AWS CloudFormation
User Guide (API Version 2010-05-15)

Release History

The following table describes important changes in each release of the AWS CloudFormation User Guide after May 2018. For notification about updates to this documentation, you can subscribe to an RSS feed.

Change Description Date

Updated resource

The following resources were updated: AWS::ApiGatewayV2::Api, AWS::ApiGatewayV2::Authorizer, AWS::ApiGatewayV2::Integration, AWS::ApiGatewayV2::Stage.

AWS::ApiGatewayV2::Api

Use the AWS::ApiGatewayV2::Api resource to create an HTTP API (beta).

AWS::ApiGatewayV2::Authorizer

Use the AWS::ApiGatewayV2::Authorizer resource to create a JWT authorizer for an HTTP API (beta).

AWS::ApiGatewayV2::Integration

Use the AWS::ApiGatewayV2::Integration resource to create an integration for an HTTP API (beta).

AWS::ApiGatewayV2::Stage

Use the AWS::ApiGatewayV2::Stage resource to create a stage for an HTTP API (beta).

December 4, 2019

Updated resources

The following resources were updated: AWS::Lambda::Alias and AWS::Lambda::Version.

AWS::Lambda::Alias

Use the ProvisionedConcurrencyConfiguration property to specify a provisioned concurrency configuration for a function's alias.

AWS::Lambda::Version

Use the ProvisionedConcurrencyConfiguration property to specify a provisioned concurrency configuration for a function's version.

December 3, 2019

Updated resource

The following resource was updated: AWS::StepFunctions::StateMachine.

AWS::StepFunctions::StateMachine

The AWS::StepFunctions::StateMachine now supports Express workflows using the new StateMachineType parameter. you can also configure CloudWatch Logging information for Express workflows using LoggingConfiguration, LogDestination, and CloudWatchLogsLogGroup.

December 3, 2019

New resource

The following resource was added: AWS::S3::AccessPoint

Access Points

Use the AWS::S3::AccessPoint resource to specify an S3 access point.

December 3, 2019

New resource

The following resource was added: AWS::AccessAnalyzer::Analyzer

AWS::AccessAnalyzer::Analyzer

Use the AWS::AccessAnalyzer::Analyzer resource to create an analyzer for IAM Access Analyzer.

December 2, 2019

New resource

The following resources were added: AWS::EventSchemas::Discoverer, AWS::EventSchemas::Registry, and AWS::EventSchemas::Schema.

AWS::EventSchemas::Discoverer

Use the AWS::EventSchemas::Discoverer resource to specify a discoverer that is associated with an event bus. A discoverer allows EventBridge Schemas to automatically generate schemas based on events on an event bus.

AWS::EventSchemas::Registry

Use the AWS::EventSchemas::Registry to specify a schema registry. Schema registries are containers for Schemas. Registries collect and organize schemas so that your schemas are in logical groups.

AWS::EventSchemas::Schema

Use the AWS::EventSchemas::Schema resource to specify an event schema.

December 1, 2019

New resource

The following resource was added: AWS::Lambda::EventInvokeConfig

AWS::Lambda::EventInvokeConfig

Use the EventInvokeConfig resource to configure destinations and error handling for asynchronous invocation.

November 26, 2019

Updated resource

The following resource was updated: AWS::CodePipeline::Pipeline.

AWS::CodePipeline::Pipeline

In the ActionDeclaration property type, use the Namespace property to specify the variable namespace associated with the action. All variables produced as output by this action fall under this namespace.

November 25, 2019

Updated resource

The following resource was updated: AWS::Lambda::EventSourceMapping.

AWS::Lambda::EventSourceMapping

For stream sources (DynamoDB and Kinesis), use the BisectBatchOnFunctionError property to split the batch in two and retry if the function returns an error.

For stream sources (DynamoDB and Kinesis), use the DestinationConfig property to specify an Amazon SQS queue or Amazon SNS topic destination for discarded records.

For stream sources (DynamoDB and Kinesis), use the MaximumRecordAgeInSeconds property to specify the maximum age of a record that Lambda sends to a function for processing.

For stream sources (DynamoDB and Kinesis), use the MaximumRetryAttempts property to specify the maximum number of times to retry when the function returns an error.

For stream sources (DynamoDB and Kinesis), use the ParallelizationFactor property to specify the number of batches to process from each shard concurrently.

November 25, 2019

Updated resource

The following resource was updated: AWS::CloudWatch::Alarm.

AWS::CloudWatch::Alarm

In the MetricDataQuery property type, use the Period property to specify the granularity, in seconds, of the returned data points.

November 25, 2019

New resources

The following resources were added: AWS::ECS::PrimaryTaskSet, AWS::ECS::TaskSet.

AWS::ECS::PrimaryTaskSet

Use the AWS::ECS::PrimaryTaskSet resource to specify which task set in a service is the primary task set. Any parameters that are updated on the primary task set in a service will transition to the service. This is used when a service uses the EXTERNAL deployment controller type.

AWS::ECS::TaskSet

Use the AWS::ECS::TaskSet resource to create a task set in the specified cluster and service. This is used when a service uses the EXTERNAL deployment controller type.

November 25, 2019

New resource

The following resource was added: AWS WAFv2

AWS WAFv2

This is the latest version of AWS WAF, a web application firewall that lets you monitor HTTP(S) requests that are forwarded to an Amazon API Gateway API, Amazon CloudFront, or an Application Load Balancer. AWS WAF also lets you control access to your content.

November 25, 2019

New resource

The following resource was added: AWS::CloudWatch::InsightRule.

AWS::CloudWatch::InsightRule

Use the AWS::CloudWatch::InsightRule resource to create a Contributor Insights rule. Rules evaluate log events in a CloudWatch Logs log group, enabling you to find contributor data for the log events in that log group.

November 25, 2019

Updated resources

The following resource were updated: AWS::AppSync::Resolver, AWS::AppSync::DataSource.

AWS::AppSync::Resolver

Use the CachingConfig property to specify the caching behavior of your AWS AppSync resolver.

AWS::AppSync::Resolver

Use the SyncConfig property to specify the conflict detection and resolution strategy of your AWS AppSync resolver.

AWS::AppSync::Resolver

Use the LambdaConflictHandlerConfig property to specify the ARN of the lambda that is used for handling conflicts in your AWS AppSync resolver.

AWS::AppSync::DataSource

Use the DeltaSyncConfig property to specify the delta sync configurations for your versioned AWS AppSync data source.

November 21, 2019

Updated resources

The following resources were updated: AWS::ECS::Cluster, AWS::ECS::Service, and AWS::ECS::TaskDefinition.

AWS::ECS::Cluster

Use the ClusterSettings property to specify the setting to use when creating a cluster. This parameter is used to enable CloudWatch Container Insights for a cluster.

AWS::ECS::Service

Use the DeploymentController property to specify the deployment controller to use for the service.

AWS::ECS::TaskDefinition

In the ContainerDefinition property type, use the FirelensConfiguration property to specify the FireLens configuration for the container. This is used to specify and configure a log router for container logs.

In the LinuxParameters property type:

  • use the MaxSwap property to specify the total amount of swap memory (in MiB) a container can use.

  • use the Swappiness property to tune a container's memory swappiness behavior. A swappiness value of 0 will cause swapping to not happen unless absolutely necessary. A swappiness value of 100 will cause pages to be swapped very aggressively.

November 21, 2019

Updated resources

The following resources were updated: AWS::RDS::DBCluster and AWS::RDS::DBInstance.

AWS::RDS::DBCluster

Use the EnableHttpEndpoint property to indicate whether to enable the HTTP endpoint for an Aurora Serverless DB cluster. By default, the HTTP endpoint is disabled. When enabled, the HTTP endpoint provides a connectionless web service API for running SQL queries on the Aurora Serverless DB cluster. You can also query your database from inside the RDS console with the query editor.

AWS::RDS::DBInstance

For Oracle DB instances, Amazon RDS can use Kerberos Authentication to authenticate users that connect to the DB instance.

