web requests. AWS::WAFRegional::WebACL Use the AWS::WAFRegional::WebACL resource to identify the web requests that you want to allow, block, or count. AWS::WAFRegional::WebACLAssociation Use the AWS::WAFRegional::WebACLAssociation resource to associate a web access control group (ACL) with a resource. AWS::WAFRegional::XssMatchSet Use the AWS::WAFRegional::XssMatchSet resource to specify the parts of web requests that you want AWS WAF to inspect for cross-site scripting attacks and the name of the header to inspect.	2010-05-15
New resources	April 28, 2017	AWS::Cognito::IdentityPool Use the AWS::Cognito::IdentityPool resource to create an Amazon Cognito identity pool. AWS::Cognito::IdentityPoolRoleAttachment Use the AWS::Cognito::IdentityPoolRoleAttachment resource to manage the role configuration for an Amazon Cognito identity pool. AWS::Cognito::UserPool Use the AWS::Cognito::UserPool resource to create an Amazon Cognito user pool. AWS::Cognito::UserPoolClient Use the AWS::Cognito::UserPoolClient resource to create a user pool client. AWS::Cognito::UserPoolGroup Use the AWS::Cognito::UserPoolGroup resource to create a user group in an Amazon Cognito user pool. AWS::Cognito::UserPoolUser Use the AWS::Cognito::UserPoolUser resource to create an Amazon Cognito user pool user. AWS::Cognito::UserPoolUserToGroupAttachment Use the AWS::Cognito::UserPoolUserToGroupAttachment resource to attach a user to an Amazon Cognito user pool group.	2010-05-15
Updated resources	April 28, 2017	SourceDetails Use the MaximumExecutionFrequency subproperty of the AWS::Config::ConfigRule resource to run evaluations for a custom rule using a periodic trigger. AWS::EC2::Volume We now support Elastic Volumes for Amazon Elastic Block Store (Amazon EBS) in CloudFormation. We now support No interruption updates on three properties: VolumeType, Size, and Iops. AWS::EC2::SecurityGroup Use the GroupName property to specify a name for your Amazon EC2 security group. AWS::ECS::Service There are three new properties for AWS::ECS::Service: PlacementConstraints, PlacementStrategies, and ServiceName. AWS::ECS::TaskDefinition Use the PlacementConstraints property to define placement constraints for tasks in the service. AWS::ElastiCache::ReplicationGroup Added the ConfigurationEndPoint.Address attribute and the ConfigurationEndPoint.Port attribute to the Fn::GetAtt intrinsic function. AWS::ElasticLoadBalancingV2::LoadBalancer Use the IpAddressType property to specify the type of IP addresses that are used by the load balancer's subnets. AWS::EMR::Cluster AWS CloudFormation now supports Auto Scaling for Amazon EMR clusters. AWS::IAM::ManagedPolicy Use the ManagedPolicyName property to specify a custom name for your IAM managed policy. AWS::Lambda::Function Use the Tags property to add tags to your Lambda function. AWS::OpsWorks::Instance Added the following attributes to the Fn::GetAtt intrinsic function: AvailabilityZone, PrivateDnsName, PrivateIp, and PublicDnsName. AWS::OpsWorks::UserProfile Use the SshUsername property to specify a user's SSH name. Added the SshUsername attribute to the Fn::GetAtt intrinsic function. AWS::Redshift::Cluster Use the IamRoles property to provide a list of one or more AWS Identity and Access Management roles that the Amazon Redshift cluster can use to access other AWS services.	2010-05-15
Edit templates in YAML and JSON using AWS CloudFormation Designer	April 6, 2017	When you create AWS CloudFormation templates using Designer, you can now edit your template in both YAML and JSON in the integrated editor. You can also convert JSON templates to YAML and vice-versa, depending on your preferred template authoring language. For more information, see What Is AWS CloudFormation Designer?.	2010-05-15
New resource	April 6, 2017	AWS::SSM::Parameter Use the AWS::SSM::Parameter resource to create an SSM parameter in Parameter Store.	2010-05-15
AWS::Include transform	March 28, 2017	Use the AWS::Include transform to reference reusable snippets stored in an Amazon S3 bucket. For more information, see AWS::Include Transform.	2010-05-15
Peer your Amazon VPC with another account	March 28, 2017	You can now use AWS CloudFormation to peer your Amazon VPC with a VPC in another AWS account. For more information, see Peer with an Amazon VPC in Another AWS Account.	2010-05-15
