Release History

The following table describes important changes in each release of the AWS CloudFormation User Guide after May 2018. For notification about updates to this documentation, you can subscribe to an RSS feed.

Change	Description	Date
Updated resource	Added the Timeout property to AWS::Batch::JobDefinition. AWS::Batch::JobDefinition Use the `Timeout` property type to specify a job timeout configuration.	July 19, 2018
New resource	The following resource was added: AWS::IAM::ServiceLinkedRole. AWS::IAM::ServiceLinkedRole Use the `AWS::IAM::ServiceLinkedRole` resource to create a service-linked role in IAM. A service-linked role is a unique type of IAM role that is linked directly to an AWS service. Service-linked roles are predefined by the service and include all the permissions that the service requires to call other AWS services on your behalf.	July 19, 2018
Updated resources	Added the FieldLevelEncryptionId property to AWS::CloudFront::Distribution property types. AWS::CloudFront::Distribution In the Distribution CacheBehavior and Distribution DefaultCacheBehavior property types, use the `FieldLevelEncryptionId` property to specify the ID for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for a cache behavior or for the default cache behavior.	July 18, 2018
Updated resource	Added the HttpConfig property to AWS::AppSync::DataSource. AWS::AppSync::DataSource Use the `HttpConfig` property type to specify HttpConfig for an AWS AppSync data source.	July 12, 2018
Updated resource	Added the ReportBuildStatus property to AWS::CodeBuild::Project. AWS::CodeBuild::Project In the Source property type, use the `ReportBuildStatus` property to specify whether to send your source provider the status of a build's start and completion.	July 10, 2018
New resource	The following resource was added: AWS::CodePipeline::Webhook. AWS::CodePipeline::Webhook Use the `AWS::CodePipeline::Webhook` resource to create a webhook that connects your pipeline to an external event, such as a GitHub source repository change, which triggers your pipeline to start every time the external event occurs.	July 5, 2018
Updated resource	Added the following properties to AWS::EC2::VPCEndpoint: PrivateDnsEnabled, SecurityGroupIds, SubnetIds, and VpcEndpointType. AWS::EC2::VPCEndpoint Use the `PrivateDnsEnabled` property to indicate whether to associate a private hosted zone with the specified VPC. Use the `SecurityGroupIds` property to specify the ID of one or more security groups to associate with the endpoint network interface. Use the `SubnetIds` property to specify the ID of one or more subnets in which to create an endpoint network interface. Use the `VpcEndpointType` property to specify the type of endpoint.	June 21, 2018
New resources	The following resources were added: AWS::EC2::VPCEndpointConnectionNotification and AWS::EC2::VPCEndpointService. AWS::EC2::VPCEndpointConnectionNotification Use the `AWS::EC2::VPCEndpointConnectionNotification` resource to create a connection notification for the specified VPC endpoint or VPC endpoint service. AWS::EC2::VPCEndpointService Use the `AWS::EC2::VPCEndpointService` resource to create a VPC endpoint service configuration to which service consumers (AWS accounts, IAM users, and IAM roles) can connect.	June 21, 2018
Updated resource	Added the following property to AWS::ServiceDiscovery::Service: HealthCheckCustomConfig. AWS::ServiceDiscovery::Service Use the `HealthCheckCustomConfig` property to specify information about an optional custom health check.	June 14, 2018
New resources	The following new resources were released: AWS::AmazonMQ::Broker and AWS::AmazonMQ::Configuration. AWS::AmazonMQ::Broker Use the `AWS::AmazonMQ::Broker` resource to create a broker, add configuration changes or modify users for the specified broker, return information about the specified broker, or delete the specified broker. AWS::AmazonMQ::Configuration Use the `AWS::AmazonMQ::Configuration` resource to create a configuration, update the specified configuration, or return information about the specified configuration.	June 14, 2018
New resource	The following resource was released: : AWS::SSM::ResourceDataSync. AWS::SSM::ResourceDataSync Use the `AWS::SSM::ResourceDataSync` resource to create or delete a Resource Data Sync for Systems Manager Inventory. You can use Resource Data Sync to send Inventory data collected from all of your Systems Manager managed instances to a single Amazon S3 bucket.	June 11, 2018
New resource	The following resource was released: AWS::EKS::Cluster. AWS::EKS::Cluster Use the `AWS::EKS::Cluster` resource to create Amazon EKS clusters.	June 5, 2018
Updated resource	For the AWS::GuardDuty::Master resource, the InvitationId property is now optional. AWS::GuardDuty::Master The `InvitationId` property is now optional.	May 31, 2018
New resources	The following new resources were released: AWS::SageMaker::Endpoint, AWS::SageMaker::EndpointConfig, AWS::SageMaker::Model, AWS::SageMaker::NotebookInstance, and AWS::SageMaker::NotebookInstanceLifecycleConfig. AWS::SageMaker::Endpoint Use the `AWS::SageMaker::Endpoint` resource to create a SageMaker endpoint to host trained models. AWS::SageMaker::EndpointConfig Use the `AWS::SageMaker::EndpointConfig` resource to create a configuration for an endpoint. AWS::SageMaker::Model Use the `AWS::SageMaker::Model` resource to create a model to host at an Amazon SageMaker endpoint. AWS::SageMaker::NotebookInstance Use the `AWS::SageMaker::NotebookInstance` resource to create an Amazon SageMaker notebook instance. AWS::SageMaker::NotebookInstanceLifecycleConfig Use the `AWS::SageMaker::NotebookInstanceLifecycleConfig` resource to specify shell scripts that run when you create or start a notebook instance.	May 31, 2018
Stack sets now support customized execution roles	Use customized execution roles in target accounts to control the stack resources that users or groups can include in their stack sets. For more information, see Granting Permissions for Stack Set Operations.	May 30, 2018
Selective updates of stack instances	Use the optional Accounts and Regions parameters to specify the accounts and regions in which to update stack instances during a stack set update operation. For more information, see UpdateStackSet in the AWS CloudFormation API Reference.	May 30, 2018
New resources	The following new resources were released: AWS::Neptune::DBCluster, AWS::Neptune::DBClusterParameterGroup, AWS::Neptune::DBInstance, AWS::Neptune::DBParameterGroup, and AWS::Neptune::DBSubnetGroup. AWS::Neptune::DBCluster Use the `AWS::Neptune::DBCluster` resource to create an Amazon Neptune DB cluster. AWS::Neptune::DBClusterParameterGroup Use the `AWS::Neptune::DBClusterParameterGroup` resource to create a DB cluster parameter group. AWS::Neptune::DBInstance Use the `AWS::Neptune::DBInstance` resource to create an Amazon Neptune database instance. AWS::Neptune::DBParameterGroup Use the `AWS::Neptune::DBParameterGroup` resource to create a custom parameter group for Amazon Neptune. AWS::Neptune::DBSubnetGroup Use the `AWS::Neptune::DBSubnetGroup` resource to create an Amazon Neptune database subnet group that contains subnets.	May 30, 2018
Updated resources	The following resources were updated: AWS::ApiGateway::RestApi, AWS::AutoScaling::AutoScalingGroup, AWS::AutoScaling::LaunchConfiguration, AWS::DirectoryService::MicrosoftAD, AWS::DynamoDB::Table, AWS::EC2::Instance, AWS::ECS::Service, AWS::ECS::TaskDefinition, AWS::Elasticsearch::Domain, AWS::IAM::Role, AWS::KinesisFirehose::DeliveryStream, AWS::Lambda::EventSourceMapping, AWS::Logs::MetricFilter, and AWS::SSM::Association. AWS::ApiGateway::RestApi Use the `Policy` property to specify a policy document that contains the permissions for the specified RestAPI. AWS::AutoScaling::AutoScalingGroup Use the `ServiceLinkedRoleARN` property to specify the Amazon Resource Name (ARN) of the service-linked role that the Auto Scaling group uses to call other AWS services on your behalf. AWS::AutoScaling::LaunchConfiguration Use the `LaunchConfigurationName` property to specify the name of the launch configuration. AWS::DirectoryService::MicrosoftAD Use the `Edition` property to specify the AWS Microsoft AD edition to use. AWS::DynamoDB::Table Use the `PointInTimeRecoverySpecification` property to specify the settings used to enable point in time recovery. AWS::EC2::Instance Use the `LaunchTemplate` property to specify the launch template to use for an Amazon EC2 instance. AWS::ECS::Service Use the `ServiceRegistry` property type to specify the details of the service registry. AWS::ECS::TaskDefinition Use the `HealthCheck` property type to specify a container health check. AWS::Elasticsearch::Domain Use the `EncryptionAtRestOptions` property type to specify whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use. AWS::IAM::Role Use the `RoleId` attribute to have `Fn::GetAtt` return the stable and unique string identifying the role. Use the `MaxSessionDuration` property to specify the maximum session duration (in seconds) for the specified role. AWS::KinesisFirehose::DeliveryStream Use the `SplunkDestinationConfiguration` property to specify the configuration of a destination in Splunk for a Kinesis Data Firehose delivery stream. AWS::Lambda::EventSourceMapping The `StartingPosition` property is no longer required. AWS::Logs::MetricFilter In the CloudWatch Logs MetricFilter MetricTransformation Property property type, use the `DefaultValue` property to specify the value to emit when a filter pattern does not match a log event. AWS::SSM::Association Use the `OutputLocation` property to specify an Amazon S3 bucket where you want to store the results of an association request.	May 24, 2018
New resources	The following new resources were released: AWS::ServiceCatalog::AcceptedPortfolioShare, AWS::ServiceCatalog::CloudFormationProduct, AWS::ServiceCatalog::LaunchNotificationConstraint, AWS::ServiceCatalog::LaunchRoleConstraint, AWS::ServiceCatalog::LaunchTemplateConstraint, AWS::ServiceCatalog::Portfolio, AWS::ServiceCatalog::PortfolioPrincipalAssociation, AWS::ServiceCatalog::PortfolioProductAssociation, AWS::ServiceCatalog::PortfolioShare, AWS::ServiceCatalog::TagOption, and AWS::ServiceCatalog::TagOptionAssociation. AWS::ServiceCatalog::AcceptedPortfolioShare Use the `AWS::ServiceCatalog::AcceptedPortfolioShare` resource to accept an offer to share the specified portfolio for AWS Service Catalog. AWS::ServiceCatalog::CloudFormationProduct Use the `AWS::ServiceCatalog::CloudFormationProduct` resource to create a product for AWS Service Catalog. AWS::ServiceCatalog::LaunchNotificationConstraint Use the `AWS::ServiceCatalog::LaunchNotificationConstraint` resource to create a notification constraint for AWS Service Catalog. AWS::ServiceCatalog::LaunchRoleConstraint Use the `AWS::ServiceCatalog::LaunchRoleConstraint` resource to create a launch constraint for AWS Service Catalog. AWS::ServiceCatalog::LaunchTemplateConstraint Use the `AWS::ServiceCatalog::LaunchTemplateConstraint` resource to create a template constraint for AWS Service Catalog. AWS::ServiceCatalog::Portfolio Use the `AWS::ServiceCatalog::Portfolio` resource to create a portfolio for AWS Service Catalog. AWS::ServiceCatalog::PortfolioPrincipalAssociation Use the `AWS::ServiceCatalog::PortfolioPrincipalAssociation` resource to associate a principal with a portfolio for AWS Service Catalog. AWS::ServiceCatalog::PortfolioProductAssociation Use the `AWS::ServiceCatalog::PortfolioProductAssociation` resource to associate a product with a portfolio for AWS Service Catalog. AWS::ServiceCatalog::PortfolioShare Use the `AWS::ServiceCatalog::PortfolioShare` resource to share a portfolio for AWS Service Catalog. AWS::ServiceCatalog::TagOption Use the `AWS::ServiceCatalog::TagOption` resource to create a TagOption. AWS::ServiceCatalog::TagOptionAssociation Use the `AWS::ServiceCatalog::TagOptionAssociation` resource to associate a TagOption with a resource for AWS Service Catalog.	May 24, 2018
AWS CloudFormation now creates S3 buckets with encryption enabled	For Amazon S3 buckets that AWS CloudFormation creates to store uploaded stack templates, server-side encryption is now enabled by default, thereby encrypting all objects stored in those buckets. For more information, see Selecting a Stack Template.	May 24, 2018
New resource	The following resource was released: AWS::Budgets::Budget. AWS::Budgets::Budget Use the `AWS::Budgets::Budget` resource to create a budget.	May 22, 2018
FIPS endpoints added	AWS CloudFormation now offers new endpoints which use FIPS 140-2 validated cryptographic modules in the following public US regions: US-East-1, US-East-2, US-West-1, and US-West-2. See Regions and Endpoints in the Amazon Web Services General Reference for the new FIPS-compliant endpoint URLs.	May 17, 2018
New resource	The following resource was released: AWS::AutoScalingPlans::ScalingPlan. AWS::AutoScalingPlans::ScalingPlan Use the `AWS::AutoScalingPlans::ScalingPlan` resource to create a scaling plan for the scalable resources for your application.	May 9, 2018
New resource	The following resource was released: AWS::GuardDuty::Filter. AWS::GuardDuty::Filter Use the `AWS::GuardDuty::Filter` resource to create a filter for your GuardDuty findings.	May 8, 2018
Updated resources	The following resources were updated: AWS::AppSync::GraphQLApi and AWS::GuardDuty::Member. AWS::AppSync::GraphQLApi Use the `OpenIDConnectConfig` property to specify the authorization configuration for using an OpenId Connect compliant service with your GraphQL endpoint. AWS::GuardDuty::Member Use the `DisableEmailNotification` property to specify whether an email notification is to be sent to the accounts that you want to invite to GuardDuty as members. When set to 'True', email notification is not sent to the invitees.	May 1, 2018
New resource	The following resource was released: AWS::ServiceCatalog::CloudFormationProvisionedProduct. AWS::ServiceCatalog::CloudFormationProvisionedProduct Use the `AWS::ServiceCatalog::CloudFormationProvisionedProduct` resource to provision the specified product for AWS Service Catalog.	May 1, 2018

Earlier Updates

The following table describes important changes in each release of the AWS CloudFormation User Guide before May 2018.