November 21, 2019

Updated resource

The following resource was updated: AWS::ApiGateway::RestApi.

AWS::ApiGateway::RestApi

Use the VpcEndpointIds property to specify VPC endpoint IDs of an API (AWS::ApiGateway::RestApi) against which to create Route53 ALIASes. It is only supported for PRIVATE endpoint type.

November 21, 2019

Updated resource

The following resources were updated: AWS::Cognito::UserPool

AWS::Cognito::UserPool

Added ConfigurationSet and From properties to theEmailConfiguration parameter.

AWS::Cognito::UserPoolClient

Added PreventUserExistenceErrors parameter to help manage errors and responses when a user does not exist in the user pool.

AWS::Cognito::UserPoolUser

Use the ClientMetadata parameter to provide input to the AWS Lambda function that is invoked by the pre sign-up trigger.

November 21, 2019

Updated resource

The following resource was updated: AWS::EC2::EIP.

AWS::EC2::EIP

Use the Tags property to specify any tags for the Elastic IP address.

November 21, 2019

Updated resource

The following resource was updated: AWS::Elasticsearch::Domain.

AWS::Elasticsearch::Domain

Use the CognitoOptions property to configure Amazon ES to use Amazon Cognito authentication for Kibana.

Use the UpgradeElasticsearchVersion update policy to update the ElasticsearchVersion property without replacing the AWS::Elasticsearch::Domain resource.

November 21, 2019

Updated resource

The following resource was updated: AWS::Glue::MLTransform

AWS::Glue::MLTransform

Use the GlueVersion property to specify which version of AWS Glue this machine learning transform is compatible with.

November 21, 2019

Updated resource

The following resource was updated: AWS::IAM::User.

AWS::IAM::User

Use the Tags property to specify a list of tags that you want to attach to the newly created user.

November 21, 2019

Updated resource

The following resource was updated: AWS::OpsWorksCM::Server

AWS::OpsWorksCM::Server

Use the CustomDomain property to specify a custom domain on an OpsWorks for Chef Automate Server running Chef Automate 2.0.

Use the CustomCertificate property to specify a PEM-formatted HTTPS certificate for a server with a custom domain.

Use the CustomPrivateKey property to specify a private key in PEM format for connecting to a server that uses a custom domain.

November 21, 2019

Updated resource

The following resource was updated: AWS::SNS::Subscription.

AWS::SNS::Subscription

Use the RedrivePolicy property to specify the redrive policy JSON assigned to the subscription. Sends undeliverable messages to the specified dead-letter queue. Messages that can't be delivered due to client errors (for example, when the subscribed endpoint is unreachable) or server errors (for example, when the service that powers the subscribed endpoint becomes unavailable) are held in the dead-letter queue for further analysis or reprocessing.

November 21, 2019

Updated resource

The following resource was updated: AWS::S3::Bucket.

AWS::S3::Bucket

In the Transition property type, the StorageClass property supports DEEP_ARCHIVE.

November 21, 2019

Updated resource

The following resource was updated: AWS::Lambda::Function.

AWS::Lambda::Function

In the Code property type, ZipFile supports nodejs10.x for RunTime.

November 21, 2019

New resource

The following resource was added: AWS::AppSync::ApiCache.

AWS::AppSync::ApiCache

Use the AWS::AppSync::ApiCache resource to enable resolver caching with AWS AppSync.

November 21, 2019

Drift Detection for Stack Sets

You can now run drift detection on a stack set and all the stack instances it includes.

When CloudFormation performs drift detection on a stack set, it performs drift detection on the stack associated with each stack instance in the stack set. For more details, see Detecting Unmanaged Configuration Changes in Stack Sets.

November 19, 2019

Updated resource

The following resource was updated to support Amazon EKS managed node groups: AWS::EKS::Cluster

AWS::EKS::Cluster

Use the AWS::EKS::Cluster resource to create a new Amazon EKS cluster.

November 18, 2019

New resource

The following resource was added: AWS::EKS::Nodegroup

AWS::EKS::Nodegroup

Use the AWS::EKS::Nodegroup resource to create a new Amazon EKS managed node group.

November 18, 2019

CloudFormation registry now available

Use the CloudFormation registry to view private and public resources that are available for use in your CloudFormation account.

For more information, see Using the CloudFormation Registry

November 18, 2019

CloudFormation registry API actions

The following API actions for managing types in the CloudFormation registry are now available.

For more information about the CloudFormation registry, see Using the CloudFormation Registry

DeregisterType

Removes a type or type version from active use in the CloudFormation registry.

DescribeType

Returns detailed information about a registered type.

DescribeTypeRegistration

Returns information about a type's registration, including its current status and type and version identifiers.

ListTypeRegistrations

Returns a list of registration request identifiers for the specified type.

ListTypes

Returns summary information about types that have been registered with CloudFormation.

ListTypeVersions

Returns summary information about the versions of a type.

RegisterType

Registers a type with the CloudFormation service. Registering a type makes it available for use in CloudFormation templates in your AWS account.

SetTypeDefaultVersion

Specify the default version of a type. The default version of a type will be used in CloudFormation operations.

November 18, 2019

Updated resources

The following resources were updated: AWS::GameLift::Build, AWS::GameLift::Fleet.

AWS::GameLift::Build

Use the OperatingSystem property to specify the operating system that the build files run on.

AWS::GameLift::Fleet

Use the CertificateConfiguration property to generate a TLS/SSL certificate for the new fleet.

Use the FleetType property to specify use of On-Demand or Spot instances in the fleet.

Use the InstanceRoleArn property to manage access to your non-GameLift AWS resources from GameLift fleet instances.

Use the MetricGroups property to add fleet metrics to a CoudWatch metric group.

Use the NewGameSessionProtectionPolicy property to prevent the fleet's active game sessions from being terminated during a scaledown event.

Use the PeerVpcAwsAccountId property when setting up VPC peering for the fleet.

Use the PeerVpcId property when setting up VPC peering for the fleet.

Use the ResourceCreationLimitPolicy property to limit an individual player's ability to use the fleet's available hosting resources.

Use the RuntimeConfiguration property to configure what processes are run on each instance in the fleet.

Use the ScriptId property to create a Realtime Servers fleet and configure it with a Realtime script.

November 14, 2019

New resources

The following resources were added: AWS::GameLift::Script, AWS::GameLift::Queue, AWS::GameLift::MatchmakingConfiguration, AWS::GameLift::MatchmakingRuleSet.

AWS::GameLift::Script

Use the Script resource to upload a configuration script for a Realtime Servers fleet.

AWS::GameLift::Queue

Use the Queue resource to create a game session queue that processes player requests for new game sessions.

AWS::GameLift::MatchmakingConfiguration

Use the MatchmakingConfiguration resource to create a matchmaker that processes player requests for new matched game sessions.

AWS::GameLift::MatchmakingRuleSet

Use the MatchmakingRuleSet resource to create rules that specify how to form matches and evaluate players for inclusion in a match.

November 14, 2019

Resource import added

If you created an AWS resource outside of AWS CloudFormation management, you can bring this existing resource into CloudFormation management using resource import.

For more information, see Bringing Existing Resources Into CloudFormation Management.

November 11, 2019

Updated resource

The following resources were updated: AWS::AppStream::ImageBuilder, AWS::AppStream::Stack

AWS::AppStream::ImageBuilder

In the AccessEndpoint property type:

  • Use the EndpointType property to specify the type of interface VPC endpoint (interface endpoint).

  • Use the VpceId property to specify the identifier (ID) of the VPC in which the interface endpoint is used.

AWS::AppStream::Stack

In the AccessEndpoint property type:

  • Use the EndpointType property to specify the type of interface VPC endpoint (interface endpoint).

  • Use the VpceId property to specify the identifier (ID) of the VPC in which the interface endpoint is used.

Use the EmbedHostDomains property to specify the domains where AppStream 2.0 streaming sessions can be embedded in an iframe.