New resource	March 28, 2017	AWS::ApiGateway::UsagePlanKey Use the AWS::ApiGateway::UsagePlanKey resource to associate a usage plan key and determine which users the usage plan is applied to.	2010-05-15
Updated resources	March 28, 2017	AWS::EC2::VPCPeeringConnection Use the PeerOwnerId property and the PeerRoleArn property to peer with a VPC in another AWS account. For more information, see Peer with an Amazon VPC in Another AWS Account. AWS::IAM::InstanceProfile Use the InstanceProfileName property to configure an instance profile. AWS::Lambda::Function Use the DeadLetterConfig property to configure how AWS Lambda handles events that it can't process. Node.js v0.10 is no longer supported for the Runtime property. AWS::Route53::HealthCheck There are seven new resource subproperty types for the HealthCheckConfig HealthCheckConfig property: AlarmIdentifier, ChildHealthChecks, EnableSNI, HealthThreshold, InsufficientDataHealthStatus, Inverted, and MeasureLatency. AWS::SQS::Queue Use the ContentBasedDeduplication and FifoQueue properties to create First-In-First-Out (FIFO) Amazon Simple Queue Service queues. AWS::S3::Bucket You can now specify IPv6 domain names for your Amazon S3 buckets.	2010-05-15
New resources	February 10, 2017	AWS::StepFunctions::Activity Use the AWS::StepFunctions::Activity resource to create an AWS Step Functions activity. AWS::StepFunctions::StateMachine Use the AWS::StepFunctions::StateMachine resource to create a Step Functions state machine.	2010-05-15
New intrinsic function	January 17, 2017	Use the Fn::Split function to split a string into a list of string values. For more information, see Fn::Split.	2010-05-15
Console support for listing imports	January 17, 2017	Use the AWS CloudFormation console to see all of the stacks that are importing an exported output value. For more information, see Listing Stacks That Import an Exported Output Value.	2010-05-15
Updated resources	January 17, 2017	AWS::AutoScaling::AutoScalingGroup The LoadBalancerNames property can be updated without replacing the Auto Scaling group. AWS::ECS::TaskDefinition Added the NetworkMode and MemoryReservation properties. AWS::RDS::DBCluster AWS CloudFormation supports updates to the Tags property. AWS::RDS::DBInstance Added the Timezone property. FirehoseAction Added the Separator property. AWS::OpsWorks::Instance Added the PublicIp attribute for the Fn::GetAtt intrinsic function.	2010-05-15
New resources	December 01, 2016	AWS::CodeBuild::Project Use the AWS::CodeBuild::Project resource to create an AWS CodeBuild project that defines how AWS CodeBuild builds your source code. AWS::SSM::Association Use the AWS::SSM::Association resource to associate an Amazon EC2 Systems Manager document with EC2 instances. AWS::EC2::SubnetCidrBlock Use the AWS::EC2::SubnetCidrBlock resource to associate a single IPv6 CIDR block with an Amazon VPC subnet. AWS::EC2::VPCCidrBlock Use the AWS::EC2::VPCCidrBlock resource to associate a single Amazon-provided IPv6 CIDR block with an Amazon VPC VPC.	2010-05-15
Updated resources for IPv6 support	December 01, 2016	AWS::EC2::Instance Added the Ipv6AddressCount and Ipv6Addresses properties. AWS::EC2::NetworkAclEntry Added the Ipv6CidrBlock property. AWS::EC2::NetworkInterface Added the Ipv6AddressCount and Ipv6Addresses properties. AWS::EC2::Route Added the DestinationIpv6CidrBlock property. AWS::EC2::SecurityGroupEgress Added the CidrIpv6 property. AWS::EC2::SecurityGroupIngress Added the CidrIpv6 property. AWS::EC2::SpotFleet Added the Ipv6AddressCount and Ipv6Addresses properties for the launch specification network interfaces. AWS::EC2::Subnet Added the Ipv6CidrBlocks attribute for the Fn::GetAtt function. AWS::EC2::VPC Added the Ipv6CidrBlocks attribute for the Fn::GetAtt function. AWS::SSM::Document Added the DocumentType property.	2010-05-15
Resource specification	November 22, 2016	Use the AWS CloudFormation resource specification to builds tools that help you create AWS CloudFormation templates. The specification is a machine-readable, JSON-formatted text file. For more information, see AWS CloudFormation Resource Specification.	2010-05-15
New resources	November 22, 2016	AWS::OpsWorks::UserProfile Use the AWS::OpsWorks::UserProfile resource to configure SSH access for users who require access to instances in an AWS OpsWorks stack. AWS::OpsWorks::Volume Use the AWS::OpsWorks::Volume resource to register an Amazon Elastic Block Store volume with an AWS OpsWorks stack.	2010-05-15