Change	Release Date	Description	API Version
Stack set naming convention	April 10, 2018	AWS CloudFormation stacks created using stack sets now follow a new naming convention, in which the stack name contains the stack set name.	2010-05-15
New resources	April 10, 2018	AWS::AppSync::ApiKey Use the `AWS::AppSync::ApiKey` resource to create a unique key that you can distribute to clients who are executing GraphQL operations with AWS AppSync. AWS::AppSync::DataSource Use the `AWS::AppSync::DataSource` resource to create data sources for resolvers in AWS AppSync. AWS::AppSync::GraphQLApi Use the `AWS::AppSync::GraphQLApi` resource to create a new AWS AppSync GraphQL API. AWS::AppSync::GraphQLSchema Use the `AWS::AppSync::GraphQLSchema` resource to create the data model for your AWS AppSync GraphQL API. AWS::AppSync::Resolver Use the `AWS::AppSync::Resolver` resource to define the logical GraphQL resolver that you will attach to fields in a schema.	2010-05-15
Updated resource	April 10, 2018	AWS::Config::ConfigurationAggregator Use the `OrganizationAggregationSource` property type to specify the regions of AWS Config data to aggregate into an AWS Config configuration aggregator and the IAM role to use to retrieve AWS Organizations details.	2010-05-15
New resources	April 4, 2018	AWS::Config::AggregationAuthorization Use the `AWS::Config::AggregationAuthorization` resource to grant permission to an aggregator account to collect your AWS Config data. AWS::Config::ConfigurationAggregator Use the `AWS::Config::ConfigurationAggregator` resource to create a configuration aggregator for AWS Config.	2010-05-15
Stack sets now support customized administrator roles	March 29, 2018	Use customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see Prerequisites: Granting Permissions for Stack Set Operations.	2010-05-15
New resource	March 29, 2018	AWS::EC2::LaunchTemplate Use the `AWS::EC2::LaunchTemplate` resource to create a launch template for an Amazon EC2 instance.	2010-05-15
Updated resources	March 29, 2018	AWS::AutoScaling::AutoScalingGroup Use the `LaunchTemplate` property to specify the launch template to use to launch instances. AWS::EC2::SpotFleet In the Amazon EC2 SpotFleet SpotFleetRequestConfigData property type, use the `LaunchTemplateConfigs` property to describe a launch template and overrides.	2010-05-15
New `Fn::Cidr` intrinsic function	March 6, 2018	Returns the specified Cidr address block. For more information, see `Fn::Cidr`.	2010-05-15
New resources	March 6, 2018	AWS::ApiGateway::VpcLink Use the `AWS::ApiGateway::VpcLink` resource to specify an API Gateway VPC link for a `AWS::ApiGateway::RestApi` to access resources in an Amazon Virtual Private Cloud (VPC). AWS::GuardDuty::Master Use the `AWS::GuardDuty::Master` resource to create a GuardDuty master account. AWS::GuardDuty::Member Use the `AWS::GuardDuty::Member` resource to create a GuardDuty member account. AWS::SES::ConfigurationSet Use the `AWS::SES::ConfigurationSet` resource to to create groups of rules that you can apply to the emails you send. AWS::SES::ConfigurationSetEventDestination Use the `AWS::SES::ConfigurationSetEventDestination` resource to specify a configuration set event destination. AWS::SES::ReceiptFilter Use the `AWS::SES::ReceiptFilter` resource to specify whether to accept or reject mail originating from an IP address or range of IP addresses. AWS::SES::ReceiptRule Use the `AWS::SES::ReceiptRule` resource to specify which actions Amazon SES should take when it receives mail on behalf of one or more email addresses or domains that you own. AWS::SES::ReceiptRuleSet Use the `AWS::SES::ReceiptRuleSet` resource to specify an empty rule set for Amazon SES. AWS::SES::Template Use the `AWS::SES::Template` resource to to specify the content of the email, composed of a subject line, an HTML part, and a text-only part.	2010-05-15
Updated resources	March 6, 2018	AWS::AutoScaling::AutoScalingGroup Use the `AutoScalingGroup` property to specify the name of the Auto Scaling group. AWS::ApiGateway::RestApi Use the `ApiKeySourceType` property to specify the source of the API key for metering requests according to a usage plan. Use the `MinimumCompressionSize` property to specify a nullable integer that is used to enable compression or disable compression on an API. AWS::ApplicationAutoScaling::ScalingPolicy In the Application Auto Scaling ScalingPolicy TargetTrackingScalingPolicyConfiguration property type, use the `DisableScaleIn` property to specify whether scale in by the target tracking policy is disabled. AWS::EC2::SpotFleet In the Amazon EC2 SpotFleet LaunchSpecifications property type, use the `TagSpecifications` property to specify the tags to apply during SpotFleet creation. AWS::Elasticsearch::Domain Use the `Arn` attribute to have `Fn::GetAtt` return the Amazon Resource Name (ARN) of the domain. The `DomainArn` attribute of `Fn::GetAtt` has been deprecated. AWS::RDS::DBCluster Use the `DBClusterIdentifier` property to specify the DB cluster identifier. AWS::RDS::DBCluster Use the `DBClusterIdentifier` property to specify the DB cluster identifier. AWS::Redshift::Cluster Use the `ClusterIdentifier` property to specify the unique identifier of the cluster. AWS::Route53::HealthCheck In the Route 53 HealthCheck HealthCheckConfig property type, use the `Regions` property to specify the regions from which you want Route 53 health checkers to check the specified endpoint. AWS::SSM::Document Use the `Tags` property to specify the AWS CloudFormation resource tags to apply to the document.	2010-05-15
Updated resource	February 19, 2018	AWS::CodeBuild::Project Use the `Triggers` property to configure a webhook for the project to begin to automatically rebuild the source code every time a code change is pushed to the repository. This is available only for GitHub projects in AWS CloudFormation. It is not available for GitHub Enterprise projects.	2010-05-15
Updated resource	February 8, 2018	AWS::DynamoDB::Table Use the `SSESpecification` property to specify the settings to enable server-side encryption.	2010-05-15
Updated resource	February 5, 2018	AWS::CodeBuild::Project In the `AWS CodeBuild Project Source` property type: Use the `GitCloneDepth` property to specify the depth of history to download. Use the `InsecureSsl` property to specify whether to ignore SSL warnings while connecting to your GitHub Enterprise project repository.	2010-05-15
Updated resources	January 23, 2018	AWS::AutoScaling::LifecycleHook Use the `LifecycleHookName` property to specify the name of the lifecycle hook. AWS::DynamoDB::Table The `AttributeDefinitions` property now requires replacement when updated. AWS::EC2::Instance Use the `CreditSpecification` property to specify the credit option for CPU usage of a T2 instance. Use the `ElasticGpuSpecifications` property to specify Elastic GPUs, GPU resources that you can attach to your instance to accelerate the graphics performance of your applications. AWS::EC2::VPC The `InstanceTenancy` property now requires no interruption when updated from `"dedicated"` to `"default"`. AWS::ECS::Service Use the `HealthCheckGracePeriodSeconds` property to specify the period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started. AWS::IoT::TopicRule In the `DynamoDBAction` property type, the `RangeKeyField` and `RangeKeyValue` properties are no longer required. AWS::KinesisAnalytics::ApplicationOutput In the `ApplicationOutput` property type, use the `LambdaOutput` property to identify a Lambda function as the destination when configuring application output. AWS::Kinesis::Stream Use the `StreamEncryption` property to enable or update server-side encryption using an AWS KMS key for a specified stream. AWS::Lambda::Function Use the `ReservedConcurrentExecutions` property to specify the maximum of concurrent executions you want reserved for the function. AWS::RDS::DBSubnetGroup Use the `DBSubnetGroupName` property to specify the name for the DB Subnet Group. AWS::S3::Bucket Use the `BucketEncryption` property to specify default encryption for a bucket using server-side encryption with Amazon S3-managed keys SSE-S3 or AWS KMS-managed Keys (SSE-KMS) bucket. In the `ReplicationRule` property type, use the `SourceSelectionCriteria` property to specify additional filters in identifying source objects that you want to replicate. In the `ReplicationDestination` property type: Use the `AccessControlTranslation` property to specify replica ownership of the AWS account that owns the destination bucket. Use the `Account` property to specify destination bucket owner account ID. Use the `EncryptionConfiguration` property to specify encryption-related information for a bucket that is a destination for replicated objects. AWS::SSM::Association Use the `AssociationName` property to specify the name of the association between an SSM document and EC2 instances that contain a configuration agent to process the document.	2010-05-15
Rollback triggers added to the AWS CloudFormation console.	January 15, 2018	Rollback triggers enable you to have AWS CloudFormation monitor the state of your application during stack creation and updating, and to roll back that operation if the application breaches the threshold of any of the alarms you've specified. For more information, see Monitor and Roll Back Stack Operations.	2010-05-15
Updated resource	January 12, 2018	AWS::SSM::Parameter Use the `AllowedPattern` property to specify a regular expression used to validate the parameter value.	2010-05-15
New resources	December 5, 2017	AWS::Inspector::AssessmentTarget Use the `AWS::Inspector::AsssmentTarget` resource to create an Amazon Inspector assessment target. AWS::Inspector::AssessmentTemplate Use the `AWS::Inspector::AssessmentTemplate` resource to create an Amazon Inspector assessment template. AWS::Inspector::ResourceGroup Use the `AWS::Inspector::ResourceGroup` resource to create an Amazon Inspector resource group, which defines tags that identify AWS resources that make up an Amazon Inspector assessment target. AWS::ServiceDiscovery::Instance Use the `AWS::ServiceDiscovery::Instance` resource to specify information about an instance that Amazon Route 53 creates. AWS::ServiceDiscovery::PrivateDnsNamespace Use the `AWS::ServiceDiscovery::PrivateDnsNamespace` resource to specify information about a private namespace for Amazon Route 53. AWS::ServiceDiscovery::PublicDnsNamespace Use the `AWS::ServiceDiscovery::PublicDnsNamespace` resource to specify information about a public namespace for Amazon Route 53. AWS::ServiceDiscovery::Service Use the `AWS::ServiceDiscovery::Service` resource to define a template for up to five records and an optional health check that you want Amazon Route 53 to create when you register an instance.	2010-05-15
Updated resource	December 5, 2017	AWS::KinesisAnalytics::Application In the `Input` property type, use the `InputProcessingConfiguration` property to transform records as they are received from the stream.	2010-05-15
Updated resource	December 1, 2017	AWS::CodeBuild::Project Use the `BadgeEnabled` property to generate a publicly accessible URL for a project's build badge. Use the `Cache` property to configure cache settings for build dependencies. Use the `VpcConfig` property to enable AWS CodeBuild to access resources in an Amazon VPC. In the `EnvironmentVariable` property type, use the `Type` property to specify the type of environment variable.	2010-05-15
New resource	November 30, 2017	AWS::Cloud9::EnvironmentEC2 Use the `AWS::Cloud9::EnvironmentEC2` resource to create an Amazon EC2 development environment in AWS Cloud9.	2010-05-15
Updated resources	November 29, 2017	AWS::ECS::TaskDefinition Use the `Cpu` property to specify the number of cpu units needed for the task. Use the `ExecutionRoleArn` property to specify the ARN of the execution role. Use the `Memory` property to specify the amount (in MiB) of memory needed for the task. Use the `RequiresCompatibilities` property to specify the launch type the task requires. AWS::ECS::Service Use the `LaunchType` property to specify the launch type on which to run your service. Use the `NetworkConfiguration` property to specify the network configuration for the service. Use the `PlatformVersion` property to specify the platform version on which to run your service.	2010-05-15
New resources	November 28, 2017	AWS::GuardDuty::Detector Use the `AWS::GuardDuty::Detector` resource to create a single Amazon GuardDuty detector. AWS::GuardDuty::IPSet Use the `AWS::GuardDuty::IPSet` resource to create an Amazon GuardDuty IP set. AWS::GuardDuty::ThreatIntelSet Use the `AWS::GuardDuty::ThreatIntelSet` resource to create a ThreatIntelSet.	2010-05-15
Updated resources	November 28, 2017	AWS::CodeDeploy::Application Use the `ComputePlatform` property to specify an AWS Lambda compute platform for AWS CodeDeploy to deploy an application to. AWS::CodeDeploy::DeploymentGroup In the `DeploymentStyle` property type, use the `DeploymentType` property to specify a blue/green deployment on a Lambda compute platform. AWS::EC2::SpotFleet In the `SpotFleetRequestConfigData` property type, the `SpotPrice` property is now optional. AWS::Lambda::Alias Use the `RoutingConfig` property to specify two different versions of an AWS Lambda function, allowing you to dictate what percentage of traffic will invoke each version.	2010-05-15