November 7, 2019

New resource

The following resource was added: AWS::CodeStarNotifications::NotificationRule

AWS::CodeStarNotifications::NotificationRule

Use the AWS::CodeStarNotifications::NotificationRule resource to create notification rules for resources in AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy, and AWS CodePipeline.

November 7, 2019

New resource

The following resources were added: AWS::MediaConvert::JobTemplate, AWS::MediaConvert::Preset, AWS::MediaConvert::Queue

AWS::MediaConvert::JobTemplate

Use the AWS::MediaConvert::JobTemplate resource to specify a job template for transcoding jobs.

AWS::MediaConvert::Preset

Use the AWS::MediaConvert::Preset resource to specify an output preset as part of a transcoding job.

AWS::MediaConvert::Queue

Use the AWS::MediaConvert::Queue resource to specify an on-demand transcoding queue.

November 6, 2019

Updated resource

The following resource was updated: AWS::AppMesh::Route

AWS::AppMesh::Route

Use the GrpcRouteproperty to add a GRPC route.

Use the GrpcRouteActionproperty to add a GRPC route action.

Use the GrpcRouteMatchproperty to add a GRPC route match.

Use the GrpcRouteMetadataproperty to add GRPC route metadata.

Use the GrpcRouteMetadataMatchMethodproperty to add a GRPC route metadata match method.

Use the GrpcRouteRetryPolicyproperty to add a GRPC route retry policy.

November 4, 2019

Updated resource

The following resource was updated: AWS::Glue::Crawler

AWS::Glue::Crawler

Use the DynamoDBTargets property to specify a list of Amazon DynamoDB taragets.

Use the CatalogTargets property to specify a list of AWS Glue Data Catalog targets.

November 4, 2019

Updated resources

The following resources were updated: AWS::ApiGateway::ApiKey, AWS::ApiGateway::ClientCertificate, AWS::ApiGateway::DomainName, AWS::ApiGateway::RestApi, and AWS::ApiGateway::UsagePlan.

AWS::ApiGateway::ApiKey

Use the Tags property to specify an array of arbitrary tags (key-value pairs) to associate with the API key.

AWS::ApiGateway::ClientCertificate

Use the Tags property to specify an array of arbitrary tags (key-value pairs) to associate with the client certificate.

AWS::ApiGateway::DomainName

Use the SecurityPolicy property to the Transport Layer Security (TLS) version + cipher suite for this domain name.

Use the Tags property to specify an array of arbitrary tags (key-value pairs) to associate with the domain name.

AWS::ApiGateway::RestApi

Use the Tags property to specify an array of arbitrary tags (key-value pairs) to associate with the API.

AWS::ApiGateway::UsagePlan

Use the Tags property to specify an array of arbitrary tags (key-value pairs) to associate with the usage plan.

October 31, 2019

Updated resources

The following resources were updated: AWS::CodePipeline::CustomActionType, AWS::CodePipeline::Pipeline.

AWS::CodePipeline::CustomActionType

Use the Tags property to specify the tags for the custom action.

AWS::CodePipeline::Pipeline

Use the Tags property to specify the tags for the pipeline.

October 31, 2019

Updated resource

The following resource was updated: AWS::Amplify::App

AWS::Amplify::App

Use the EnablePullRequestPreview property to specify whether pull request previews are enabled for each branch that Amplify Console automatically creates for your app.

Use the PullRequestEnvironmentName property to specify a dedicated backend environment for your pull request previews.

October 31, 2019

Updated resource

The following resource was updated: AWS::Events::Rule.

AWS::Events::Rule

In the Target property type, use the BatchParameters property to specify the job definition, job name, and other parameters, if the event target is an AWS Batch job.

October 31, 2019

Updated resource

The following resource was updated: AWS::ECS::TaskDefinition.

AWS::ECS::TaskDefinition

Use the InferenceAccelerator property to specify the Elastic Inference accelerators to use for the containers in the task.

October 31, 2019

Updated resource

The following resource was updated: AWS::Elasticsearch::Domain.

AWS::Elasticsearch::Domain

Use the LogPublishingOptions property to configure slow log publishing.

October 31, 2019

Updated resource

The following resource was updated: AWS::SNS::Topic.

AWS::SNS::Topic

Use the Tags property to specify a list of tags to add to a new topic.

October 31, 2019

New resources

The following resources were added: AWS::Pinpoint::EmailTemplate, AWS::Pinpoint::PushTemplate, and AWS::Pinpoint::SmsTemplate.

AWS::Pinpoint::EmailTemplate

Use the AWS::Pinpoint::EmailTemplate resource to create a message template that you can use in messages that are sent through the email channel.

AWS::Pinpoint::PushTemplate

Use the AWS::Pinpoint::PushTemplate resource to create a message template that you can use in messages that are sent through a push notification channel.

AWS::Pinpoint::SmsTemplate

Use the AWS::Pinpoint::SmsTemplate resource to create a message template that you can use in messages that are sent through the SMS channel.

October 31, 2019

Updated resource

The following resource was updated: AWS::Amplify::Branch

AWS::Amplify::Branch

Use the EnablePullRequestPreview property to specify whether Amplify Console creates a preview for each pull request that is made for the branch.

Use the PullRequestEnvironmentName property to specify a dedicated backend environment for your pull request previews.

October 24, 2019

Updated resource

The following resource was updated: AWS::Cognito::UserPool

AWS::Cognito::UserPool

Use the Schema parameter to add or update schema attributes.

AWS::Cognito::UserPool

Use the AliasAttributes parameter to add or update an alias for the user pool.

AWS::Cognito::UserPool

Use the UsernameAttributes parameter to determine if email addresses or phone numbers can be used as user names when a user signs up.

October 24, 2019

Updated resources

The following resource was updated: AWS::MSK::Cluster.

AWS::MSK::Cluster

Use the NumberOfBrokerNodes property to submit an update to change the number of broker nodes in the cluster.

October 17, 2019

Updated resource

The following resource was updated: AWS::Cognito::IdentityPoolRoleAttachment

AWS::Cognito::IdentityPoolRoleAttachment

Use the IdentityProvider parameter to specify the identity provider for which the role is mapped.

October 17, 2019

Updated resource

The following resource was updated: AWS::FSx::FileSystem

AWS::FSx::FileSystem

Use the SelfManagedActiveDirectoryConfiguration property to join an Amazon FSx Windows File Server instance to your self-managed (including on-premises) Microsoft Active Directory (AD) directory.

October 17, 2019

Updated Resource

The following resource was updated: AWS::Batch::ComputeEnvironment

ComputeResources

In the ComputeResources property type, use the AllocationStrategy property to specify the strategy to use to select instance types.

October 17, 2019

Updated resources

The following resource were updated: AWS::Events::EventBusPolicy, AWS::Events::Rule

AWS::Events::EventBusPolicy

Use the EventBusName property to specify the name of the event bus to associate with this policy.

AWS::Events::Rule

Use the EventBusName property to specify the name of the event bus to associate with this rule.

October 3, 2019

Updated resources

The following resource was updated: AWS::Pinpoint::App, AWS::Pinpoint::Campaign, and AWS::Pinpoint::Segment.

AWS::Pinpoint::App

The ARN attribute returns the Amazon Resource Name (ARN) of the application.

Use the Tags property to specify a string-to-string map of key-value pairs that defines the tags to associate with the application.

AWS::Pinpoint::Campaign

The ARN attribute returns the Amazon Resource Name (ARN) of the campaign.

Use the Tags property to specify a string-to-string map of key-value pairs that defines the tags to associate with the campaign.

AWS::Pinpoint::Segment

The ARN attribute returns the Amazon Resource Name (ARN) of the segment.

Use the Tags property to specify a string-to-string map of key-value pairs that defines the tags to associate with the segment.

October 3, 2019

Updated resource

The following resource was updated: AWS::Budgets::Budget

AWS::Budgets::Budget

In the BudgetData property type, use the PlannedBudgetLimits property to specify a map containing multiple budget limits, including current or future limits.