Updated resources	November 22, 2016	AWS::OpsWorks::App Added the DataSources property. AWS::OpsWorks::Instance Added the BlockDeviceMappings, AgentVersion, ElasticIps, Hostname, Tenancy, and Volumes properties. AWS::OpsWorks::Layer Added the CustomJson and VolumeConfigurations properties. AWS::OpsWorks::Stack Added the ElasticIps, EcsClusterArn, RdsDbInstances, CloneAppIds, ClonePermissions, and SourceStackId properties. AWS::RDS::DBInstance Added the CopyTagsToSnapshot property.	2010-05-15
List imports	November 22, 2016	List imports of an exported output value to track which AWS CloudFormation stacks are importing the value. For more information, see Listing Stacks That Import an Exported Output Value.	2010-05-15
Transforms	November 17, 2016	Specify the AWS Serverless Application Model (AWS SAM) that AWS CloudFormation uses to process AWS SAM syntax for serverless applications. For more information, see Transform.	2010-05-15
New resource	November 17, 2016	AWS::SNS::Subscription Use the AWS::SNS::Subscription resource to subscribe an endpoint to an Amazon Simple Notification Service topic.	2010-05-15
Updated resource	November 17, 2016	AWS::Lambda::Function Use the Environment property to specify key-value pairs (environment variables) that your AWS Lambda function can access. Use the KmsKeyArn property to specify an AWS Key Management Service key that AWS Lambda uses to encrypt and decrypt environment variables.	2010-05-15
New CLI commands	November 17, 2016	Uploading Local Artifacts to an S3 Bucket Use the aws cloudformation package command to upload local artifacts that are referenced in an AWS CloudFormation template to an S3 bucket. Quickly Deploying Templates with Transforms Use the aws cloudformation deploy command to combine the create and execute change set actions into a single command. This command is useful for quickly creating or updating stacks that contain transforms.	2010-05-15
Updated resource	November 03, 2016	AWS::CloudFront::Distribution For the DistributionConfig property, use the HttpVersion property to specify the latest HTTP version that viewers can use to communicate with Amazon CloudFront. For the ForwardedValues property, use the QueryStringCacheKeys property to specify the query string parameters that CloudFront uses to determine which content to cache.	2010-05-15
List stack exports	November 03, 2016	Use the AWS CloudFormation console, API, or AWS CLI to see a list of all the exported output values for a region. For more information, see Exporting Stack Output Values.	2010-05-15
Continuous delivery with stacks	November 03, 2016	Use AWS CodePipeline to build continuous delivery workflows with AWS CloudFormation stacks. For more information, see Continuous Delivery with CodePipeline.	2010-05-15
Skip resources during rollback	November 03, 2016	If you have a stack in the UPDATE_ROLLBACK_FAILED state, use the ResourcesToSkip parameter for the ContinueUpdateRollback action to skip resources that AWS CloudFormation can't rollback. For more information, see the Troubleshooting section in Update Rollback Failed.	2010-05-15
Change sets enhancement	November 03, 2016	You can create a new stack using a change set.	2010-05-15
Updated resource	October 12, 2016	AWS::ElastiCache::CacheCluster Update the CacheNodeType property without replacing the cluster. AWS::ElastiCache::ReplicationGroup You can create a Redis (cluster mode enabled) replication group that can contain multiple node groups (shards), each with a primary cluster and read replicas. AWS::ElastiCache::SubnetGroup Use the CacheSubnetGroupName property to specify a name for an Amazon ElastiCache subnet group.	2010-05-15
New resources	October 06, 2016	AWS::ApiGateway::UsagePlan Use the AWS::ApiGateway::UsagePlan resource to specify a usage plan for deployed Amazon API Gateway APIs. AWS::CodeCommit::Repository Use the AWS::CodeCommit::Repository resource to create an CodeCommit repository that is hosted by Amazon Web Services.	2010-05-15