New `CodeDeployLambdaAliasUpdate` update policy	November 28, 2017	Use the `CodeDeployLambdaAliasUpdate` update policy to perform an AWS CodeDeploy deployment when the version changes on an `AWS::Lambda::Alias` resource. For more information, see UpdatePolicy.	2010-05-15
New `SSM` parameter types	November 21, 2017	Use `SSM` parameter types to use existing parameters from Systems Manager Parameter Store. Note: AWS CloudFormation doesn't currently support the `SecureString` type. For more information, see `SSM` Parameter Types.	2010-05-15
New `ResolvedValue` field for `Parameter` data type	November 21, 2017	The `ResolvedValue` field returns the value that's used in the stack definition for an `SSM` parameter. For more information, see the Parameter data type in the AWS CloudFormation API Reference.	2010-05-15
Updated resources	November 20, 2017	AWS::ApiGateway::ApiKey Use the `CustomerId` property to specify an AWS Marketplace customer identifier. Use the `GenerateDistinctId` property to specify whether the key identifier is distinct from the created API key value. AWS::ApiGateway::Authorizer Use the `AuthType` property to specify a customer-defined field that's used in Swagger imports and exports without functional impact. AWS::ApiGateway::DomainName Use the `EndpointConfiguration` property to specify the endpoint types of an API Gateway domain name. Use the `RegionalCertificateArn` property to reference a certificate for use by the regional endpoint for a domain name. AWS::ApiGateway::Method In the `Integration` and `IntegrationResponse` property types, use the `ContentHandling` property to specify how to handle request payload content type conversions. AWS::ApiGateway::RestApi Use the `EndpointConfiguration` property to specify the endpoint types of an API Gateway REST API. AWS::ApplicationAutoScaling::ScalableTarget Use the `ScheduledActions` property to specify scheduled actions for an Application Auto Scaling scalable target. AWS::ECR::Repository Use the `LifecyclePolicy` property to specify a lifecycle policy for an Amazon ECR repository. AWS::ECS::TaskDefinition In the `ContainerDefinition` property type, use the `LinuxParameters` property to specify Linux-specific options for an Amazon ECS container. AWS::ElastiCache::ReplicationGroup Use the `AtRestEncryptionEnabled` property to enable encryption at rest. Use the `AuthToken` property to specify a password that's used to access a password-protected server. Use the `TransitEncryptionEnabled` property to enable in-transit encryption. AWS::ElasticLoadBalancingV2::TargetGroup Use the `TargetGroupName` attribute with the `Fn::GetAtt` function to get the name of an Elastic Load Balancing target group. AWS::Elasticsearch::Domain Use the `VPCOptions` property to specify a VPC configuration for the Amazon ES domain. AWS::EMR::Cluster Use the `EbsRootVolumeSize` property to specify the size of the EBS root volume for an Amazon EMR cluster. AWS::RDS::DBInstance Use the `SourceRegion` and `KmsKeyId` properties to create an encrypted read replica from a cross-region source DB instance. AWS::Route53::HostedZone Use the `QueryLoggingConfig` property to specify a configuration for DNS query logging.	2010-05-15
New `NoEcho` field for custom resource `Response` objects	November 20, 2017	You can now use the optional `NoEcho` field to mask the output of a custom resource. For more information, see Custom Resource Response Objects. The corresponding `noEcho` parameter is supported by the `send` method. For more information, see cfn-response Module.	2010-05-15
Stack instance overrides added for stack sets.	November 17, 2017	AWS CloudFormation StackSets allows you to override parameter values in stack instances by account and region. You can override parameter values when you create the stack instances, or when updating existing stack instances. For more information, see Override Parameters on Stack Instances.	2010-05-15
Updated resource	November 15, 2017	AWS::StepFunctions::StateMachine You can use `AWS::StepFunctions::StateMachine` to specify a `StateMachineName` when creating a state machine, and both `DefinitionString` and `RoleArn` can be updated without replacing the state machine.	2010-05-15
StackSets now supports a maximum of 500 stack instances per stack set.	November 6, 2017	You can now create up to a maximum of 500 stack instances per stack set. For more information on AWS CloudFormation limits, see AWS CloudFormation Limits.	2010-05-15
New resources	November 2, 2017	AWS::CloudFront::CloudFrontOriginAccessIdentity Use the `AWS::CloudFront::CloudFrontOriginAccessIdentity` resource to specify the Amazon CloudFront origin access identity to associate with the origin of a CloudFront distribution. AWS::CloudFront::StreamingDistribution Use the `AWS::CloudFront::StreamingDistribution` resource to specify an Adobe Real-Time Messaging Protocol (RTMP) streaming distribution for CloudFront.	2010-05-15
Updated resources	November 2, 2017	AWS::ApiGateway::Deployment The `StageName` property has been deprecated on the `StageDescription` property type. AWS::ApiGateway::Method Use the `OperationName` property to assign a friendly name to an API Gateway method. Use the `RequestValidatorId` property to associate a request validator with a method. AWS::AutoScaling::AutoScalingGroup Use the `LifecycleHookSpecificationList` property to specify actions to perform when Auto Scaling launches or terminates instances. AWS::CloudFront::Distribution Use the `Tags` property to specify an arbitrary set of tags (key–value pairs) to associate with a CloudFront distribution. In the `CacheBehavior` and `DefaultCacheBehavior` property types, use the `LambdaFunctionAssociations` property to specify Lambda function associations for a CloudFront distribution. In the `CustomOriginConfig` property type, use the `OriginKeepaliveTimeout` property to specify a custom keep-alive timeout, and use the `OriginReadTimeout` property to specify a custom origin read timeout. In the `DistributionConfig` property type, use the `IPV6Enabled` property to specify whether CloudFront responds to IPv6 DNS requests with an IPv6 address for your distribution. AWS::CodeDeploy::DeploymentGroup In the `LoadBalancerInfo` property type, use the `TargetGroupInfoList` property to specify information about a target group in Elastic Load Balancing to use in a deployment. AWS::EC2::SecurityGroup, AWS::EC2::SecurityGroupEgress, and AWS::EC2::SecurityGroupIngress Use the `Description` property to specify the description of a security group rule. AWS::EC2::Subnet The `Ipv6CidrBlock` property now supports `No interruption` updates. AWS::EC2::VPNGateway Use the `AmazonSideAsn` property to specify a private Autonomous System Number (ASN) for the Amazon side of a BGP session. AWS::EC2::VPNConnection Use the `VpnTunnelOptionsSpecifications` property to configure tunnel options for a VPN connection. AWS::ElasticBeanstalk::ConfigurationTemplate and AWS::ElasticBeanstalk::Environment In the `ConfigurationOptionSetting` and `OptionSetting` property types, use the `ResourceName` property to specify a resource name for a time-based scaling configuration option. AWS::EMR::Cluster Use the `CustomAmiId` property to specify a custom Amazon Linux AMI for a cluster. AWS::KinesisFirehose::DeliveryStream Use the `Arn` attribute with the `Fn::GetAtt` function to get the Amazon Resource Name (ARN) of the delivery stream. AWS::KMS::Key Use the `Tags` property to specify an arbitrary set of tags (key–value pairs) to associate with a custom master key (CMS). AWS::OpsWorks::Layer and AWS::OpsWorks::Stack Use the `Tags` property to specify an arbitrary set of tags (key–value pairs) to associate with an AWS OpsWorks layer or stack. AWS::RDS::OptionGroup In the `OptionConfiguration` property type, use the `OptionVersion` property to specify a version for the option. AWS::S3::Bucket Use the `AnalyticsConfigurations` property to configure an analysis filter for an Amazon S3 bucket.	2010-05-15
New resources	October 24, 2017	AWS::Glue::Classifier Use the `AWS::Glue::Classifier` resource to create an AWS Glue classifier. AWS::Glue::Connection Use the `AWS::Glue::Connection` resource to specify an AWS Glue connection to a data source. AWS::Glue::Crawler Use the `AWS::Glue::Crawler` resource to specify an AWS Glue crawler. AWS::Glue::Database Use the `AWS::Glue::Database` resource to create an AWS Glue database. AWS::Glue::DevEndpoint Use the `AWS::Glue::DevEndpoint` resource to specify a development endpoint for remotely debugging ETL scripts. AWS::Glue::Job Use the `AWS::Glue::Job` resource to specify an AWS Glue job in the data catalog. AWS::Glue::Partition Use the `AWS::Glue::Partition` resource to create an AWS Glue partition, which represents a slice of table data. AWS::Glue::Table Use the `AWS::Glue::Table` resource to create an AWS Glue table. AWS::Glue::Trigger Use the `AWS::Glue::Trigger` resource to specify triggers that run AWS Glue jobs.	2010-05-15
New resources	October 11, 2017	AWS::SSM::MaintenanceWindow Use the `AWS::SSM::MaintenanceWindow` resource to create an AWS Systems Manager Maintenance Window. AWS::SSM::MaintenanceWindowTarget Use the `AWS::SSM::MaintenanceWindowTarget` resource to register a target with a Maintenance Window. AWS::SSM::MaintenanceWindowTask Use the `AWS::SSM::MaintenanceWindowTask` resource to define a Maintenance Window task. AWS::SSM::PatchBaseline Use the `AWS::SSM::PatchBaseline` resource to define a Systems Manager patch baseline.	2010-05-15
New resource	October 10, 2017	AWS::ElasticLoadBalancingV2::ListenerCertificate Use the `AWS::ElasticLoadBalancingV2::ListenerCertificate` resource to specify certificates for an Elastic Load Balancing listener.	2010-05-15
New resource	September 27, 2017	AWS::Athena::NamedQuery Use the `AWS::Athena::NamedQuery` resource to create an Amazon Athena query.	2010-05-15
Updated resources	September 27, 2017	AWS::EC2::NatGateway Use the `Tags` property to specify resource tags for a NAT gateway. AWS::ElasticBeanstalk::Application Use the `ResourceLifecycleConfig` property to define lifecycle settings for resources that belong to the application, and the service role that Elastic Beanstalk assumes in order to apply lifecycle settings. AWS::ElasticBeanstalk::ConfigurationTemplate and AWS::ElasticBeanstalk::Environment Use the `PlatformArn` property to specify a custom platform for Elastic Beanstalk. AWS::ElasticLoadBalancingV2::TargetGroup In the TargetDescription property type, use the `AvailabilityZone` property to specify the Availability Zone where the IP address is to be registered. AWS::Events::Rule In the Target property type, use the following properties for input transformation of events and setting Amazon ECS task and Kinesis stream targets. `EcsParameters` `InputTransformer` `KinesisParameters` `RunCommandParameters` AWS::KinesisFirehose::DeliveryStream Use the `DeliveryStreamType` property to specify the stream type and the `KinesisStreamSourceConfiguration` property to specify the stream and role ARNs for a Kinesis stream used as the source for a delivery stream. AWS::RDS::DBInstance For the `Engine` property, if you have specified `oracle-se` or `oracle-se1`, you can update to `oracle-se2` without the database instance being replaced. AWS::S3::Bucket Use the `AccelerateConfiguration` property to configure the transfer acceleration state for an Amazon S3 bucket.	2010-05-15
Termination protection added for stacks.	September 26, 2017	Enabling termination protection on a stack prevents it from being accidently deleted. A user cannot delete a stack with termination protection enabled. For more information, see Protecting a Stack From Being Deleted.	2010-05-15
Changed default `umask` value from version 1.4-22 onwards	September 14, 2017	The default `umask` parameter value for the cfn-hup.conf configuration file is now `022`. For more information, see cfn-hup.
Updated resources	September 7, 2017	AWS::ElasticLoadBalancingV2::LoadBalancer Use the `SubnetMappings` property to specify the IDs of the subnets to attach to the load balancer. Use the `Type` property to specify the type of load balancer to create. AWS::ElasticLoadBalancingV2::TargetGroup Use the `TargetType` property to specify the registration type of the targets in this target group.	2010-05-15
Rollback triggers added to the AWS CloudFormation API	August 31, 2017	Rollback triggers enable you to have AWS CloudFormation monitor the state of your application during stack creation and updating, and to roll back that operation if the application breaches the threshold of any of the alarms you've specified. For more information, see RollbackConfiguration in the AWS CloudFormation API Reference.	2010-05-15
New `umask` parameter for cfn-hup.conf file	August 31, 2017	Use the `umask` parameter in the cfn-hup.conf configuration file to control file permissions used by the cfn-hup daemon (version 1.4-21). For more information, see cfn-hup.