October 3, 2019

Updated resource

The following resource was updated: AWS::Cognito::UserPool

AWS::Cognito::UserPool

Use the EnabledMfas parameter to enable MFA on a specified user pool.

October 3, 2019

New resources

The following resources were added: AWS::Cognito::UserPoolDomain, AWS::Cognito::UserPoolResourceServer, AWS::Cognito::UserPoolIdentityProvider, AWS::Cognito::RiskConfigurationAttachment, AWS::Cognito::UICustomizationAttachment.

AWS::Cognito::UserPoolDomain

Use the AWS::Cognito::UserPoolDomain resource to create a new domain for a user pool.

AWS::Cognito::UserPoolResourceServer

Use the AWS::Cognito::UserPoolResourceServer resource to create a new OAuth2.0 resource server and define custom scopes in it.

AWS::Cognito::UserPoolIdentityProvider

Use the AWS::Cognito::UserPoolIdentityProvider resource to create an identity provider for a user pool.

AWS::Cognito::UserPoolRiskConfigurationAttachment

Use the AWS::Cognito::UserPoolRiskConfigurationAttachment resource to set the risk configuration that is used for Amazon Cognito advanced security features.

AWS::Cognito::UserPoolUICustomizationAttachment

Use the AWS::Cognito::UserPoolUICustomizationAttachment resource to set the UI customization information for a user pool's built-in app UI.

October 3, 2019

New resources

The following resource were added: AWS::EC2::TrafficMirrorFilter, AWS::EC2::TrafficMirrorFilterRule, AWS::EC2::TrafficMirrorSession, and AWS::EC2::TrafficMirrorTarget

AWS::EC2::TrafficMirrorFilter

Use the AWS::EC2::TrafficMirrorFilter resource to specify a traffic mirror filter.

AWS::EC2::TrafficMirrorFilterRule

Use the AWS::EC2::TrafficMirrorFilterRule resource to manage traffic mirror filter rules.

AWS::EC2::TrafficMirrorSession

Use the AWS::EC2::TrafficMirrorSession resource to specify a traffic mirror session.

AWS::EC2::TrafficMirrorTarget

Use the AWS::EC2::TrafficMirrorTarget resource to specify a traffic mirror target.

October 3, 2019

New resource

The following resource was added: AWS::Events::EventBus

AWS::Events::EventBus

Use the EventBus resource to create or update a custom event bus or a partner event bus.

October 3, 2019

Updated resource

The following resource was updated: AWS::Glue::DevEndpoint

AWS::Glue::DevEndpoint

Use the WorkerType property to specify a type of predefined worked allocated to the development endpoint.

Use the NumberOfWorkers property to specify the number of workers of a defined workerType that are allocated to the development endpoint.

Use the GlueVersion property to specify the versions of Apache Spark and Python that AWS Glue supports for the development endpoint.

Use the Arguments property to specify a map of arguments used to configure the DevEndpoint.

September 27, 2019

Updated resource

The following resource was updated: AWS::Glue::Job

AWS::Glue::Job

Use the Timeout property to specify the job timeout in minutes.

Use the NotificationProperty property to specify the configuration properties of a notification.

Use the NotifyDelayAfter property to specify the number of minutes to wait before sending a job run delay notification after a job run starts.

September 26, 2019

Updated resource

The following resource was updated: AWS::Glue::Trigger

AWS::Glue::Trigger

Use the StartOnCreation property to specify starting SCHEDULED and CONDITIONAL triggers when created.

Use the WorkflowName property to specify the name of the workflow associated with the trigger.

September 26, 2019

Updated resource

The following resource was updated: AWS::DocDB::DBCluster.

AWS::DocDB::DBCluster

Use the EnableCloudwatchLogsExports property to specify the list of log types that need to be enabled for exporting to CloudWatch Logs.

September 26, 2019

New resource

The following resource was added: AWS::Glue::Workflow

AWS::Glue::Workflow

Use the AWS::Glue::Workflow resource to manage AWS Glue workflows.

September 26, 2019

Updated resource

The following resource was updated: AWS::Config::RemediationConfiguration.

AWS::Config::RemediationConfiguration

Use the ExecutionControls property to specify an ExecutionControls object.

September 12, 2019

New resource

The following resource was added: AWS::QLDB::Ledger

AWS::QLDB::Ledger

Use the AWS::QLDB::Ledger resource to create a new Amazon Quantum Ledger Database (Amazon QLDB) ledger.

September 10, 2019

Updated resources

The following resources were updated: AWS::ApplicationAutoScaling::ScalableTarget, AWS::DynamoDB::Table, AWS::EC2::Instance, AWS::ECS::TaskDefinition, AWS::ElastiCache::ReplicationGroup, AWS::Events::Rule, AWS::IAM::Role, and AWS::Lambda::EventSourceMapping.

AWS::ApplicationAutoScaling::ScalableTarget

Use the SuspendedState property to suspend and resume automatic scaling. Setting the value of an attribute to true suspends the specified scaling activities. Setting it to false (default) resumes the specified scaling activities.

AWS::DynamoDB::Table

In the SSESpecification property type, use the SSEType property to specify server-side encryption type.

AWS::EC2::Instance

Use the CpuOptions property to specify the CPU options for the instance.

In the Ebs property type, use the KmsKeyId property to specify an identifier (key ID, key alias, ID ARN, or alias ARN) for a customer managed CMK under which the EBS volume is encrypted.

AWS::ECS::TaskDefinition

Use the IpcMode property to specify the IPC resource namespace to use for the containers in the task. The valid values are host, task, or none.

Use the PidMode property to specify the process namespace to use for the containers in the task. The valid values are host or task.

In the ContainerDefinition property type:

  • When the Interactive property is set to true, this allows you to deploy containerized applications that require stdin or a tty to be allocated.

  • When the PseudoTerminal proprety is set to true, a TTY is allocated.

  • Use the SystemControls property to specify a list of namespaced kernel parameters to set in the container.

In the LogConfiguration property type, use the SecretOptions property to specify the secrets to pass to the log configuration.

AWS::ElastiCache::ReplicationGroup

Use the KmsKeyId property to specify the ID of the KMS key used to encrypt the disk on the cluster.

AWS::Events::Rule

In the EcsParameters property type:

  • Use the Group property to specify an ECS task group for the task.

  • Use the LaunchType property to specify the launch type on which your task is running.

  • If the ECS task uses the awsvpc network mode, use the NetworkConfiguration property to specify the VPC subnets and security groups associated with the task and whether a public IP address is to be used.

  • Use the PlatformVersion property to specify the platform version for the task.

AWS::IAM::Role

Use the Description property to provide a description for the role.

Use the Tags property to specify a list of tags that are attached to the specified role.

AWS::Lambda::EventSourceMapping

Use the MaximumBatchingWindowInSeconds property to specify the maximum amount of time to gather records before invoking the function, in seconds.

August 29, 2019

Updated resources

The following resources were updated: AWS::RDS::DBCluster and AWS::RDS::DBInstance

AWS::RDS::DBCluster

Use the AssociatedRoles property to specify the AWS Identity and Access Management (IAM) roles associated with the DB instance.

Use the RestoreType property to specify the type of restore to be performed.

Use the SourceDBClusterIdentifier property to specify the identifier of the source DB cluster from which to restore.

Use the UseLatestRestorableTime property to specify whether to restore the DB cluster to the latest restorable backup time.

AWS::RDS::DBInstance

Use the AssociatedRoles property to specify the AWS Identity and Access Management (IAM) roles associated with the DB instance.

August 29, 2019

Updated resource

The following resource was updated: AWS::SNS::Subscription.

AWS::SNS::Subscription

The Region property no longer requires replacement when udpated.

August 29, 2019

Updated resource

The following resource was updated: AWS::CloudWatch::Alarm

AWS::CloudWatch::Alarm

Use the ThresholdMetricId property to specify the ID of the ANOMALY_DETECTION_BAND function used as the threshold for the alarm.