Updated resources	October 06, 2016	AWS::ApiGateway::Authorizer Use the ProviderARNs property to use Amazon Cognito user pools as Amazon API Gateway API authorizers. AWS::ApiGateway::Deployment The StageName property is no longer required. AWS::ElasticLoadBalancingV2::TargetGroup For the GetAtt function, use the LoadBalancerArns attribute to retrieve the Amazon Resource Names (ARNs) of the load balancers that route traffic to the target group. AWS::RDS::DBInstance Use the Domain and DomainIAMRoleName properties to use Windows Authentication when users connect to the RDS DB instance. AWS::EC2::SecurityGroupEgress Use the DestinationPrefixListId property to specify the AWS service prefix of an Amazon VPC endpoint.	2010-05-15
Cross-stack reference enhancement	October 06, 2016	Use intrinsic functions to customize the Name value of an export or to refer to a value in the ImportValue function.	2010-05-15
AWS CloudFormation service role	September 26, 2016	Use an AWS Identity and Access Management (IAM) service role for AWS CloudFormation stack operations. AWS CloudFormation uses the role's credentials to make calls to stack resources on your behalf. For more information, see AWS CloudFormation Service Role.	2010-05-15
New feature	September 19, 2016	You can use the Export output field and the Fn::ImportValue intrinsic function to have one stack refer to resource outputs in another stack. For more information, see Outputs, Fn::ImportValue, and Walkthrough: Refer to Resource Outputs in Another AWS CloudFormation Stack.	2010-05-15
YAML support	September 19, 2016	You can use the YAML format to author AWS CloudFormation templates. YAML also allows you to, for example, add comments to your templates or use the short form for intrinsic functions. For more information, see AWS CloudFormation Template Formats.	2010-05-15
New intrinsic function	September 19, 2016	Use the Fn::Sub function to substitute variables in an input string with values that you specify. For more information, see Fn::Sub.	2010-05-15
New resources	September 19, 2016	AWS::KMS::Alias Use the AWS::KMS::Alias resource to create an alias for an AWS Key Management Service customer master key.
Updated resources	September 19, 2016	AWS::EC2::SpotFleet For the LaunchSpecifications property, use the SpotPrice property to specify a bid price for a specific instance type. AWS::ECS::Cluster Use the ClusterName property to specify a name for an Amazon Elastic Container Service cluster. AWS::ECS::TaskDefinition Use the TaskRoleArn property to specify an AWS Identity and Access Management role that Amazon Elastic Container Service containers use to make AWS calls on your behalf. Use the Family property to register a task definition to a specific family. AWS::Elasticsearch::Domain Use the ElasticsearchVersion property to specify which version of Elasticsearch to use.	2010-05-15
New resources	August 11, 2016	Use the following Elastic Load Balancing Application Load Balancer resources to distribute incoming application traffic to multiple targets, such as EC2 instances, in multiple Availability Zones: AWS::ElasticLoadBalancingV2::Listener AWS::ElasticLoadBalancingV2::ListenerRule AWS::ElasticLoadBalancingV2::LoadBalancer AWS::ElasticLoadBalancingV2::TargetGroup	2010-05-15
Updated resource	August 11, 2016	AWS::AutoScaling::AutoScalingGroup Use the TargetGroupARNs property to associate the Auto Scaling group with one or more Application Load Balancer target groups. AWS::ECS::Service For the load LoadBalancers property, use the TargetGroupArn property to associate an Amazon Elastic Container Service service with an Application Load Balancer target group.	2010-05-15
New resources	August 09, 2016	AWS CloudFormation added the following resources: AWS::ApplicationAutoScaling::ScalableTarget and AWS::ApplicationAutoScaling::ScalingPolicy Use an Application Auto Scaling scaling policy to define when and how a target resource scales. AWS::CertificateManager::Certificate Provision an AWS Certificate Manager certificate that you can use with other AWS services to enable secure connections.	2010-05-15
Updated resources	August 09, 2016	AWS CloudFormation updated the following resources: AWS::CloudFront::Distribution For the distribution configuration ViewerCertificate property, you can specify an AWS Certificate Manager certificate. For the distribution configuration Origin property, you can specify custom headers and the SSL protocols for custom origins. AWS::EFS::FileSystem You can specify the performance mode for an Amazon Elastic File System file system.	2010-05-15