Updated resources for VPC Sizing support	August 29, 2017	AWS::EC2::VPCCidrBlock Use the `CidrBlock` property to associate an IPv4 CIDR block with a VPC. AWS::EC2::VPC Use the `CidrBlockAssociations` attribute with the `Fn::GetAtt` function to get a list of IPv4 CIDR block association IDs associated with the VPC.	2010-05-15
Updated resources	August 23, 2017	AWS::S3::Bucket In the `Rule` property type, use the `TagFilters` property to specify tags to use in identifying a subset of objects for an Amazon S3 bucket. Use the `MetricsConfiguration` property to specify a metrics configuration for the CloudWatch request metrics from an Amazon S3 bucket. AWS::IoT::TopicRule In the `Action` property type, use the `DynamoDBv2Action` property to describe an AWS IoT action that writes data to a DynamoDB table. In the `Action` property type, the `DynamoDBAction` property now supports the `HashKeyType` and `RangeKeyType` properties. AWS::Lambda::Permission Use the `EventSourceToken` property to specify a unique token that must be supplied by the principal invoking the function.	2010-05-15
New pseudo parameters	August 23, 2017	Use the `AWS::Partition` pseudo parameter to return the partition that a resource is in. Use the `AWS::URLSuffix` pseudo parameter to return the suffix for a domain. For more information, see Pseudo Parameters Reference.	2010-05-15
New resources for DAX support	August 22, 2017	AWS::DAX::Cluster Use the `AWS::DAX::Cluster` resource to create a DAX cluster for use with Amazon DynamoDB. AWS::DAX::ParameterGroup Use the `AWS::DAX::ParameterGroup` resource to create a parameter group for use with Amazon DynamoDB. AWS::DAX::SubnetGroup Use the `AWS::DAX::SubnetGroup` resource to create a subnet group for use with DAX (DynamoDB Accelerator).	2010-05-15
New resources	August 18, 2017	AWS::ApiGateway::DocumentationPart and AWS::ApiGateway::DocumentationVersion Use the `AWS::ApiGateway::DocumentationPart` and `AWS::ApiGateway::DocumentationVersion` resources to create documentation for your API Gateway API. AWS::ApiGateway::GatewayResponse Use the `AWS::ApiGateway::GatewayResponse` resource to create a custom response for your API Gateway API. AWS::ApiGateway::RequestValidator Use the `AWS::ApiGateway::RequestValidator` resource to set up validation rules for incoming requests to your API Gateway API. AWS::EC2::NetworkInterfacePermission Use the `AWS::EC2::NetworkInterfacePermission` resource to grant an AWS account permission to a network interface.	2010-05-15
Updated resources	August 18, 2017	AWS::ApiGateway::Stage Use the `DocumentationVersion` property to specify a versioned snapshot of the API documentation. AWS::AutoScaling::ScalingPolicy Use the `TargetTrackingConfiguration` property to specify an Auto Scaling target tracking scaling policy configuration. AWS::CloudTrail::Trail Use the `EventSelectors` property for Amazon S3 Data Events support. AWS::CodeDeploy::DeploymentGroup Use the `LoadBalancerInfo` and `DeploymentStyle` properties to specify an Elastic Load Balancing load balancer for an in-place deployment. Use the `AutoRollbackConfiguration` property to configure automatic rollback for the deployment. AWS::EC2::SpotFleet In the `SpotFleetRequestConfigData` property type, use the `ReplaceUnhealthyInstances` property to indicate whether the Spot fleet should replace unhealthy instances and the `Type` property to specify the type of request. AWS::EC2::Subnet Use the `AssignIpv6AddressOnCreation` and `Ipv6CidrBlock` properties to create a subnet with an IPv6 CIDR block. AWS::KinesisFirehose::DeliveryStream Use the `ExtendedS3DestinationConfiguration` property to configure a destination in Amazon S3. Use the `ProcessingConfiguration` subproperty within each destination configuration to invoke Lambda functions that transform incoming source data and deliver the transformed data to destinations. AWS::RDS::DBCluster and AWS::RDS::DBInstance The default DeletionPolicy is now `Snapshot` for `AWS::RDS::DBCluster` resources and for `AWS::RDS::DBInstance` resources that don't specify the `DBClusterIdentifier` property. For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute. AWS::S3::Bucket In the `Rule` property type, use the `AbortIncompleteMultipartUpload` property to specify a lifecycle rule that aborts incomplete multipart uploads to an Amazon S3 bucket. AWS::SQS::Queue Use the `KmsMasterKeyId` and `KmsDataKeyReusePeriodSeconds` properties to configure server-side encryption for Amazon SQS. Added the `Arn` attribute to the `Fn::GetAtt` intrinsic function for the following resources: AWS::CloudTrail::Trail. Also added `SnsTopicArn`. AWS::CloudWatch::Alarm AWS::DynamoDB::Table AWS::ECS::Cluster AWS::IoT::Policy AWS::IoT::TopicRule AWS::Logs::Destination	2010-05-15
Support for stack tags in AWS CodePipeline artifacts	August 18, 2017	You can now specify tags for stacks in template configuration files for use as artifacts for AWS CodePipeline pipelines. Specified tags are applied to stacks created using the template configuration file. For more information, see AWS CloudFormation Artifacts.	2010-05-15
Create encrypted file systems	August 14, 2017	AWS::EFS::FileSystem Use the `Encrypted` property to encrypt an Amazon EFS file system during creation. Use the `KmsKeyId` property to optionally specify a custom customer master key to use to protect the encrypted file system.	2010-05-15
New resources for AWS Batch support	August 8, 2017	AWS::Batch::ComputeEnvironment Use the `AWS::Batch::ComputeEnvironment` resource to define your AWS Batch compute environment. AWS::Batch::JobDefinition Use the `AWS::Batch::JobDefinition` resource to specify the parameters for an AWS Batch job definition. AWS::Batch::JobQueue Use the `AWS::Batch::JobQueue` resource to define your AWS Batch job queue.	2010-05-15
New resources for Amazon Kinesis Data Analytics support	July 28, 2017	AWS::KinesisAnalytics::Application Use the `AWS::KinesisAnalytics::Application` resource to create an Amazon Kinesis Data Analytics application. AWS::KinesisAnalytics::ApplicationOutput Use the `AWS::KinesisAnalytics::ApplicationOutput` resource to add an external destination to your Amazon Kinesis Data Analytics application. AWS::KinesisAnalytics::ApplicationReferenceDataSource Use the `AWS::KinesisAnalytics::ApplicationReferenceDataSource` resource to add a reference data source to an existing Amazon Kinesis Data Analytics application.	2010-05-15
Use StackSets to centrally manage stacks across accounts and regions	July 25, 2017	StackSets enables you to create, update, or delete stacks across multiple accounts and regions in a single operation. Using an administrator account, you define and manage an AWS CloudFormation template, and use the template as the basis for provisioning stacks into selected target accounts across specified regions. For more information about StackSets, see Working with AWS CloudFormation StackSets.	2010-05-15
View stack events by client request token	July 14, 2017	In the console, stack operations display the client request token on the Events tab. All events triggered by a given stack operation are assigned the same client request token, which you can use to track operations. For more information, see Viewing Stack Data and Resources and StackEvent in the AWS CloudFormation API Reference.	2010-05-15
Use stack quick-create links	July 14, 2017	Use quick-create links to get stacks up and running quickly. You can specify the template URL, stack name, and template parameters to prepopulate a single Create Stack Wizard page. For more information, see Creating Quick-Create Links for Stacks.
New resources for AWS Database Migration Service support	July 12, 2017	AWS::DMS::Certificate Use the `AWS::DMS::Certificate` resource to create an SSL certificate that encrypts connections between AWS DMS endpoints and the replication instance. AWS::DMS::Endpoint Use the `AWS::DMS::Endpoint` resource to create an AWS DMS endpoint. AWS::DMS::EventSubscription Use the `AWS::DMS::EventSubscription` resource to get notifications for AWS DMS events through the Amazon Simple Notification Service. AWS::DMS::ReplicationInstance Use the `AWS::DMS::ReplicationInstance` resource to create an AWS DMS replication instance. AWS::DMS::ReplicationSubnetGroup Use the `AWS::DMS::ReplicationSubnetGroup` resource to create an AWS DMS replication subnet group. AWS::DMS::ReplicationTask Use the `AWS::DMS::ReplicationTask` resource to create an AWS DMS replication task.	2010-05-15
New resources	July 5, 2017	AWS::CloudWatch::Dashboard Use the `AWS::CloudWatch::Dashboard` resource to specify a custom CloudWatch dashboard for your CloudWatch console. AWS::ApiGateway::DomainName Use the `AWS::ApiGateway::DomainName` resource to specify a custom, friendly URL for your API that's deployed to Amazon API Gateway. AWS::EC2::EgressOnlyInternetGateway Use the `AWS::EC2::EgressOnlyInternetGateway` resource to create an egress-only internet gateway for your VPC. AWS::EMR::InstanceFleetConfig Use the `InstanceFleetConfig` resource to configure a Spot Instance fleet for an Amazon EMR cluster.	2010-05-15
Updated resources	July 5, 2017	AWS::ApiGateway::RestApi Use the `BinaryMediaTypes` property to specify supported binary media types. AWS::ApplicationAutoScaling::ScalingPolicy Use the `TargetTrackingScalingPolicyConfiguration` property to specify a a target tracking scaling policy configuration. AWS::CloudTrail::Trail Use the `TrailName` property to specify a custom name for an AWS CloudTrail resource. Use the `Tags` property to specify resource tags. AWS::CodeDeploy::DeploymentGroup Use the `AlarmConfiguration` property to configure alarms for the deployment group. Use the `TriggerConfigurations` property to configure notification triggers for the deployment group. AWS::EMR::Cluster Use the `CoreInstanceFleet` property and the `MasterInstanceFleet` property in the Amazon EMR Cluster JobFlowInstancesConfig property type to configure the Spot Instance fleet for an Amazon EMR cluster. AWS::DynamoDB::Table Use the `TimeToLiveSpecification` property to specify the Time to Live (TTL) settings for an Amazon DynamoDB table. Use the `Tags` property to specify resource tags for a DynamoDB table. AWS::EC2::Instance The `IamInstanceProfile` property now supports `No interruption` updates. AWS::EC2::Route Use the `EgressOnlyInternetGatewayId` property to specify an egress-only Internet gateway for an EC2 route. AWS::Kinesis::Stream Use the `RetentionPeriodHours` property to specify the number of hours that data records stored in shards remain accessible. AWS::RDS::DBCluster Use the `ReplicationSourceIdentifier` property to create a DB cluster as a Read Replica of another DB cluster or an Amazon RDS MySQL DB instance. AWS::Redshift::Cluster Use the `LoggingProperties` property to create audit log files and store them in Amazon S3.	2010-05-15
New resources	June 6, 2017	AWS::EMR::SecurityConfiguration Use the `AWS::EMR::SecurityConfiguration` resource to create a security configuration, which is stored in the service and can be specified when a cluster is created.	2010-05-15
Updated resources	June 6, 2017	AWS::AutoScaling::LifecycleHook The `NotificationTargetARN` and `RoleARN` properties are now optional. AWS::CloudWatch::Alarm You can now use the `EvaluateLowSampleCountPercentile`, `ExtendedStatistic`, and `TreatMissingData` properties when creating `AWS::CloudWatch::Alarm` resources. AWS::EC2::SpotFleet AWS CloudFormation supports mutable changes to Spot fleet properties. The following properties of the `SpotFleetRequestConfigData` property support `Replacement` updates: `AllocationStrategy` `IamFleetRole` `LaunchSpecifications` `SpotPrice` `TerminateInstancesWithExpiration` `ValidFrom` `ValidUntil` The following properties of the `SpotFleetRequestConfigData` property support `No interruption` updates: `ExcessCapacityTerminationPolicy` `TargetCapacity` AWS::EMR::InstanceGroupConfig AWS CloudFormation now supports Auto Scaling for Amazon EMR task instance groups. AWS::Events::Rule The `RoleArn` property is deprecated on the `Rule` resource. Use the `RoleArn` property on the `Target` property type to specify the IAM role to use for a target. AWS::Kinesis::Stream The `ShardCount` property now supports `No interruption` updates. AWS::Lambda::Function Use the `TracingConfig` property to configure tracing settings for Lambda functions. AWS::Redshift::Cluster, AWS::Redshift::ClusterParameterGroup, AWS::Redshift::ClusterSecurityGroup, and AWS::Redshift::ClusterSubnetGroup Use the `Tags` property to specify resource tags. AWS::RDS::DBCluster Added the `ReadEndpoint.Address` attribute to the `Fn::GetAtt` intrinsic function. AWS::S3::Bucket Added the `Arn` attribute to the `Fn::GetAtt` intrinsic function.	2010-05-15
New resources	May 11, 2017	The following new resources support using AWS WAF with Elastic Load Balancing (ELB) Application load balancers. AWS::WAFRegional::ByteMatchSet Use the `AWS::WAFRegional::ByteMatchSet` resource to identify a part of a web request that you want to inspect. AWS::WAFRegional::IPSet Use the `AWS::WAFRegional::IPSet` resource to specify which web requests to permit or block based on the IP addresses from which the requests originate. AWS::WAFRegional::Rule Use the `AWS::WAFRegional::Rule` resource to specify a combination of `IPSet`, `ByteMatchSet`, and `SqlInjectionMatchSet` objects that identify the web requests to allow, block, or count. AWS::WAFRegional::SizeConstraintSet Use the `AWS::WAFRegional::SizeConstraintSet` resource to specify a size constraint used to check the size of a web request and which parts of the request to check. AWS::WAFRegional::SqlInjectionMatchSet Use the `AWS::WAFRegional::SqlInjectionMatchSet` resource to allow, block, or count requests that contain malicious SQL code in a specific part of web requests. AWS::WAFRegional::WebACL Use the `AWS::WAFRegional::WebACL` resource to identify the web requests that you want to allow, block, or count. AWS::WAFRegional::WebACLAssociation Use the `AWS::WAFRegional::WebACLAssociation` resource to associate a web access control group (ACL) with a resource. AWS::WAFRegional::XssMatchSet Use the `AWS::WAFRegional::XssMatchSet` resource to specify the parts of web requests that you want AWS WAF to inspect for cross-site scripting attacks and the name of the header to inspect.	2010-05-15