August 29, 2019

Updated resource

The following resource was updated: AWS::Elasticsearch::Domain.

AWS::Elasticsearch::Domain

In the ElasticsearchClusterConfig property type, use the ZoneAwarenessConfig property to specify zone awareness configuration options.

August 29, 2019

New resource

The following resource was added: AWS::Config::OrganizationConfigRule

AWS::Config::OrganizationConfigRule

Use the AWS::Config::OrganizationConfigRule resource to create an OrganizationConfigRule that has information about config rules that AWS Config creates in the member accounts.

August 29, 2019

Updated resource

The following resource was updated: AWS::Neptune::DBCluster.

AWS::Neptune::DBCluster

Use the EnableCloudwatchLogsExports property to specify a list of log types that are enabled for export to CloudWatch Logs.

August 22, 2019

Updated resource

The following resource was updated: AWS::DMS::ReplicationTask

AWS::DMS::ReplicationTask

Use the CdcStartPosition property to indicate when you want a change data capture (CDC) operation to start.

Use the CdcStopPosition property to indicate when you want a change data capture (CDC) operation to stop.

August 16, 2019

New resource

The following resource was added: AWS::SageMaker::Workteam

AWS::SageMaker::Workteam

Use the AWS::SageMaker::Workteam resource to create a new work team for labeling your data.

August 16, 2019

Updated resources

The following resources were updated: AWS::EC2::ClientVpnEndpoint, AWS::Greengrass::Group, AWS::Greengrass::ConnectorDefinition, AWS::Greengrass::CoreDefinition, AWS::Greengrass::DeviceDefinition, AWS::Greengrass::FunctionDefinition, AWS::Greengrass::LoggerDefinition, AWS::Greengrass::ResourceDefinition, and AWS::Greengrass::SubscriptionDefinition.

AWS::EC2::ClientVpnEndpoint

Use the SplitTunnel parameter to specify whether split-tunnel is enabled on the AWS Client VPN endpoint.

AWS::Greengrass::ConnectorDefinition

Use the Tags property to attach metadata to the AWS::Greengrass::ConnectorDefinition resource.

AWS::Greengrass::CoreDefinition

Use the Tags property to attach metadata to the AWS::Greengrass::CoreDefinition resource.

AWS::Greengrass::DeviceDefinition

Use the Tags property to attach metadata to the AWS::Greengrass::DeviceDefinition resource.

AWS::Greengrass::FunctionDefinition

Use the Tags property to attach metadata to the AWS::Greengrass::FunctionDefinition resource.

AWS::Greengrass::Group

Use the Tags property to attach metadata to the AWS::Greengrass::Group resource.

AWS::Greengrass::LoggerDefinition

Use the Tags property to attach metadata to the AWS::Greengrass::LoggerDefinition resource.

AWS::Greengrass::ResourceDefinition

Use the Tags property to attach metadata to the AWS::Greengrass::ResourceDefinition resource.

AWS::Greengrass::SubscriptionDefinition

Use the Tags property to attach metadata to the AWS::Greengrass::SubscriptionDefinition resource.

August 8, 2019

Updated resource

The following resource was updated: AWS::AppSync::GraphQLApi.

AWS::AppSync::GraphQLApi

In the LogConfig property type, when set to TRUE, the excludeVerboseContent property excludes sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level.

August 8, 2019

New resources

The following resources were added: AWS::ManagedBlockchain::Member and AWS::ManagedBlockchain::Node.

AWS::ManagedBlockchain::Member

Use the Member resource to create the first member or an additional member of an Amazon Managed Blockchain network.

AWS::ManagedBlockchain::Node

Use the Node resource to create a peer node in a member of an Amazon Managed Blockchain network.

August 8, 2019

New resource

The following resource was added: AWS::Glue::MLTransform

AWS::Glue::MLTransform

Use the AWS::Glue::MLTransform resource to manage machine learning transforms.

August 8, 2019

New resource

The following resource was added: AWS::LakeFormation::DataLakeSettings

AWS::LakeFormation::DataLakeSettings

Use the AWS::LakeFormation::DataLakeSettings resource to manage data lake settings.

August 8, 2019

New resource

The following resource was added: AWS::LakeFormation::Permissions

AWS::LakeFormation::Permissions

Use the AWS::LakeFormation:Permissions resource to grant or revoke AWS Lake Formation permissions.

August 8, 2019

New resource

The following resource was added: AWS::LakeFormation::Resource

AWS::LakeFormation::Resource

Use the AWS::LakeFormation::Resource resource to define the resources to which permissions are to be granted.

August 8, 2019

New resource

The following resource was added: AWS::CodeBuild::SourceCredential

AWS::CodeBuild::SourceCredential

Use the AWS::CodeBuild::SourceCredential resource to specify information about the credentials for a GitHub, GitHub Enterprise, or Bitbucket repository used in an AWS CodeBuild build project.

August 7, 2019

Updated resources

The following resources were updated: AWS::Batch::JobDefinition, AWS::Cognito::UserPool, AWS::Cognito::UserPoolClient, and AWS::Glue::Job.

AWS::Batch::JobDefinition

In the ContainerProperties property type, use the LinuxParameters property to specify Linux-specific modifications that are applied to the container, such as details for device mappings.

AWS::Cognito::UserPool

Use the UserPoolAddOns property to enable advanced security risk detection.

Use the VerificationMessageTemplate property to define the template for verification messages.

AWS::Cognito::UserPoolClient

Use the AnalyticsConfiguration property to define the Amazon Pinpoint analytics configuration for collecting metrics for this user pool.

AWS::Glue::Job

Use the GlueVersion property to determine the versions of Apache Spark and Python that AWS Glue supports. The Python version indicates the version supported for jobs of type Spark.

Use the MaxCapacity property to specify the number of AWS Glue data processing units (DPUs) that can be allocated when this job runs. A DPU is a relative measure of processing power that consists of 4 vCPUs of compute capacity and 16 GB of memory.

For the NumberofWorkers property, when you specify a Python shell job (JobCommand.Name="pythonshell"), you can allocate either 0.0625 or 1 DPU. The default is 0.0625 DPU. When you specify an Apache Spark ETL job (JobCommand.Name="glueetl"), you can allocate from 2 to 100 DPUs. The default is 10 DPUs. This job type cannot have a fractional DPU allocation.

Use the WorkerType property to specify the type of predefined worker that is allocated when a job runs.

In the JobCommand property type, use the PythonVersion property to specify the Python version being used to execute a Python shell job.

August 2, 2019

Stack set limit increases

You can now create a maximum of 100 stack sets in your administrator account, create a maximum of 2000 stack instances per stack set, and run a maximum of 3500 stack instance operations in each region at the same time, per administrator account.

For more details, see AWS CloudFormation Limits.

August 2, 2019

New resource

The following resource was added: AWS::CodeStar::GitHubRepository.

AWS::CodeStar::GitHubRepository

Use the AWS::CodeStar::GitHubRepository resource to create a GitHub repository where you can store source code for use with AWS workflows. If provided, your source code is uploaded to the repository after it is created.

August 2, 2019

Updated resource

You can now add tags to a CodeCommit repository in your AWS CloudFormation template.

AWS::CodeCommit::Repository

Use the Tags property to provide information about one or more tag key-value pairs to use when tagging a repository.

July 25, 2019

Updated resources

The following resource was updated: AWS::AmazonMQ::Broker.

AWS::AmazonMQ::Broker

Use the encryptionOptions property to specify an AWS-owned CMK or a customer-managed CMK.

July 22, 2019

Updated resources

The following resources were updated: AWS::Amplify::App and AWS::Amplify::Branch.

AWS::Amplify::App

Use the AutoBranchCreationConfig property type to automatically create branches that match a certain pattern.

AWS::Amplify::Branch

Use the EnableAutoBuild property to enable automatic builds for a branch.