New resources	July 20, 2016	AWS IoT Use AWS IoT to declare an AWS IoT policy, an X.509 certificate, an association between a policy and a principal (an X.509 certificate or other credential), an AWS IoT thing, an association between a principal and a thing, or an AWS IoT rule. AWS::IoT::Certificate AWS::IoT::Policy AWS::IoT::PolicyPrincipalAttachment AWS::IoT::Thing AWS::IoT::ThingPrincipalAttachment AWS::IoT::TopicRule	2010-05-15
Updated resources	July 20, 2016	AWS CloudFormation updated the following resources: AWS::IAM::Group, AWS::IAM::Role, AWS::IAM::User Use the name properties to specify a custom name for AWS Identity and Access Management (IAM) resources. AWS::ApiGateway::Method For the Integration property, you can use the PassthroughBehavior property to specify when Amazon API Gateway passes requests to the targeted back end. AWS::ApiGateway::Model and AWS::ApiGateway::RestApi You can specify JSON objects for the Schema and Body properties.	2010-05-15
Auto Scaling group UpdatePolicy	June 9, 2016	For the UpdatePolicy attribute, use the AutoScalingReplacingUpdate property to specify whether an Auto Scaling group and the instances it contains are replaced when you update the Auto Scaling group. During a replacement, AWS CloudFormation retains the old Auto Scaling group until it creates the new one successfully so that AWS CloudFormation can roll back to the old Auto Scaling group if the update fails. For more information, see UpdatePolicy Attribute.	2010-05-15
New resource	June 9, 2016	AWS CloudFormation added the following resources: AWS::EC2::FlowLog Creates an Amazon Elastic Compute Cloud flow log that captures IP traffic for a specified network interface, subnet, or VPC. AWS::KinesisFirehose::DeliveryStream Creates a delivery stream that delivers real-time streaming data to a destination, such as Amazon Simple Storage Service, Amazon Redshift, or Amazon Elasticsearch Service.	2010-05-15
Updated resources	June 9, 2016	AWS CloudFormation updated the following resources: AWS::Kinesis::Stream Use the Name property to specify a name for an Amazon Kinesis stream. AWS::Lambda::Function For the Code property, you can use the ZipFile property and cfn response module for nodejs4.3 runtime environments. AWS::SNS::Topic AWS CloudFormation enabled updates for the Amazon Simple Notification Service topic resource.	2010-05-15
New resource	April 25, 2016	Use the AWS::EC2::Host resource to allocate a fully dedicated physical server for launching EC2 instances.	2010-05-15
Updated resources	April 25, 2016	AWS::EC2::Instance Use the Affinity and HostId properties to launch instances onto an Amazon Elastic Compute Cloud dedicated host. AWS::ECS::Service Use the DeploymentConfiguration property to configure how many tasks can run during a deployment. AWS::ECS::TaskDefinition AWS CloudFormation added support for additional Amazon Elastic Container Service container definition properties. AWS::GameLift::Fleet Use the MaxSize and MinSize properties to specify the maximum and minimum number of EC2 instances allowed in your Amazon GameLift fleet. AWS::Lambda::Function Use the FunctionName property to specify a name for your AWS Lambda function. You can also use Python 2.7 to specify an inline function.	2010-05-15
New resources	April 18, 2016	Amazon API Gateway Use the Amazon API Gateway resources to publish, maintain, and monitor APIs at any scale. You can create APIs that clients can call to access your back-end services, such as applications running EC2 instances or code running on AWS Lambda. AWS::ApiGateway::Account AWS::ApiGateway::ApiKey AWS::ApiGateway::Authorizer AWS::ApiGateway::BasePathMapping AWS::ApiGateway::ClientCertificate AWS::ApiGateway::Deployment AWS::ApiGateway::Method AWS::ApiGateway::Model AWS::ApiGateway::Resource AWS::ApiGateway::RestApi AWS::ApiGateway::Stage AWS::Events::Rule Create an Amazon CloudWatch Events rule that monitors changes to AWS resources in your account (events). If an incoming event matches the conditions that you described in the rule, Amazon CloudWatch Events sends messages to and activates your specified targets, such as AWS Lambda functions or Amazon Simple Notification Service topics. AWS::WAF::SizeConstraintSet and AWS::WAF::XssMatchSet Use the two AWS WAF rules to check the size of a web request or to prevent cross-site scripting attacks.	2010-05-15