New resources	April 28, 2017	AWS::Cognito::IdentityPool Use the `AWS::Cognito::IdentityPool` resource to create an Amazon Cognito identity pool. AWS::Cognito::IdentityPoolRoleAttachment Use the `AWS::Cognito::IdentityPoolRoleAttachment` resource to manage the role configuration for an Amazon Cognito identity pool. AWS::Cognito::UserPool Use the `AWS::Cognito::UserPool` resource to create an Amazon Cognito user pool. AWS::Cognito::UserPoolClient Use the `AWS::Cognito::UserPoolClient` resource to create a user pool client. AWS::Cognito::UserPoolGroup Use the `AWS::Cognito::UserPoolGroup` resource to create a user group in an Amazon Cognito user pool. AWS::Cognito::UserPoolUser Use the `AWS::Cognito::UserPoolUser` resource to create an Amazon Cognito user pool user. AWS::Cognito::UserPoolUserToGroupAttachment Use the `AWS::Cognito::UserPoolUserToGroupAttachment` resource to attach a user to an Amazon Cognito user pool group.	2010-05-15
Updated resources	April 28, 2017	AWS Config ConfigRule SourceDetails Use the `MaximumExecutionFrequency` subproperty of the `AWS::Config::ConfigRule` resource to run evaluations for a custom rule using a periodic trigger. AWS::EC2::Volume We now support Elastic Volumes for Amazon Elastic Block Store (Amazon EBS) in CloudFormation. We now support `No interruption` updates on three properties: `VolumeType`, `Size`, and `Iops`. AWS::EC2::SecurityGroup Use the `GroupName` property to specify a name for your Amazon EC2 security group. AWS::ECS::Service There are three new properties for `AWS::ECS::Service`: `PlacementConstraints`, `PlacementStrategies`, and `ServiceName`. AWS::ECS::TaskDefinition Use the `PlacementConstraints` property to define placement constraints for tasks in the service. AWS::ElastiCache::ReplicationGroup Added the `ConfigurationEndPoint.Address` attribute and the `ConfigurationEndPoint.Port` attribute to the `Fn::GetAtt` intrinsic function. AWS::ElasticLoadBalancingV2::LoadBalancer Use the `IpAddressType` property to specify the type of IP addresses that are used by the load balancer's subnets. AWS::EMR::Cluster AWS CloudFormation now supports Auto Scaling for Amazon EMR clusters. AWS::IAM::ManagedPolicy Use the `ManagedPolicyName` property to specify a custom name for your IAM managed policy. AWS::Lambda::Function Use the `Tags` property to add tags to your Lambda function. AWS::OpsWorks::Instance Added the following attributes to the `Fn::GetAtt` intrinsic function: `AvailabilityZone`, `PrivateDnsName`, `PrivateIp`, and `PublicDnsName`. AWS::OpsWorks::UserProfile Use the `SshUsername` property to specify a user's SSH name. Added the `SshUsername` attribute to the `Fn::GetAtt` intrinsic function. AWS::Redshift::Cluster Use the `IamRoles` property to provide a list of one or more AWS Identity and Access Management roles that the Amazon Redshift cluster can use to access other AWS services.	2010-05-15
Edit templates in YAML and JSON using AWS CloudFormation Designer	April 6, 2017	When you create AWS CloudFormation templates using Designer, you can now edit your template in both YAML and JSON in the integrated editor. You can also convert JSON templates to YAML and vice-versa, depending on your preferred template authoring language. For more information, see What Is AWS CloudFormation Designer?.	2010-05-15
New resource	April 6, 2017	AWS::SSM::Parameter Use the `AWS::SSM::Parameter` resource to create an SSM parameter in Parameter Store.	2010-05-15
`AWS::Include` transform	March 28, 2017	Use the `AWS::Include` transform to reference reusable snippets stored in an Amazon S3 bucket. For more information, see AWS::Include Transform.	2010-05-15
Peer your Amazon VPC with another account	March 28, 2017	You can now use AWS CloudFormation to peer your Amazon VPC with a VPC in another AWS account. For more information, see Walkthrough: Peer with an Amazon VPC in Another AWS Account.	2010-05-15
New resource	March 28, 2017	AWS::ApiGateway::UsagePlanKey Use the `AWS::ApiGateway::UsagePlanKey` resource to associate a usage plan key and determine which users the usage plan is applied to.	2010-05-15
Updated resources	March 28, 2017	AWS::EC2::VPCPeeringConnection Use the `PeerOwnerId` property and the `PeerRoleArn` property to peer with a VPC in another AWS account. For more information, see Walkthrough: Peer with an Amazon VPC in Another AWS Account. AWS::IAM::InstanceProfile Use the `InstanceProfileName` property to configure an instance profile. AWS::Lambda::Function Use the `DeadLetterConfig` property to configure how AWS Lambda handles events that it can't process. Node.js v0.10 is no longer supported for the `Runtime` property. AWS::Route53::HealthCheck There are seven new resource subproperty types for the Route 53 HealthCheck HealthCheckConfig `HealthCheckConfig` property: `AlarmIdentifier`, `ChildHealthChecks`, `EnableSNI`, `HealthThreshold`, `InsufficientDataHealthStatus`, `Inverted`, and `MeasureLatency`. AWS::SQS::Queue Use the `ContentBasedDeduplication` and `FifoQueue` properties to create First-In-First-Out (FIFO) Amazon Simple Queue Service queues. AWS::S3::Bucket You can now specify IPv6 domain names for your Amazon S3 buckets.	2010-05-15
New resources	February 10, 2017	AWS::StepFunctions::Activity Use the `AWS::StepFunctions::Activity` resource to create an AWS Step Functions activity. AWS::StepFunctions::StateMachine Use the `AWS::StepFunctions::StateMachine` resource to create a Step Functions state machine.	2010-05-15
New intrinsic function	January 17, 2017	Use the `Fn::Split` function to split a string into a list of string values. For more information, see Fn::Split.	2010-05-15
Console support for listing imports	January 17, 2017	Use the AWS CloudFormation console to see all of the stacks that are importing an exported output value. For more information, see Listing Stacks That Import an Exported Output Value.	2010-05-15
Updated resources	January 17, 2017	AWS::AutoScaling::AutoScalingGroup The `LoadBalancerNames` property can be updated without replacing the Auto Scaling group. AWS::ECS::TaskDefinition Added the `NetworkMode` and `MemoryReservation` properties. AWS::RDS::DBCluster AWS CloudFormation supports updates to the `Tags` property. AWS::RDS::DBInstance Added the `Timezone` property. AWS IoT TopicRule FirehoseAction Added the `Separator` property. AWS::OpsWorks::Instance Added the `PublicIp` attribute for the `Fn::GetAtt` intrinsic function.	2010-05-15
New resources	December 01, 2016	AWS::CodeBuild::Project Use the `AWS::CodeBuild::Project` resource to create an AWS CodeBuild project that defines how AWS CodeBuild builds your source code. AWS::SSM::Association Use the `AWS::SSM::Association` resource to associate an Amazon EC2 Systems Manager document with EC2 instances. AWS::EC2::SubnetCidrBlock Use the `AWS::EC2::SubnetCidrBlock` resource to associate a single IPv6 CIDR block with an Amazon VPC subnet. AWS::EC2::VPCCidrBlock Use the `AWS::EC2::VPCCidrBlock` resource to associate a single Amazon-provided IPv6 CIDR block with an Amazon VPC VPC.	2010-05-15
Updated resources for IPv6 support	December 01, 2016	AWS::EC2::Instance Added the `Ipv6AddressCount` and `Ipv6Addresses` properties. AWS::EC2::NetworkAclEntry Added the `Ipv6CidrBlock` property. AWS::EC2::NetworkInterface Added the `Ipv6AddressCount` and `Ipv6Addresses` properties. AWS::EC2::Route Added the `DestinationIpv6CidrBlock` property. AWS::EC2::SecurityGroupEgress Added the `CidrIpv6` property. AWS::EC2::SecurityGroupIngress Added the `CidrIpv6` property. AWS::EC2::SpotFleet Added the `Ipv6AddressCount` and `Ipv6Addresses` properties for the launch specification network interfaces. AWS::EC2::Subnet Added the `Ipv6CidrBlocks` attribute for the `Fn::GetAtt` function. AWS::EC2::VPC Added the `Ipv6CidrBlocks` attribute for the `Fn::GetAtt` function. AWS::SSM::Document Added the `DocumentType` property.	2010-05-15
Resource specification	November 22, 2016	Use the AWS CloudFormation resource specification to builds tools that help you create AWS CloudFormation templates. The specification is a machine-readable, JSON-formatted text file. For more information, see AWS CloudFormation Resource Specification.	2010-05-15
New resources	November 22, 2016	AWS::OpsWorks::UserProfile Use the `AWS::OpsWorks::UserProfile` resource to configure SSH access for users who require access to instances in an AWS OpsWorks stack. AWS::OpsWorks::Volume Use the `AWS::OpsWorks::Volume` resource to register an Amazon Elastic Block Store volume with an AWS OpsWorks stack.	2010-05-15
Updated resources	November 22, 2016	AWS::OpsWorks::App Added the `DataSources` property. AWS::OpsWorks::Instance Added the `BlockDeviceMappings`, `AgentVersion`, `ElasticIps`, `Hostname`, `Tenancy`, and `Volumes` properties. AWS::OpsWorks::Layer Added the `CustomJson` and `VolumeConfigurations` properties. AWS::OpsWorks::Stack Added the `ElasticIps`, `EcsClusterArn`, `RdsDbInstances`, `CloneAppIds`, `ClonePermissions`, and `SourceStackId` properties. AWS::RDS::DBInstance Added the `CopyTagsToSnapshot` property.	2010-05-15
List imports	November 22, 2016	List imports of an exported output value to track which AWS CloudFormation stacks are importing the value. For more information, see Listing Stacks That Import an Exported Output Value.	2010-05-15
Transforms	November 17, 2016	Specify the AWS Serverless Application Model (AWS SAM) that AWS CloudFormation uses to process AWS SAM syntax for serverless applications. For more information, see Transform.	2010-05-15
New resource	November 17, 2016	AWS::SNS::Subscription Use the `AWS::SNS::Subscription` resource to subscribe an endpoint to an Amazon Simple Notification Service topic.	2010-05-15
Updated resource	November 17, 2016	AWS::Lambda::Function Use the `Environment` property to specify key-value pairs (environment variables) that your AWS Lambda function can access. Use the `KmsKeyArn` property to specify an AWS Key Management Service key that AWS Lambda uses to encrypt and decrypt environment variables.	2010-05-15
New CLI commands	November 17, 2016	Uploading Local Artifacts to an S3 Bucket Use the `aws cloudformation package` command to upload local artifacts that are referenced in an AWS CloudFormation template to an S3 bucket. Quickly Deploying Templates with Transforms Use the `aws cloudformation deploy` command to combine the create and execute change set actions into a single command. This command is useful for quickly creating or updating stacks that contain transforms.	2010-05-15
Updated resource	November 03, 2016	AWS::CloudFront::Distribution For the CloudFront Distribution DistributionConfig property, use the `HttpVersion` property to specify the latest HTTP version that viewers can use to communicate with Amazon CloudFront. For the CloudFront Distribution ForwardedValues property, use the `QueryStringCacheKeys` property to specify the query string parameters that CloudFront uses to determine which content to cache.	2010-05-15
List stack exports	November 03, 2016	Use the AWS CloudFormation console, API, or AWS CLI to see a list of all the exported output values for a region. For more information, see Exporting Stack Output Values.	2010-05-15
Continuous delivery with stacks	November 03, 2016	Use AWS CodePipeline to build continuous delivery workflows with AWS CloudFormation stacks. For more information, see Continuous Delivery with AWS CodePipeline.	2010-05-15
Skip resources during rollback	November 03, 2016	If you have a stack in the `UPDATE_ROLLBACK_FAILED` state, use the `ResourcesToSkip` parameter for the `ContinueUpdateRollback` action to skip resources that AWS CloudFormation can't rollback. For more information, see the Troubleshooting section in Update Rollback Failed.	2010-05-15
Change sets enhancement	November 03, 2016	You can create a new stack using a change set.	2010-05-15
Updated resource	October 12, 2016	AWS::ElastiCache::CacheCluster Update the `CacheNodeType` property without replacing the cluster. AWS::ElastiCache::ReplicationGroup You can create a Redis (cluster mode enabled) replication group that can contain multiple node groups (shards), each with a primary cluster and read replicas. AWS::ElastiCache::SubnetGroup Use the `CacheSubnetGroupName` property to specify a name for an Amazon ElastiCache subnet group.	2010-05-15
New resources	October 06, 2016	AWS::ApiGateway::UsagePlan Use the `AWS::ApiGateway::UsagePlan` resource to specify a usage plan for deployed Amazon API Gateway APIs. AWS::CodeCommit::Repository Use the `AWS::CodeCommit::Repository` resource to create an AWS CodeCommit repository that is hosted by Amazon Web Services.	2010-05-15
Updated resources	October 06, 2016	AWS::ApiGateway::Authorizer Use the `ProviderARNs` property to use Amazon Cognito user pools as Amazon API Gateway API authorizers. AWS::ApiGateway::Deployment The `StageName` property is no longer required. AWS::ElasticLoadBalancingV2::TargetGroup For the `GetAtt` function, use the `LoadBalancerArns` attribute to retrieve the Amazon Resource Names (ARNs) of the load balancers that route traffic to the target group. AWS::RDS::DBInstance Use the `Domain` and `DomainIAMRoleName` properties to use Windows Authentication when users connect to the RDS DB instance. AWS::EC2::SecurityGroupEgress Use the `DestinationPrefixListId` property to specify the AWS service prefix of an Amazon VPC endpoint.	2010-05-15
Cross-stack reference enhancement	October 06, 2016	Use intrinsic functions to customize the `Name` value of an export or to refer to a value in the `ImportValue` function.	2010-05-15
AWS CloudFormation service role	September 26, 2016	Use an AWS Identity and Access Management (IAM) service role for AWS CloudFormation stack operations. AWS CloudFormation uses the role's credentials to make calls to stack resources on your behalf. For more information, see AWS CloudFormation Service Role.	2010-05-15
New feature	September 19, 2016	You can use the `Export` output field and the `Fn::ImportValue` intrinsic function to have one stack refer to resource outputs in another stack. For more information, see Outputs, Fn::ImportValue, and Walkthrough: Refer to Resource Outputs in Another AWS CloudFormation Stack.	2010-05-15
YAML support	September 19, 2016	You can use the YAML format to author AWS CloudFormation templates. YAML also allows you to, for example, add comments to your templates or use the short form for intrinsic functions. For more information, see AWS CloudFormation Template Formats.	2010-05-15
New intrinsic function	September 19, 2016	Use the `Fn::Sub` function to substitute variables in an input string with values that you specify. For more information, see `Fn::Sub`.	2010-05-15
New resources	September 19, 2016	AWS::KMS::Alias Use the `AWS::KMS::Alias` resource to create an alias for an AWS Key Management Service customer master key.