July 18, 2019

New resources

The following resources were added: AWS::IoTEvents::DetectorModel and AWS::IoTEvents::Input.

AWS::IoTEvents::DetectorModel

Use the DetectorModel resource to create a detector model.

AWS::IoTEvents::Input

Use the Input resource to create an input.

July 18, 2019

New resource

The following resource was added: AWS::CloudWatch::AnomalyDetector.

AWS::CloudWatch::AnomalyDetector

Use the AWS::CloudWatch::AnomalyDetector resource to specify an anomaly detection band for a certain metric and statistic. The band represents the expected "normal" range for the metric values.

July 12, 2019

Updated resources

The following resources were updated: AWS::IoTAnalytics::Channel and AWS::IoTAnalytics::Datastore.

AWS::IoTAnalytics::Channel

Use the ChannelStorage property to specify channel data is stored.

AWS::IoTAnalytics::Datastore

Use the DatastoreStorage property to specify where data store data is stored.

June 27, 2019

New resources

The following resources were added: AWS::MediaLive::Channel, AWS::MediaLive::Input, and AWS::MediaLive::InputSecurityGroup.

AWS::MediaLive::Channel

The AWS::MediaLive::Channel resource creates a channel. A MediaLive channel ingests and transcodes (decodes and encodes) source content from the inputs that are attached to that channel, and packages the new content into outputs.

AWS::MediaLive::Input

The AWS::MediaLive::Input resource creates an input. A MediaLive input holds information that describes how the MediaLive channel is connected to the upstream system that is providing the source content that is to be transcoded.

AWS::MediaLive::InputSecurityGroup

The AWS::MediaLive::InputSecurityGroup resource creates an input security group. A MediaLive input security group is associated with a MediaLive input. The input security group is an "allow list" of IP addresses that controls whether an external IP address can push content to the associated MediaLive input.

June 27, 2019

Updated resource

The following resource was updated: AWS::EC2::LaunchTemplate

AWS::EC2::LaunchTemplate

In the SpotOptions property type, use BlockDurationMinutes to specify the required duration for the Spot Instances, and use ValidUntil to specify the end date for the Spot request.

June 25, 2019

New resource

The following resource was added: AWS::SecurityHub::Hub

AWS::SecurityHub::Hub

Use the AWS::SecurityHub::Hub resource to specify the implementation of the AWS Security Hub service in your account.

June 25, 2019

Updated resources

The following resource were updated: AWS::AppStream::Fleet, AWS::ServiceCatalog::CloudFormationProvisionedProduct

AWS::ServiceCatalog::CloudFormationProvisionedProduct

Use the ProvisioningPreferences property to specify user-defined preferences that will be applied when updating a provisioned product.

AWS::AppStream::Fleet

Use the IdleDisconnectTimeoutInSeconds property to specify the amount of time that users can be idle (inactive) before they are disconnected from their streaming session and the DisconnectTimeoutInSeconds time interval begins.

June 20, 2019

New resources

The following resource was added: AWS::Config::RemediationConfiguration, AWS::ServiceCatalog::StackSetConstraint

AWS::Config::RemediationConfiguration

Use the AWS::Config::RemediationConfiguration resource to specify the details about the remediation configuration, including the remediation action, parameters, and data to execute the action.

AWS::ServiceCatalog::StackSetConstraint

Use the AWS::ServiceCatalog::StackSetConstraint resource to specify a stack set constraint.

June 20, 2019

Updated resources

The following resources were updated: AWS::AppMesh::VirtualNode, AWS::CodeBuild::Project, AWS::EC2::Host, AWS::EC2::Route, AWS::EC2::VPNConnection, AWS::ECS::Cluster, AWS::ECS::Service, AWS::ECS::TaskDefinition, AWS::EFS::MountTarget, AWS::ElasticLoadBalancingV2::ListenerRule, AWS::EMR::Cluster, AWS::IoTAnalytics::Dataset, AWS::KinesisFirehose::DeliveryStream, AWS::S3::Bucket.

AWS::AppMesh::VirtualNode

Use ServiceDiscovery to specify whether to use AWSCloudMap or DNS for service discovery. If using AWS Cloud Map for service discovery, use AwsCloudMapServiceDiscovery to specify ServiceName, NamespaceName, and Attributes properties. Use AwsCloudMapInstanceAttribute to specify key and value pairs for AwsCloudMapServiceDiscovery.

AWS::CodeBuild::Project

Use the SecondarySourceVersions property to specify an array of ProjectSourceVersion objects. If secondarySourceVersions is specified at the build level, then they take over these secondarySourceVersions (at the project level).

AWS::DLM::LifecyclePolicy

In the PolicyDetails property type:

  • Use the PolicyType property to determine the valid target resource types and actions a policy can manage. This field defaults to EBS_SNAPSHOT_MANAGEMENT if not present.

  • Use the Parameters property to specify a set of optional parameters that can be provided by the policy.

In the Schedule property type, use the VariableTags property to specify a collection of key/value pairs with values determined dynamically when the policy is executed. Keys may be any valid Amazon EC2 tag key. Values must be in one of the two following formats: $(instance-id) or $(timestamp). Variable tags are only valid for EBS Snapshot Management – Instance policies.

AWS::EC2::Host

Use the HostRecovery property to indicates whether to enable or disable host recovery for the Dedicated Host.

AWS::EC2::Route

Use the TransitGatewayId property to specify the ID of a transit gateway.

AWS::EC2::VPNConnection

Use the TransitGatewayId property to specify the ID of the transit gateway associated with the VPN connection.

Use the VpnGatewayId property to specify the ID of the virtual private gateway at the AWS side of the VPN connection.

AWS::ECR::Repository

Use the Tags property to specify an array of key-value pairs to apply to this resource.

AWS::ECS::Cluster

Use the Tags property to apply metadata to clusters to help you categorize and organize them.

AWS::ECS::Service

Use the EnableECSManagedTags property to specify whether to enable Amazon ECS managed tags for the tasks within the service.

Use the PropagateTags property to specify whether to propagate the tags from the task definition or the service to the tasks in the service.

Use the Tags property to apply metadata to services to help you categorize and organize them.

AWS::ECS::TaskDefinition

In the ContainerDefinition property type:

  • Use the ResourceRequirements property to specify the type and amount of a resource to assign to a container. The only supported resource is a GPU.

  • Use the Secrets property to specify the secrets to pass to the container.

Use the Tags property to apply metadata to task definitions to help you categorize and organize them.

AWS::EFS::FileSystem

Use the LifecyclePolicies property to specify a list of policies used by EFS lifecycle management to transition files to the Infrequent Access (IA) storage class.

AWS::EFS::MountTarget

Use the IpAddress attribute to return the IPv4 address of the mount target.

AWS::ElasticLoadBalancingV2::ListenerRule

In the RuleCondition property type:

  • Use the HostHeaderConfig property to specify information for a host header condition.

  • Use the HttpHeaderConfig property to specify information for an HTTP header condition.

  • Use the HttpRequestMethodConfig property to specify information for an HTTP method condition.

  • Use the PathPatternConfig property to specify information for a path pattern condition.

  • Use the QueryStringConfig property to specify information for a query string condition.

  • Use the SourceIpConfig property to specify information for a source IP condition.

AWS::EMR::Cluster

In the JobFlowInstancesConfig property type, use the Ec2SubnetIds property to specify multiple EC2 subnet IDs.

AWS::IoTAnalytics::Dataset

When data set contents are created they are delivered to destinations specified in the ContentDeliveryRules property.

Use the VersioningConfiguration property to specify how many versions of data set contents are kept. If not specified or set to null, only the latest version plus the latest succeeded version (if they are different) are kept for the time period specified by the "retentionPeriod" parameter.

AWS::KinesisFirehose::DeliveryStream

In the ExtendedS3DestinationConfiguration property type:

  • Use the DataFormatConversionConfiguration property to specify the serializer, deserializer, and schema for converting data from the JSON format to the Parquet or ORC format before writing it to Amazon S3.