New resources	March 31, 2016	Use the AWS::Lambda::Alias resource to create aliases for your AWS Lambda functions and the AWS::Lambda::Version resource to create versions of your functions.	2010-05-15
Updated resources	March 31, 2016	AWS CloudFormation updated the following resources: AWS::EMR::Cluster and AWS::EMR::InstanceGroupConfig Use the EbsConfiguration property to configure Amazon Elastic Block Store storage volumes for your Amazon EMR clusters or instance groups. AWS::Lambda::Function Use the VpcConfig property to enable AWS Lambda functions to access resources in a VPC. AWS::S3::Bucket For the Amazon Simple Storage Service life cycle rules, you can specify multiple transition rules that specify when objects transition to a specified storage class.	2010-05-15
Change sets	March 29, 2016	Before updating stacks, use change sets to see how your changes might affect your running resources. For more information, see Updating Stacks Using Change Sets.	2010-05-15
New resources	March 15, 2016	Use the AWS::GameLift::Alias, AWS::GameLift::Build, and AWS::GameLift::Fleet resources to deploy multiplayer game servers in AWS.	2010-05-15
New resources	February 26, 2016	AWS CloudFormation added the following resources: AWS::ECR::Repository Create Amazon Elastic Container Registry repositories where users can push and pull Docker images. AWS::EC2::NatGateway Use the network address translator (NAT) gateway to enable EC2 instances in a private subnet to connect to the Internet. AWS::Elasticsearch::Domain Create Amazon Elasticsearch Service (Amazon ES) domains that contain the Amazon ES engine instances, which process Amazon ES requests. AWS::EMR::Cluster, AWS::EMR::InstanceGroupConfig, AWS::EMR::Step Use the Amazon EMR resources to help you analyze and process vast amounts of data. You can create clusters and then run jobs on them.	2010-05-15
Updated resources	February 26, 2016	AWS CloudFormation updated the following resources: AWS::CloudTrail::Trail Use the IsMultiRegionTrail property to specify whether to create an AWS CloudTrail trail in the region in which you create a stack or in all regions. AWS::Config::ConfigurationRecorder For the recording group, use the IncludeGlobalResourceTypes property to record all global resource types. AWS::RDS::DBCluster Use the KmsKeyId and StorageEncrypted properties to encrypt database instances in the cluster.	2010-05-15
Retain resources	February 26, 2016	For stacks in the DELETE_FAILED state, use the RetainResources parameter to retain resources that AWS CloudFormation can't delete. For more information, see Delete Stack Fails.	2010-05-15
Update stack tags	February 26, 2016	You can add, modify, or remove stack tags when you update a stack. For more information, see AWS CloudFormation Stacks Updates.	2010-05-15
Continue rolling back failed update rollbacks	January 25, 2016	For a stack in the UPDATE_ROLLBACK_FAILED state, you can continue rolling back the update to get your stack in a working state. That way, you can return the stack to its original settings and try to update it again. For more information, see Continue Rolling Back an Update.	2010-05-15
New sample templates available for the Asia Pacific (Seoul) region.	January 7, 2016	The following collection of AWS CloudFormation sample templates are for the ap-northeast-2 region: Sample Solutions Application Frameworks Services For more information, see Sample Templates.	2010-05-15
New resources	December 28, 2015	AWS CloudFormation added the following resources: AWS::DirectoryService::MicrosoftAD Use the Microsoft Active Directory resource to create a Microsoft Active Directory directory in AWS. AWS::Logs::Destination and AWS::Logs::LogStream Use the Amazon CloudWatch Logs resources to create a destination for real-time processing of log data or to create log streams, respectively. AWS::WAF::ByteMatchSet, AWS::WAF::IPSet, AWS::WAF::Rule, AWS::WAF::SqlInjectionMatchSet, and AWS::WAF::WebACL Use the AWS WAF resources to control and monitor web requests to your content.	2010-05-15
Resource updates	December 28, 2015	AWS CloudFormation updated the following resources: AWS::CloudFront::Distribution For the distribution configuration, use the WebACLId property to associate an AWS WAF web access control list (ACL) with an Amazon CloudFront distribution. For the cache behavior and default cache behavior, you can specify a default and maximum Time to Live (TTL) value. AWS::DynamoDB::Table