Updated resources	September 19, 2016	AWS::EC2::SpotFleet For the `LaunchSpecifications` property, use the `SpotPrice` property to specify a bid price for a specific instance type. AWS::ECS::Cluster Use the `ClusterName` property to specify a name for an Amazon Elastic Container Service cluster. AWS::ECS::TaskDefinition Use the `TaskRoleArn` property to specify an AWS Identity and Access Management role that Amazon Elastic Container Service containers use to make AWS calls on your behalf. Use the `Family` property to register a task definition to a specific family. AWS::Elasticsearch::Domain Use the `ElasticsearchVersion` property to specify which version of Elasticsearch to use.	2010-05-15
New resources	August 11, 2016	Use the following Elastic Load Balancing Application load balancer resources to distribute incoming application traffic to multiple targets, such as EC2 instances, in multiple Availability Zones: AWS::ElasticLoadBalancingV2::Listener AWS::ElasticLoadBalancingV2::ListenerRule AWS::ElasticLoadBalancingV2::LoadBalancer AWS::ElasticLoadBalancingV2::TargetGroup	2010-05-15
Updated resource	August 11, 2016	AWS::AutoScaling::AutoScalingGroup Use the `TargetGroupARNs` property to associate the Auto Scaling group with one or more Application load balancer target groups. AWS::ECS::Service For the load `LoadBalancers` property, use the `TargetGroupArn` property to associate an Amazon Elastic Container Service service with an Application load balancer target group.	2010-05-15
New resources	August 09, 2016	AWS CloudFormation added the following resources: AWS::ApplicationAutoScaling::ScalableTarget and AWS::ApplicationAutoScaling::ScalingPolicy Use an Application Auto Scaling scaling policy to define when and how a target resource scales. AWS::CertificateManager::Certificate Provision an AWS Certificate Manager certificate that you can use with other AWS services to enable secure connections.	2010-05-15
Updated resources	August 09, 2016	AWS CloudFormation updated the following resources: AWS::CloudFront::Distribution For the distribution configuration `ViewerCertificate` property, you can specify an AWS Certificate Manager certificate. For the distribution configuration `Origin` property, you can specify custom headers and the SSL protocols for custom origins. AWS::EFS::FileSystem You can specify the performance mode for an Amazon Elastic File System file system.	2010-05-15
New resources	July 20, 2016	AWS IoT Use AWS IoT to declare an AWS IoT policy, an X.509 certificate, an association between a policy and a principal (an X.509 certificate or other credential), an AWS IoT thing, an association between a principal and a thing, or an AWS IoT rule. AWS::IoT::Certificate AWS::IoT::Policy AWS::IoT::PolicyPrincipalAttachment AWS::IoT::Thing AWS::IoT::ThingPrincipalAttachment AWS::IoT::TopicRule	2010-05-15
Updated resources	July 20, 2016	AWS CloudFormation updated the following resources: AWS::IAM::Group, AWS::IAM::Role, AWS::IAM::User Use the name properties to specify a custom name for AWS Identity and Access Management (IAM) resources. AWS::ApiGateway::Method For the `Integration` property, you can use the `PassthroughBehavior` property to specify when Amazon API Gateway passes requests to the targeted back end. AWS::ApiGateway::Model and AWS::ApiGateway::RestApi You can specify JSON objects for the `Schema` and `Body` properties.	2010-05-15
Auto Scaling group UpdatePolicy	June 9, 2016	For the `UpdatePolicy` attribute, use the `AutoScalingReplacingUpdate` property to specify whether an Auto Scaling group and the instances it contains are replaced when you update the Auto Scaling group. During a replacement, AWS CloudFormation retains the old Auto Scaling group until it creates the new one successfully so that AWS CloudFormation can roll back to the old Auto Scaling group if the update fails. For more information, see UpdatePolicy.	2010-05-15
New resource	June 9, 2016	AWS CloudFormation added the following resources: AWS::EC2::FlowLog Creates an Amazon Elastic Compute Cloud flow log that captures IP traffic for a specified network interface, subnet, or VPC. AWS::KinesisFirehose::DeliveryStream Creates a delivery stream that delivers real-time streaming data to a destination, such as Amazon Simple Storage Service, Amazon Redshift, or Amazon Elasticsearch Service.	2010-05-15
Updated resources	June 9, 2016	AWS CloudFormation updated the following resources: AWS::Kinesis::Stream Use the `Name` property to specify a name for an Amazon Kinesis stream. AWS::Lambda::Function For the `Code` property, you can use the `ZipFile` property and cfn response module for `nodejs4.3` runtime environments. AWS::SNS::Topic AWS CloudFormation enabled updates for the Amazon Simple Notification Service topic resource.	2010-05-15
New resource	April 25, 2016	Use the AWS::EC2::Host resource to allocate a fully dedicated physical server for launching EC2 instances.	2010-05-15
Updated resources	April 25, 2016	AWS::EC2::Instance Use the `Affinity` and `HostId` properties to launch instances onto an Amazon Elastic Compute Cloud dedicated host. AWS::ECS::Service Use the `DeploymentConfiguration` property to configure how many tasks can run during a deployment. AWS::ECS::TaskDefinition AWS CloudFormation added support for additional Amazon Elastic Container Service container definition properties. AWS::GameLift::Fleet Use the `MaxSize` and `MinSize` properties to specify the maximum and minimum number of EC2 instances allowed in your Amazon GameLift fleet. AWS::Lambda::Function Use the `FunctionName` property to specify a name for your AWS Lambda function. You can also use Python 2.7 to specify an inline function.	2010-05-15
New resources	April 18, 2016	Amazon API Gateway Use the Amazon API Gateway resources to publish, maintain, and monitor APIs at any scale. You can create APIs that clients can call to access your back-end services, such as applications running EC2 instances or code running on AWS Lambda. AWS::ApiGateway::Account AWS::ApiGateway::ApiKey AWS::ApiGateway::Authorizer AWS::ApiGateway::BasePathMapping AWS::ApiGateway::ClientCertificate AWS::ApiGateway::Deployment AWS::ApiGateway::Method AWS::ApiGateway::Model AWS::ApiGateway::Resource AWS::ApiGateway::RestApi AWS::ApiGateway::Stage AWS::Events::Rule Create an Amazon CloudWatch Events rule that monitors changes to AWS resources in your account (events). If an incoming event matches the conditions that you described in the rule, Amazon CloudWatch Events sends messages to and activates your specified targets, such as AWS Lambda functions or Amazon Simple Notification Service topics. AWS::WAF::SizeConstraintSet and AWS::WAF::XssMatchSet Use the two AWS WAF rules to check the size of a web request or to prevent cross-site scripting attacks.	2010-05-15
New resources	March 31, 2016	Use the AWS::Lambda::Alias resource to create aliases for your AWS Lambda functions and the AWS::Lambda::Version resource to create versions of your functions.	2010-05-15
Updated resources	March 31, 2016	AWS CloudFormation updated the following resources: AWS::EMR::Cluster and AWS::EMR::InstanceGroupConfig Use the `EbsConfiguration` property to configure Amazon Elastic Block Store storage volumes for your Amazon EMR clusters or instance groups. AWS::Lambda::Function Use the `VpcConfig` property to enable AWS Lambda functions to access resources in a VPC. AWS::S3::Bucket For the Amazon Simple Storage Service life cycle rules, you can specify multiple transition rules that specify when objects transition to a specified storage class.	2010-05-15
Change sets	March 29, 2016	Before updating stacks, use change sets to see how your changes might affect your running resources. For more information, see Updating Stacks Using Change Sets.	2010-05-15
New resources	March 15, 2016	Use the AWS::GameLift::Alias, AWS::GameLift::Build, and AWS::GameLift::Fleet resources to deploy multiplayer game servers in AWS.	2010-05-15
New resources	February 26, 2016	AWS CloudFormation added the following resources: AWS::ECR::Repository Create Amazon Elastic Container Registry repositories where users can push and pull Docker images. AWS::EC2::NatGateway Use the network address translator (NAT) gateway to enable EC2 instances in a private subnet to connect to the Internet. AWS::Elasticsearch::Domain Create Amazon Elasticsearch Service (Amazon ES) domains that contain the Amazon ES engine instances, which process Amazon ES requests. AWS::EMR::Cluster, AWS::EMR::InstanceGroupConfig, AWS::EMR::Step Use the Amazon EMR resources to help you analyze and process vast amounts of data. You can create clusters and then run jobs on them.	2010-05-15
Updated resources	February 26, 2016	AWS CloudFormation updated the following resources: AWS::CloudTrail::Trail Use the `IsMultiRegionTrail` property to specify whether to create an AWS CloudTrail trail in the region in which you create a stack or in all regions. AWS::Config::ConfigurationRecorder For the recording group, use the `IncludeGlobalResourceTypes` property to record all global resource types. AWS::RDS::DBCluster Use the `KmsKeyId` and `StorageEncrypted` properties to encrypt database instances in the cluster.	2010-05-15
Retain resources	February 26, 2016	For stacks in the `DELETE_FAILED` state, use the `RetainResources` parameter to retain resources that AWS CloudFormation can't delete. For more information, see Delete Stack Fails.	2010-05-15
Update stack tags	February 26, 2016	You can add, modify, or remove stack tags when you update a stack. For more information, see AWS CloudFormation Stacks Updates.	2010-05-15
Continue rolling back failed update rollbacks	January 25, 2016	For a stack in the `UPDATE_ROLLBACK_FAILED` state, you can continue rolling back the update to get your stack in a working state. That way, you can return the stack to its original settings and try to update it again. For more information, see Continue Rolling Back an Update.	2010-05-15
New sample templates available for the Asia Pacific (Seoul) region.	January 7, 2016	The following collection of AWS CloudFormation sample templates are for the ap-northeast-2 region: Sample Solutions Application Frameworks Services For more information, see Sample Templates.	2010-05-15
New resources	December 28, 2015	AWS CloudFormation added the following resources: AWS::DirectoryService::MicrosoftAD Use the Microsoft Active Directory resource to create a Microsoft Active Directory directory in AWS. AWS::Logs::Destination and AWS::Logs::LogStream Use the Amazon CloudWatch Logs resources to create a destination for real-time processing of log data or to create log streams, respectively. AWS::WAF::ByteMatchSet, AWS::WAF::IPSet, AWS::WAF::Rule, AWS::WAF::SqlInjectionMatchSet, and AWS::WAF::WebACL Use the AWS WAF resources to control and monitor web requests to your content.	2010-05-15
Resource updates	December 28, 2015	AWS CloudFormation updated the following resources: AWS::CloudFront::Distribution For the distribution configuration, use the `WebACLId` property to associate an AWS WAF web access control list (ACL) with an Amazon CloudFront distribution. For the cache behavior and default cache behavior, you can specify a default and maximum Time to Live (TTL) value. AWS::DynamoDB::Table You can create, update, or delete a global secondary index without replacing your Amazon DynamoDB table. AWS::S3::Bucket Use the `ReplicationConfiguration` property to specify which objects to replicate and where they are stored. Use the properties in the `NotificationConfiguration` property to specify filters so that Amazon Simple Storage Service sends notifications for objects that you specify.	2010-05-15
Parameter grouping and sorting	December 3, 2015	Use the AWS::CloudFormation::Interface metadata key to group and sort parameters in the AWS CloudFormation console when users create or update a stack with your template.	2010-05-15
Update policy attribute	December 3, 2015	For an Auto Scaling update policy attribute, use the `MinSuccessfulInstancesPercent` property to specify the percentage of instances that must signal success for a successful update.	2010-05-15
New resources	December 3, 2015	AWS CloudFormation added the following resources: AWS::CodePipeline::Pipeline and AWS::CodePipeline::CustomActionType Use the AWS CodePipeline resources to create a pipeline that describes how software changes go through a release process. AWS::Config::ConfigurationRecorder, AWS::Config::DeliveryChannel, and AWS::Config::ConfigRule Use the AWS Config resources to monitor configuration changes to specific AWS resources. AWS::KMS::Key Use the AWS Key Management Service (AWS KMS) resource to create customer master keys in AWS KMS that users can use to encrypt small amounts of data. AWS::SSM::Document Use the Amazon EC2 Systems Manager to create a document that specifies on-instance configurations.	2010-05-15
Resources update	December 3, 2015	AWS CloudFormation updated the following resources: AWS::AutoScaling::LaunchConfiguration Specify whether EBS volumes are encrypted. AWS::AutoScaling::ScalingPolicy You can use two different policy types (simple and step scaling) to specify how an Auto Scaling group scales when an Amazon CloudWatch (CloudWatch) alarm is breached. AWS::CloudTrail::Trail Use the CloudWatch properties to send logs to a CloudWatch log group. You can add tags to a trail and specify an AWS KMS key that you want to use to encrypt logs. AWS::CodeDeploy::Application, AWS::CodeDeploy::DeploymentConfig, and AWS::CodeDeploy::DeploymentGroup Use the `ApplicationName`, `DeploymentConfigName`, and `DeploymentGroupName` properties to specify custom names for AWS CodeDeploy resources. AWS::DynamoDB::Table Use the `StreamSpecification` property to specify settings for capturing changes to items stored in an Amazon DynamoDB (DynamoDB) table. AWS::EC2::Instance Use the `SsmAssociations` property to associate an Amazon EC2 Systems Manager document with an instance. AWS::EC2::SpotFleet Use the `AllocationStrategy` property to specify how to allocate target capacity across Spot pools. Use the `ExcessCapacityTerminationPolicy` property to specify how instances are terminated if the target capacity is below the size of the Spot fleet. AWS::Redshift::Cluster Use the `KmsKeyId` property to specify an AWS KMS key to encrypt data in an Amazon Redshift cluster. AWS::WorkSpaces::Workspace Use the encryption properties to encrypt data stored on volumes.	2010-05-15
Resource update	November 4, 2015	For the AWS::EC2::Volume resource, use the `AutoEnableIO` property to automatically resume I/O operations if a volume's data becomes inconsistent.	2010-05-15
New resources	October 1, 2015	AWS CloudFormation added the following resources: AWS::CodeDeploy::Application, AWS::CodeDeploy::DeploymentGroup, and AWS::CodeDeploy::DeploymentConfig Use the AWS CodeDeploy resources to create and apply deployments to EC2 or on-premises instances. AWS::DirectoryService::SimpleAD Use the Simple Active Directory resource to create an AWS Directory Service Simple AD, which is a Microsoft Active Directory-compatible directory. AWS::EC2::PlacementGroup Use a placement group to create a cluster of instances in a low-latency network. AWS::EC2::SpotFleet Use a Spot fleet to launch a collection of Spot instances that run interruptible tasks. AWS::Lambda::EventSourceMapping Use the event source mapping resource to specify a stream as an event source for an AWS Lambda (Lambda) function. AWS::Lambda::Permission Use a Lambda permission to add a statement to a Lambda function's policy. AWS::Logs::SubscriptionFilter Use the subscription filter to define which log events are delivered to your Kinesis stream. AWS::RDS::DBCluster and AWS::RDS::DBClusterParameterGroup Use the cluster and cluster parameter group resources to create an Amazon Aurora DB cluster. AWS::WorkSpaces::Workspace Use Amazon WorkSpaces to create cloud-based desktop experiences.	2010-05-15