  • Use the ErrorOutputPrefix property to specify a prefix that Kinesis Data Firehose evaluates and adds to failed records before writing them to S3.

  • The Prefix property is no longer required.

In the S3DestinationConfiguration property type, use the ErrorOutputPrefix property to specify a prefix that Kinesis Data Firehose evaluates and adds to failed records before writing them to S3.

AWS::S3::Bucket

Use the ObjectLockConfiguration property to specify an object lock configuration for the specified bucket.

Use the ObjectLockEnabled property to specify whether this bucket has an object lock configuration enabled.

June 13, 2019

New resources

The following resources were added: AWS::Amplify::App, AWS::Amplify::Branch, AWS::Amplify::Domain, AWS::EC2::ClientVpnAuthorizationRule, AWS::EC2::ClientVpnEndpoint, AWS::EC2::ClientVpnRoute, AWS::EC2::ClientVpnTargetNetworkAssociation, AWS::MSK::Cluster.

AWS::Amplify::App

Creates apps in AWS Amplify Console. An app is a collection of branches.

AWS::Amplify::Branch

Creates a new branch within an AWS Amplify Console app.

AWS::Amplify::Domain

Allows you to connect a custom domain to your AWS Amplify Console app.

AWS::EC2::ClientVpnAuthorizationRule

Specifies an ingress authorization rule to add to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks.

AWS::EC2::ClientVpnEndpoint

Specifies a Client VPN endpoint. A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated.

AWS::EC2::ClientVpnRoute

Specifies a network route to add to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traffic to specific resources or networks.

AWS::EC2::ClientVpnTargetNetworkAssociation

Specifies a target network to associate with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint.

AWS::MSK::Cluster

Use the AWS::MSK::Cluster resource to create an Amazon MSK cluster.

June 13, 2019

Updated resources

The following resource was updated: AWS::SageMaker::NotebookInstance.

AWS::SageMaker::NotebookInstance

Use the AcceleratorTypes property to specify a list of Elastic Inference (EI) instance types to associate with this notebook instance.

Use the AdditionalCodeRepositories property to specify an array of up to three Git repositories associated with the notebook instance.

Use the DefaultCodeRepository property to specify the Git repository associated with the notebook instance as its default code repository.

June 3, 2019

New resources

The following resources were added: AWS::IoTThingsGraph::FlowTemplate, AWS::Pinpoint::ADMChannel, AWS::Pinpoint::APNSChannel, AWS::Pinpoint::APNSSandboxChannel, AWS::Pinpoint::APNSVoipChannel, AWS::Pinpoint::APNSVoipSandboxChannel, AWS::Pinpoint::App, AWS::Pinpoint::ApplicationSettings, AWS::Pinpoint::BaiduChannel, AWS::Pinpoint::Campaign, AWS::Pinpoint::EmailChannel, AWS::Pinpoint::EventStream, AWS::Pinpoint::GCMChannel, AWS::Pinpoint::SMSChannel, AWS::Pinpoint::Segment, AWS::Pinpoint::VoiceChannel, AWS::SageMaker::CodeRepository, and AWS::MSK::Cluster.

AWS::IoTThingsGraph::FlowTemplate

Use the AWS::IoTThingsGraph::FlowTemplate resource to specify a workflow template.

AWS::Pinpoint::ADMChannel

Use the AWS::Pinpoint::ADMChannel resource to specify an ADM channel. You can use the ADM channel to send push notifications through the Amazon Device Messaging (ADM) service to apps that run on Amazon devices, such as Kindle Fire tablets.

AWS::Pinpoint::APNSChannel

Use the AWS::Pinpoint::APNSChannel resource to specify an APNs channel. You can use the APNs channel to send push notification messages to the Apple Push Notification service (APNs).

AWS::Pinpoint::APNSSandboxChannel

Use the AWS::Pinpoint::APNSSandboxChannel resource to specify an APNs sandbox channel. You can use the APNs sandbox channel to send push notification messages to the sandbox environment of the Apple Push Notification service (APNs).

AWS::Pinpoint::APNSVoipChannel

Use the AWS::Pinpoint::APNSVoipChannel resource to specify an APNs VoIP channel. You can use the APNs VoIP channel to send VoIP notification messages to the Apple Push Notification service (APNs).

AWS::Pinpoint::APNSVoipSandboxChannel

Use the AWS::Pinpoint::APNSVoipSandboxChannel resource to specify an APNs VoIP sandbox channel. You can use the APNs VoIP sandbox channel to send VoIP notification messages to the sandbox environment of the Apple Push Notification service (APNs).

AWS::Pinpoint::App

Use the AWS::Pinpoint::App resource to specify an app.

AWS::Pinpoint::ApplicationSettings

Use the AWS::Pinpoint::ApplicationSettings resource to specify the settings for an Amazon Pinpoint app.

AWS::Pinpoint::BaiduChannel

Use the AWS::Pinpoint::BaiduChannel resource to update the settings of the Baidu channel for an application.

AWS::Pinpoint::Campaign

Use the AWS::Pinpoint::Campaign resource to update the settings for a campaign.

AWS::Pinpoint::EmailChannel

Use the AWS::Pinpoint::EmailChannel resource to update the status and settings of the email channel for an application.

AWS::Pinpoint::EventStream

Use the AWS::Pinpoint::EventStream resource to create a new event stream for an application or update the settings of an existing event stream for an application.

AWS::Pinpoint::GCMChannel

Use the AWS::Pinpoint::GCMChannel resource to specify a GCM channel. You can use the GCM channel to send push notification messages to the Firebase Cloud Messaging (FCM) service, which replaced the Google Cloud Messaging (GCM) service.

AWS::Pinpoint::SMSChannel

Use the AWS::Pinpoint::SMSChannel resource to specify an SMS channel. To send an SMS text message, you send the message through the SMS channel.

AWS::Pinpoint::Segment

Use the AWS::Pinpoint::Segment resource to create a new segment for an application or update the configuration, dimension, and other settings for an existing segment that's associated with an application.

AWS::Pinpoint::VoiceChannel

Use the AWS::Pinpoint::VoiceChannel resource to update the status and settings of the voice channel for an application.

AWS::SageMaker::CodeRepository

Use the AWS::SageMaker::CodeRepository resource to specify a Git repository as a resource in your Amazon SageMaker account.

June 3, 2019

Updated resources

The following resources were updated: AWS::CodeCommit::Repository and AWS::EC2::LaunchTemplate.

Code

Use the Code resource to provide information about code to be committed.

S3

Use the S3 resource to provide information about the Amazon S3 bucket that contains the code that will be committed to the new repository.

AWS::EC2::LaunchTemplate

In the NetworkInterface property, use InterfaceType to specify the type of network interface.

May 23, 2019

New resources

The following resources were added: AWS::Backup::BackupPlan, AWS::Backup::BackupSelection, AWS::Backup::BackupVault, AWS::PinpointEmail::ConfigurationSet, AWS::PinpointEmail::ConfigurationSetEventDestination, AWS::PinpointEmail::DedicatedIpPool, AWS::PinpointEmail::Identity, AWS::Transfer::Server, AWS::Transfer::User, AWS::WAFRegional::GeoMatchSet, AWS::WAFRegional::RateBasedRule, and AWS::WAFRegional::RegexPatternSet.

AWS::Backup::BackupPlan

Contains an optional backup plan display name and an array of BackupRule objects, each of which specifies a backup rule. Each rule in a backup plan is a separate scheduled task and can back up a different selection of AWS resources.

AWS::Backup::BackupSelection

Specifies a set of resources to assign to a backup plan.

AWS::Backup::BackupVault

Creates a logical container where backups are stored. A CreateBackupVault request includes a name, optionally one or more resource tags, an encryption key, and a request ID.

AWS::PinpointEmail::ConfigurationSet

Use the AWS::PinpointEmail::ConfigurationSet resource to specify configuration sets for the Amazon Pinpoint Email API.