Resource updates	October 1, 2015	AWS CloudFormation updated the following resources: AWS::ElastiCache::ReplicationGroup Use the `Fn::GetAtt` intrinsic function to get a list of read-only replica addresses and ports. AWS::OpsWorks::Stack Use the `AgentVersion` property to specify a particular AWS OpsWorks agent. AWS::OpsWorks::App Use the `Environment` property to specify environment variables for an AWS OpsWorks app. AWS::S3::Bucket For the NotificationConfiguration property, you can configure notification settings for Lambda functions and Amazon Simple Queue Service (Amazon SQS) queues.	2010-05-15
IAM condition keys	October 1, 2015	For AWS Identity and Access Management (IAM) policies, use AWS CloudFormation-specific condition keys to specify when an IAM policy takes effect. For more information, see Controlling Access with AWS Identity and Access Management.	2010-05-15
AWS CloudFormation Designer	October 1, 2015	Use AWS CloudFormation Designer to create and modify templates using a drag-and-drop interface.	2010-05-15
New resource	August 24, 2015	Use the AWS::EC2::VPCEndpoint resource to establish a private connection between your VPC and another AWS service.	2010-05-15
Resource updates	August 24, 2015	AWS CloudFormation updated the following resources: AWS::ElasticBeanstalk::Environment Use the `Tags` property to specify tags (key-value pairs) for an AWS Elastic Beanstalk (Elastic Beanstalk) environment. AWS::Lambda::Function For the `Code` property, use the `ZipFile` property to write the source code of your Lambda function directly in a template. Currently, you can use the `ZipFile` property only for `nodejs` runtime environments. You can still point to a file in an S3 bucket for all runtime environments, such as `java8` and `nodejs`. AWS::OpsWorks::Instance Use the `EbsOptimized` property to indicate whether an instance is optimized for Amazon Elastic Block Store (Amazon EBS) I/O. AWS::RDS::DBInstance For the `SourceDBInstanceIdentifier` property, you can specify a database instance in another region to create a cross-region read replica.	2010-05-15
Amazon S3 template URL	August 24, 2015	For versioning-enabled buckets, you can specify a version ID in an Amazon S3 template URL when you create or update a stack, such as `https://s3.amazonaws.com/templates/myTemplate.template?versionId=123ab1cdeKdOW5IH4GAcYbEngcpTJTDW`.	2010-05-15
New resource	August 3, 2015	Use the AWS::EFS::FileSystem resource to create an Amazon Elastic File System (Amazon EFS) file system and the AWS::EFS::MountTarget resource to create a mount point for a file system.	2010-05-15
Permission requirement change	June 11, 2015	When you create or update an AWS::RDS::DBInstance resource, you must now also have permission to call the `ec2:DescribeAccountAttributes` action.	2010-05-15
New resources	June 11, 2015	AWS CloudFormation added the following resources: AWS::DataPipeline::Pipeline Use data pipelines to automate the movement and transformation of data. Amazon Elastic Container Service resources Use the AWS::ECS::Service, AWS::ECS::Cluster, and AWS::ECS::TaskDefinition resources to create Docker containers on a cluster of EC2 instances. AWS::ElastiCache::ReplicationGroup Use replication groups to create a collection of nodes with one primary read-write cluster and a maximum of five secondary read-only clusters. AWS::IAM::ManagedPolicy Use managed policies to create policies in your AWS account that you can use to apply permissions to IAM users, groups, and roles. AWS::Lambda::Function Use Lambda functions to run code in response to events. AWS::RDS::OptionGroup Use option groups to help you create and manage Amazon Relational Database Service (Amazon RDS) databases.	2010-05-15
Resource updates	June 11, 2015	AWS CloudFormation updated the following resources: AWS::EC2::Subnet Use the `MapPublicIpOnLaunch` property to automatically assign public IP addresses to instances in a subnet. AWS::ElastiCache::CacheCluster Use the `SnapshotName` property to restore snapshot data into a new Redis cache cluster. AWS::IAM::User For the `LoginProfile` property, use the `PasswordResetRequired` property so that users are required to set a new password when they log in to the AWS Management Console. AWS::OpsWorks::Layer Use the `LifecycleEventConfiguration` property to configure lifecycle events for an AWS OpsWorks layer. AWS::S3::Bucket For the `LifecycleConfiguration` property, use the `NoncurrentVersionExpirationInDays` and `NoncurrentVersionTransition` properties to specify lifecycle rules for non-current object versions.	2010-05-15
New parameter types	May 19, 2015	Whenever you use the AWS CloudFormation console to create or update a stack, you can search for AWS-specific parameter type values by ID, name, or Name tag value. AWS CloudFormation also added support for the following AWS-specific parameter types. For more information, see Parameters. `AWS::EC2::AvailabilityZone::Name` `List<AWS::EC2::AvailabilityZone::Name>` `AWS::EC2::Instance::Id` `List<AWS::EC2::Instance::Id>` `AWS::EC2::Image::Id` `List<AWS::EC2::Image::Id>` `AWS::EC2::SecurityGroup::GroupName` `List<AWS::EC2::SecurityGroup::GroupName>` `AWS::EC2::Volume::Id` `List<AWS::EC2::Volume::Id>` `AWS::Route53::HostedZone::Id` `List<AWS::Route53::HostedZone::Id>`	2010-05-15
New resources	April 16, 2015	AWS CloudFormation added the following resources: AWS::AutoScaling::LifecycleHook Use Auto Scaling lifecycle hooks to control the state of an instance after it is launched or terminated. AWS::RDS::EventSubscription Use event subscriptions to get notifications about Amazon RDS events.	2010-05-15
Resource updates	April 16, 2015	AWS CloudFormation updated the following resources: AWS::AutoScaling::AutoScalingGroup Use the `NotificationConfigurations` property to specify multiple notifications. AWS::AutoScaling::LaunchConfiguration Use the `PlacementTenancy` property to specify the tenancy of instances. Use the `ClassicLinkVPCId` and `ClassicLinkVPCSecurityGroups` properties to link EC2-Classic instances to a ClassicLink-enabled VPC. AWS::AutoScaling::ScalingPolicy Use the `MinAdjustmentStep` property to specify the minimum number of instances that are added or removed during a scaling event. AWS::CloudFront::Distribution For viewer certificates, use the `MinimumProtocolVersion` property to specify a minimum protocol version. For cache behaviors, use the `CachedMethods` property to specify which methods Amazon CloudFront (CloudFront) caches responses for. For origins, use the `OriginPath` to specify a path that CloudFront uses to request content. AWS::ElastiCache::CacheCluster For Memcached cache clusters, use the `AZMode` and `PreferredAvailabilityZones` properties to specify nodes in multiple Availability Zones (AZs). AWS::EC2::Volume Use the `KmsKeyId` property to specify a master key for encrypted volumes. AWS::OpsWorks::Instance Use the `TimeBasedAutoScaling` property to automatically scale instances based on a schedule that you specify. AWS::OpsWorks::Layer Use the `LoadBasedAutoScaling` property to specify load-based scaling policies. For volume configurations, use the `VolumeType` and `Iops` properties to specify a volume type and the number of I/O operations per second, respectively. AWS::RDS::DBInstance Use the `CharacterSetName` property to specify a character set for supported database engines. Use the `StorageEncrypted` property to indicate whether database instances will be encrypted and the `KmsKeyId` to specify a master key for encrypted database instances. AWS::Route53::HealthCheck Use the `HealthCheckTags` property to associate tags with health checks. AWS::Route53::HostedZone Use the `VPCs` property to create private hosted zones. Use the `HostedZoneTags` property to associate tags with hosted zones.	2010-05-15
New template section	April 16, 2015	Add the Metadata section to your templates to include arbitrary JSON objects that describe your templates, such as the design or implementation details.	2010-05-15
Resource update	April 8, 2015	For the AWS::CloudFormation::CustomResource resource, you can specify Lambda function Amazon Resource Names (ARNs) in the `ServiceToken` property.	2010-05-15
Amazon RDS update	December 24, 2014	AWS CloudFormation added two new properties for RDS DB instances. You can associate an option group with a DB instance and specify the DB instance storage type. For more information, see AWS::RDS::DBInstance.	2010-05-15
Elastic Load Balancing update	December 24, 2014	You can use the `ConnectionSettings` property to specify how long connections can remain idle. For more information, see AWS::ElasticLoadBalancing::LoadBalancer.	2010-05-15
Route 53 update	November 6, 2014	You can now provision and manage Route 53 hosted zones, health checks, failover record sets, and geolocation record sets.	2010-05-15
Auto Scaling rolling update enhancement	November 6, 2014	During an update, you can use the `WaitOnResourceSignals` flag to instruct AWS CloudFormation to wait for instances to signal success. That way, AWS CloudFormation won't update the next batch of instances until the current batch is ready. For more information, see UpdatePolicy.	2010-05-15
New VPC Fn:GetAtt attributes	November 6, 2014	Given a VPC ID, you can retrieve the default security group and network ACL for that VPC. For more information, see `Fn::GetAtt`.	2010-05-15
New AWS-specific parameter types	November 6, 2014	You can specify AWS-specific parameter types in your AWS CloudFormation templates. In the AWS CloudFormation console, these parameter types provide a drop-down list of valid values. With the API or CLI, AWS CloudFormation can quickly validate values for these parameter types before creating or updating a stack. For more information, see Parameters.	2010-05-15
CreationPolicy attribute	November 6, 2014	With the CreationPolicy attribute, you can instruct AWS CloudFormation to wait until applications are ready on EC2 instances before proceeding with stack creation. You can use a creation policy instead of a wait condition and wait condition handle. For more information, see CreationPolicy.	2010-05-15
Amazon CloudFront forwarded values	September 29, 2014	For cache behaviors, you can forward headers to the origin. See CloudFront Distribution ForwardedValues.	2010-05-15
AWS OpsWorks update	September 29, 2014	For Chef 11.10, you can use the `ChefConfiguration` property to enable Berkshelf. You can also use the AWS OpsWorks built-in security groups with your AWS OpsWorks stacks. For more information, see AWS::OpsWorks::Stack.	2010-05-15
Elastic Load Balancing tagging support	September 29, 2014	AWS CloudFormation tags Elastic Load Balancing load balancers with stack-level tags. You can also add your own tags to a load balancer. See AWS::ElasticLoadBalancing::LoadBalancer.	2010-05-15
Amazon Simple Notification Service topic policy update	September 29, 2014	You can now update Amazon SNS topic policies. For more information, see AWS::SNS::TopicPolicy.	2010-05-15
RDS DB instance update	September 5, 2014	You can specify whether a DB instance is Internet-facing by using the `PubliclyAccessible` property in the AWS::RDS::DBInstance resource.	2010-05-15
UpdatePolicy attribute update	September 05, 2014	You can specify an update policy for an Auto Scaling group that has an associated scheduled action. For more information, see UpdatePolicy.	2010-05-15
Amazon CloudWatch support	July 10, 2014	You can use AWS CloudFormation to provision and manage Amazon CloudWatch Logs (CloudWatch Logs) log groups and metric filters. For more information, see AWS::Logs::LogGroup or AWS::Logs::MetricFilter.	2010-05-15
Amazon CloudFront distribution configuration update	June 17, 2014	You can specify additional CloudFront distribution configuration properties: Custom error responses define custom error messages for 4xx and 5xx HTTP status codes. Price class defines the maximum price that you want to pay for the CloudFront service. Restrictions define who can view your content. Viewer certificate specifies the certificate to use when viewers use HTTPS. For cache behaviors, you can specify allowed HTTP methods and indicate whether to forward cookies. For more information, see AWS::CloudFront::Distribution.	2010-05-15
EC2 instance update	June 17, 2014	You can specify whether an instance stops or terminates when you invoke the instance's operating system shutdown command. For more information, see AWS::EC2::Instance.	2010-05-15
EBS volume update	June 17, 2014	You can use encrypted EBS volumes with supported instance types. For more information, see AWS::EC2::Volume.	2010-05-15
New Amazon VPC peering connection	June 17, 2014	You can use AWS CloudFormation to create an Amazon Virtual Private Cloud (Amazon VPC) peering connection, which establishes a network connection between two VPCs. For more information, see AWS::EC2::VPCPeeringConnection.	2010-05-15
Amazon EC2 Auto Scaling group update	June 17, 2014	You can specify an existing cluster placement group in which to launch instances for an Amazon EC2 Auto Scaling group. For more information, see AWS::AutoScaling::AutoScalingGroup.	2010-05-15
AWS CloudTrail support	June 17, 2014	AWS CloudFormation supports AWS CloudTrail, which can capture API calls made from your AWS account and publish the logs at a location you designate. For more information, see AWS::CloudTrail::Trail.	2010-05-15
Update stack enhancements	May 12, 2014	AWS CloudFormation supports additional features for updating stacks: You can update AWS CloudFormation stack parameters without resubmitting the stack's template. You can add or remove Amazon SNS notification topics for an AWS CloudFormation stack. For more information, see AWS CloudFormation Stacks Updates.	2010-05-15
Amazon Kinesis support	May 6, 2014	You can use AWS CloudFormation to create Amazon Kinesis streams that capture and transport data records from data sources. For more information, see AWS::Kinesis::Stream.	2010-05-15
New S3 bucket properties	May 5, 2014	AWS CloudFormation supports additional S3 bucket properties: Cross-origin resource sharing (CORS) defines cross-origin resource sharing of objects in a bucket. Lifecycle defines how Amazon S3 manages objects during their lifetime. Access logging policy captures information about requests made to your bucket. Notifications define which events to report and which Amazon SNS topic to send messages to. Versioning enables multiple variants of all objects in a bucket. Redirect and routing rules govern redirect behavior for requests made to a bucket's website endpoint. For more information, see AWS::S3::Bucket.	2010-05-15
Amazon EC2 Auto Scaling support	May 5, 2014	AWS CloudFormation supports metrics collection for an Auto Scaling group. For more information, see AWS::AutoScaling::AutoScalingGroup.	2010-05-15
`Fn::If` update	May 5, 2014	You can use the `Fn::If` intrinsic function in the output section of a template. For more information, see Condition Functions.	2010-05-15
API logging with AWS CloudTrail	April 2, 2014	You can use AWS CloudTrail (CloudTrail) to log AWS CloudFormation requests. With CloudTrail you can get a history of AWS CloudFormation API calls for your account. For more information, see Logging AWS CloudFormation API Calls in AWS CloudTrail.	2010-05-15
Elastic Load Balancing update	March 20, 2014	You can specify an access logging policy to capture information about requests made to your load balancer. You can also specify a connection draining policy that describes how to handle in-flight requests when instances are deregistered or become unhealthy. For more information, see AWS::ElasticLoadBalancing::LoadBalancer.	2010-05-15
AWS OpsWorks support	March 3, 2014	You can use AWS CloudFormation to provision and manage AWS OpsWorks stacks. For more information, see AWS::OpsWorks::Stack or AWS OpsWorks Template Snippets.	2010-05-15
Amazon S3 template size limit increase	February 18, 2014	You can specify template sizes up to 460,800 bytes in Amazon S3.	2010-05-15
Amazon Redshift support	February 10, 2014	You can use AWS CloudFormation to provision and manage Amazon Redshift clusters. For more information, see Amazon Redshift Template Snippets or AWS::Redshift::Cluster.	2010-05-15
S3 buckets and bucket policies update	February 10, 2014	You can update some properties of the S3 bucket and bucket policy resources. For more information, see AWS::S3::Bucket or AWS::S3::BucketPolicy.	2010-05-15
Elastic Beanstalk environments and application versions update	February 10, 2014	You can update Elastic Beanstalk environment configurations and application versions. For more information, see AWS::ElasticBeanstalk::Environment, AWS::ElasticBeanstalk::ConfigurationTemplate, or AWS::ElasticBeanstalk::ApplicationVersion.	2010-05-15
Amazon SQS update	January 29, 2014	You can specify a dead letter queue for an Amazon SQS queue. For more information, see AWS::SQS::Queue.	2010-05-15
Auto Scaling scheduled actions	January 27, 2014	You can scale the number of EC2 instances in an Auto Scaling group based on a schedule. By using a schedule, you can scale applications in response to predictable load changes. For more information, see AWS::AutoScaling::ScheduledAction.	2010-05-15
DynamoDB secondary indexes	January 27, 2014	You can create local and global secondary indexes for DynamoDB databases. By using secondary indexes, you can efficiently access data with attributes other than the primary key. For more information, see AWS::DynamoDB::Table.	2010-05-15
Auto Scaling update	January 2, 2014	You can specify an instance ID for an Auto Scaling group or launch configuration. You can also specify additional Auto Scaling block device properties. For more information, see AWS::AutoScaling::AutoScalingGroup or AWS::AutoScaling::LaunchConfiguration.	2010-05-15
Amazon SQS update	January 2, 2014	You can update SQS queues and specify additional properties. For more information, see AWS::SQS::Queue.	2010-05-15
Limit increases	January 2, 2014	You can specify up to 60 parameters and 60 outputs in your AWS CloudFormation templates.	2010-05-15
New console	December 19, 2013	The new AWS CloudFormation console adds features like auto-refreshing stack events and alphabetical ordering of stack parameters.	2010-05-15
Cross-zone load balancing	December 19, 2013	With cross-zone load balancing, you can route traffic to back-end instances across all Avalibility Zones (AZs). For more information, see AWS::ElasticLoadBalancing::LoadBalancer.	2010-05-15
AWS Elastic Beanstalk environment tiers	December 19, 2013	You can specify whether AWS Elastic Beanstalk provisions resources to support a web server or to handle background processing tasks. For more information, see AWS::ElasticBeanstalk::Environment.	2010-05-15
Resource names	December 19, 2013	You can assign names (physical IDs) to the following resources: ElastiCache clusters Elastic Load Balancing load balancers RDS DB instances For more information, see Name Type.	2010-05-15
VPN support	November 22, 2013	You can enable a virtual private gateway (VGW) to propagate routes to the routing tables of a VPC. For more information, see AWS::EC2::VPNGatewayRoutePropagation.	2010-05-15
Conditionally create resources and assign properties	November 8, 2013	Using input parameters, you can control the creation and settings of designated stack resources by defining conditions in your AWS CloudFormation templates. For example, you can use conditions to create stack resources for a production environment. Using the same template, you can create similar stack resources with lower capacity for a test environment. For more information, see Condition Functions.	2010-05-15
Prevent accidental updates to stack resources	November 8, 2013	You can prevent stack updates that might result in unintentional changes to stack resources. For example, if you have a stack with a database layer that should rarely be updated, you can set a stack policy that prevents most users from updating that database layer. For more information, see Prevent Updates to Stack Resources.	2010-05-15
Name resources	November 8, 2013	Instead of using AWS CloudFormation-generated physical IDs, you can assign names to certain resources. The following AWS CloudFormation resources support naming CloudWatch alarms DynamoDB tables Elastic Beanstalk applications and environments S3 buckets SNS topics Amazon SQS queues For more information, see Name Type.	2010-05-15
Assign custom resource types	November 8, 2013	In your templates, you can specify your own resource type for AWS CloudFormation custom resources (`AWS::CloudFormation::CustomResource`). By using your own custom resource type name, you can quickly identify the type of custom resources that you have in your stack. For example, you can specify `"Type": "Custom::MyCustomResource"`. For more information, see AWS::CloudFormation::CustomResource.	2010-05-15
Add pseudo parameter	November 8, 2013	You can now refer to the AWS AccountID inside AWS CloudFormation templates by referring to the `AWS::AccountID` pseudo parameter. For more information, see Pseudo Parameters Reference.	2010-05-15
Specify stacks in IAM policies	November 8, 2013	You can allow or deny IAM users, groups, or roles to operate on specific AWS CloudFormation stacks. For example, you can deny the delete stack action on a specific stack ID. For more information, see Controlling Access with AWS Identity and Access Management.	2010-05-15
Federation support	October 14, 2013	AWS CloudFormation supports temporary security credentials from IAM roles, which enable scenarios such as federation and single sign-on to the AWS Management Console. You can also make calls to AWS CloudFormation from EC2 instances without embedding long-term security credentials by using IAM roles. For more information about AWS CloudFormation and IAM, see Controlling Access with AWS Identity and Access Management.	2010-05-15
Amazon RDS read replica support	September 24, 2013	You can now create Amazon RDS read replicas from a source DB instance. For more information, see the `SourceDBInstanceIdentifier` property in the AWS::RDS::DBInstance resource.	2010-05-15
Associate public IP address with instances in an Auto Scaling group	September 19, 2013	You can now associate public IP addresses with instances in an Auto Scaling group. For more information, see AWS::AutoScaling::LaunchConfiguration.	2010-05-15
Additional VPC support	September 17, 2013	AWS CloudFormation adds several enhancements to support VPC and VPN functionality You can associate a public IP address and multiple private IP addresses to Amazon EC2 network interfaces. For more information, see AWS::EC2::NetworkInterface. You can also associate a primary private IP address to an elastic IP address (EIP). You can enable DNS support and specify DNS host names. For more information, see AWS::EC2::VPC. You can specify a static route between a virtual private gateway to your VPN gateway. For more information, see AWS::EC2::VPNConnectionRoute.	2010-05-15
Redis and VPC security groups support for Amazon ElastiCache	September 3, 2013	You can now specify Redis as the cache engine for an Amazon ElastiCache (ElastiCache) cluster. You can also now assign VPC security groups to ElastiCache clusters. For more information, see AWS::ElastiCache::CacheCluster.	2010-05-15
Parallel stack creation, update and deletion, and nested stack updates	August 12, 2013	AWS CloudFormation now creates, updates, and deletes resources in parallel, improving the operations' performance. If you update a top-level template, AWS CloudFormation automatically updates nested stacks that have changed. For more information, see AWS CloudFormation Stacks Updates.	2010-05-15
VPC security groups can now be set in RDS DB instances	February 28, 2013	You can now assign VPC security groups to an RDS DB instance with AWS CloudFormation. For more information, see the VPCSecurityGroups property in AWS::RDS::DBInstance.	2010-05-15
Rolling deployments for Amazon EC2 Auto Scaling groups	February 20, 2013	AWS CloudFormation now supports update policies on Amazon EC2 Auto Scaling groups, which describe how instances in the Amazon EC2 Auto Scaling group are replaced or modified when the Amazon EC2 Auto Scaling group adds or removes instances. You can modify these settings at stack creation or during a stack update. For more information and an example, see UpdatePolicy.	2010-05-15
Cancel and rollback action for stack updates	February 20, 2013	AWS CloudFormation supports the ability to cancel a stack update. The stack must be in the UPDATE_IN_PROGRESS state when the update request is made. More information is available in the following topics: Canceling a Stack Update `aws cloudformation cancel-update-stack` CancelUpdateStack in the AWS CloudFormation API Reference	2010-05-15
EBS-optimized instances for Amazon EC2 Auto Scaling groups	February 20, 2013	You can now provision EBS-optimized instances in Amazon EC2 Auto Scaling groups for dedicated throughput to Amazon Elastic Block Store (Amazon EBS) in autoscaled instances. The implementation is similar to that of the previously released support for optimized Amazon EBS EC2 instances. For more information, see the new `EbsOptimized` property in AWS::AutoScaling::LaunchConfiguration.	2010-05-15
New documentation	December 21, 2012	AWS::EC2::Instance now provides a `BlockDeviceMappings` property to allow you to set block device mappings for your EC2 instance. With this change, two new types have been added: Amazon EC2 Block Device Mapping Property Amazon Elastic Block Store Block Device Property	2010-05-15
New documentation	December 21, 2012	New sections have been added to describe the procedures for creating and viewing stacks using the recently redesigned AWS Management Console. You can find them here: Creating a Stack Viewing Stack Data and Resources	2010-05-15
New documentation	November 15, 2012	Information about custom resources is provided in the following topics: Custom Resources AWS::CloudFormation::CustomResource Custom Resource Reference	2010-05-15
Updated documentation	November 15, 2012	AWS CloudFormation now supports specifying provisioned I/O operations per second (IOPS) for RDS DB instances. You can set this value from 1000–10,000 in 1000 IOPS increments by using the new Iops property in AWS::RDS::DBInstance. For more information about specifying IOPS for RDS DB instances, see Provisioned IOPS in the Amazon Relational Database Service User Guide.	2010-05-15
New and updated documentation	August 27, 2012	Topics have been reorganized to more clearly provide specific information about using the AWS Management Console and using the AWS CloudFormation command-line interface (CLI). Information about tagging AWS CloudFormation stacks has been added, including new guides and updated reference topics: New topic in Using the Console: Setting Stack Options. New information about tags in the AWS CloudFormation API reference: CreateStack, Stack, and Tag. New information about working with Windows stacks: Microsoft Windows Amazon Machine Images (AMIs) and AWS CloudFormation Templates Bootstrapping AWS CloudFormation Windows Stacks New topic: Using Regular Expressions in AWS CloudFormation Templates.	2010-05-15
New feature	April 25, 2012	AWS CloudFormation now provides full support for Virtual Private Cloud (VPC) security with Amazon EC2 You can now create and populate an entire VPC with every type of VPC resource (subnets, gateways, network ACLs, route tables, and so forth) using a single AWS CloudFormation template. Templates that demonstrate new VPC features can be downloaded: Single instance in a single subnet Multiple subnets with Elastic Load Balancing (ELB) and an Auto Scaling group Documentation for the following resource types has been updated: AWS::EC2::SecurityGroup AWS::EC2::SecurityGroupIngress AWS::EC2::SecurityGroupEgress AWS::EC2::Instance AWS::AutoScaling::AutoScalingGroup AWS::EC2::EIP AWS::EC2::EIPAssociation AWS::ElasticLoadBalancing::LoadBalancer New resource types have been added to the documentation: AWS::EC2::VPC AWS::EC2::InternetGateway AWS::EC2::DHCPOptions AWS::EC2::DHCPOptions AWS::EC2::RouteTable AWS::EC2::NetworkAcl AWS::EC2::NetworkAclEntry AWS::EC2::Subnet AWS::EC2::VPNGateway AWS::EC2::CustomerGateway	2010-05-15
New feature	April 13, 2012	AWS CloudFormation now allows you to add or remove elements from a stack when updating it. AWS CloudFormation Stacks Updates has been updated, and a new section has been added to the walkthrough: Change the Stack's Resources, which describes how to add and remove resources when updating the stack.	2010-05-15
New feature	February 2, 2012	AWS CloudFormation now provides support for resources in an existing Amazon Virtual Private Cloud (Amazon VPC). With this release, you can: Launch an EC2 Dedicated instance into an existing Amazon VPC. For more information, see AWS::EC2::Instance. Set the `SourceDestCheck` attribute of an EC2 instance that resides in an existing Amazon VPC. For more information, see AWS::EC2::Instance. Create Elastic IP addresses in an existing Amazon VPC. For more information, see AWS::EC2::EIP. Use AWS CloudFormation to create Amazon VPC security groups and ingress/egress rules in an existing VPC. For more information, see AWS::EC2::SecurityGroup. Associate an Auto Scaling group with an existing Amazon VPC by setting the `VPCZoneIdentifier` property of your `AWS::AutoScaling::AutoScalingGroup` resource. For more information, see AWS::AutoScaling::AutoScalingGroup. Attach an Elastic Load Balancing load balancer to a Amazon VPC subnet and create security groups for the load balancer. For more information, see AWS::ElasticLoadBalancing::LoadBalancer. Create an RDS DB instance in an existing Amazon VPC. For more information, see AWS::RDS::DBInstance.	2010-05-15
New feature	February 2, 2012	You can now update properties for the following resources in an existing stack: AWS::EC2::SecurityGroupIngress AWS::EC2::SecurityGroupEgress AWS::EC2::EIPAssociation AWS::RDS::DBSubnetGroup AWS::RDS::DBSecurityGroup AWS::RDS::DBSecurityGroupIngress AWS::Route53::RecordSetGroup For a complete list of updatable resources and details about what to consider when updating a stack, see AWS CloudFormation Stacks Updates.	2010-05-15
Restructured guide	February 2, 2012	Reorganized existing sections into new sections: Working with AWS CloudFormation Templates and Managing Stacks. Moved Template Reference to the top level of the Table of Contents. Moved Estimating the Cost of Your AWS CloudFormation Stack to the Getting Started section.	2010-05-15
New content	February 2, 2012	Added three new sections: Walkthrough: Updating a Stack is a tutorial that walks through the process of updating a LAMP stack. Deploying Applications on Amazon EC2 with AWS CloudFormation describes how to use AWS CloudFormation helper scripts to deploy applications using metadata stored in your template. CloudFormation Helper Scripts Reference provides reference material for the AWS CloudFormation helper scripts (cfn-init, cfn-get-metadata, cfn-signal, and cfn-hup).	2010-05-15
New feature	May 26, 2011	AWS CloudFormation now provides the aws cloudformation list-stacks command, which enables you to list stacks filtered by stack status. Deleted stacks can be listed for up to 90 days after they have been deleted. For more information, see Describing and Listing Your Stacks.	2010-05-15
New features	May 26, 2011	The aws cloudformation describe-stack-resources and aws cloudformation get-template commands now enable you to get information from stacks that have been deleted for 90 days after they have been deleted. For more information, see Listing Resources and Retrieving a Template.	2010-05-15
New link	March 1, 2011	AWS CloudFormation endpoint information is now located in the AWS General Reference. For more information, go to Regions and Endpoints in Amazon Web Services General Reference.	2010-05-15
Initial release	February 25, 2011	This is the initial public release of AWS CloudFormation.	2010-05-15

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

« Previous Next »