AWS::PinpointEmail::ConfigurationSetEventDestination

Use the AWS::PinpointEmail::ConfigurationSetEventDestination resource to specify destinations for events related to sending email in the Amazon Pinpoint Email API.

AWS::PinpointEmail::DedicatedIpPool

Use the AWS::PinpointEmail::DedicatedIpPool resource to specify groups of dedicated IP addresses in the Amazon Pinpoint Email API.

AWS::PinpointEmail::Identity

Use the AWS::PinpointEmail::Identity resource to specify identities (email addresses or domains) for sending email through the Amazon Pinpoint Email API.

AWS::Transfer::Server

Creates an autoscaling virtual server based on Secure File Transfer Protocol (SFTP) in AWS.

AWS::Transfer::User

Creates a user and associates them with an existing Secure File Transfer Protocol (SFTP) server.

AWS::WafRegional::GeoMatchSet

The AWS::WAFRegional::GeoMatchSet resource contains one or more countries that AWS WAF will search for.

AWS::WafRegional::RateBasedRule

The AWS::WAFRegional::RateBasedRule resource is identical to a regular Rule, with one addition: a RateBasedRule counts the number of requests that arrive from a specified IP address every five minutes.

AWS::WafRegional::RegexPatternSet

The AWS::WAFRegional::RegexPatternSet resource specifies the regular expression (regex) pattern that you want AWS WAF to search for.

May 23, 2019

Updated resources

The following resources were updated: AWS::AppSync::GraphQLApi, AWS::Cognito::UserPool, AWS::Glue::Classifier, AWS::Glue::Crawler, AWS::Glue::DevEndpoint, AWS::Glue::Job, and AWS::Glue::Trigger.

AWS::AppSync::GraphQLApi

Use the AdditionalAuthenticationProviders property to specify a list of additional authentication providers for the GraphqlApi API.

Use the Tags property to specify an arbitrary set of tags (key-value pairs) for this GraphQL API.

AWS::Cognito::UserPool

In the PasswordPolicy property type, use the TemporaryPasswordValidityDays property to specify the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.

Note

When you set TemporaryPasswordValidityDays for a user pool, you will no longer be able to set the deprecated UnusedAccountValidityDays value for that user pool.

AWS::Glue::Classifier

Use the CsvClassifier property to specify a classifier for comma-separated values (CSV).

AWS::Glue::Crawler

Use the CrawlerSecurityConfiguration property to specify the name of the SecurityConfiguration structure to be used by this crawler.

Use the Tags property to specify the tags to use with this crawler request. You can use tags to limit access to the crawler.

AWS::Glue::DevEndpoint

Use the SecurityConfiguration property to specify the name of the SecurityConfiguration structure to be used by this DevEndpoint.

Use the Tags property to specify the tags to use with this DevEndpoint. You can use tags to limit access to the DevEndpoint.

AWS::Glue::Job

Use the SecurityConfiguration property to specify the name of the SecurityConfiguration structure to be used with this job.

Use the Tags property to specify the tags to use with this job. You can use tags to limit access to the job.

AWS::Glue::Trigger

Use the Tags property to specify the tags to use with this trigger. You can use tags to limit access to the trigger.

May 17, 2019

New resources

The following resources were added: AWS::Glue::DataCatalogEncryptionSettings, AWS::Glue::SecurityConfiguration, and AWS::MediaStore::Container.

AWS::Glue::DataCatalogEncryptionSettings

Sets the security configuration for a specified catalog. After the configuration has been set, the specified encryption is applied to every catalog write thereafter.

AWS::Glue::SecurityConfiguration

Creates a new security configuration.

AWS::MediaStore::Container

The AWS::MediaStore::Container resource specifies a storage container to hold objects. A container is similar to a bucket in Amazon S3.

When you create a container using AWS CloudFormation, the template manages data for five API actions: creating a container, setting access logging, updating the default container policy, adding a cross-origin resource sharing (CORS) policy, and adding an object lifecycle policy.

May 17, 2019

Updated resource

The following resource was updated: AWS::ServiceCatalog::CloudFormationProduct.

AWS::ServiceCatalog::CloudFormationProduct

In the ProvisioningArtifactProperties property type, if DisableTemplateValidation is set to true, AWS Service Catalog stops validating the specified provisioning artifact even if it is invalid.

May 3, 2019

New resources

The following resources were added: AWS::ApiGatewayV2::ApiMapping and AWS::ApiGatewayV2::DomainName.

AWS::ApiGatewayV2::ApiMapping

The AWS CloudFormation AWS::ApiGatewayV2::ApiMapping resource contains an API mapping.

AWS::ApiGatewayV2::DomainName

Use the AWS CloudFormation AWS::ApiGatewayV2::DomainName resource to specify a custom, friendly URL for your API in API Gateway.

May 3, 2019

Limit for resources in concurrent stack operations

CloudFormation now enforces an account limit for the number of resources in concurrent stack operations. This limit is determined by region.

For more information, see AWS CloudFormation Limits

April 30, 2019

Updated resources

The following resources were updated: AWS::Greengrass::FunctionDefinition and AWS::Greengrass::FunctionDefinitionVersion.

AWS::Greengrass::FunctionDefinition

In the FunctionConfiguration property type, the MemorySize and Timeout properties are no longer required.

AWS::Greengrass::FunctionDefinitionVersion

In the FunctionConfiguration property type, the MemorySize and Timeout properties are no longer required.

April 25, 2019

Updated resources

The following resources were updated: AWS::ECS::TaskDefinition, AWS::ElasticLoadBalancingV2::TargetGroup

AWS::ECS::TaskDefinition

Use the ProxyConfiguration property to specify the configuration details for an App Mesh proxy.

In the ContainerDefinition property type:

  • Use the DependsOn property to specify the dependencies defined for container startup and shutdown.

  • Use the StartTimeout property to specify the time duration to wait before giving up on resolving dependencies for a container.

  • Use the StopTimeout property to specify the time duration to wait before the container is forcefully killed if it doesn't exit normally on its own.

AWS::ElasticLoadBalancingV2::TargetGroup

Use the HealthCheckEnabled property to indicate whether health checks are enabled.

The Port, Protocol, and VpcId properties are now required only if the target type is instance or ip.

April 18, 2019

New resource

The following resource was added: AWS::EC2::CapacityReservation.

AWS::EC2::CapacityReservation

Use the AWS::EC2::CapacityReservation resource to create a Capacity Reservation.

April 18, 2019

Updated resources

The following resource was updated: AWS::Batch::JobDefinition and AWS::ServiceCatalog::CloudFormationProvisionedProduct.

AWS::Batch::JobDefinition

Use the ResourceRequirement property type to specify the type and amount of a resource to assign to a container. Currently, the only supported resource type is GPU.

AWS::ServiceCatalog::CloudFormationProvisionedProduct

The Tags property requires the provisioned product to have a RESOURCE_UPDATE constraint with TagUpdatesOnProvisionedProduct set to ALLOWED to allow tag updates.

The Tags property now requires no interruption upon update.

April 4, 2019

New resource

The following resource was added: AWS::ServiceCatalog::ResourceUpdateConstraint.

AWS::ServiceCatalog::ResourceUpdateConstraint

Use the AWS::ServiceCatalog::ResourceUpdateConstraint resource to create a RESOURCE_UPDATE constraint for Service Catalog.

April 4, 2019

Updated resources

The following resources were updated: AWS::AppStream::Fleet, AWS::AppStream::ImageBuilder, AWS::AppStream::Stack, and AWS::EKS::Cluster.

AWS::AppStream::Fleet, AWS::AppStream::ImageBuilder, and AWS::AppStream::Stack

Use the Tags property to add or overwrite one or more tags for an Amazon AppStream 2.0 fleet, stack, or image builder.

AWS::EKS::Cluster

Updates to the Version property no longer require replacement.

March 28, 2019

New resources

The following resources were added: AWS::AppMesh::Mesh, AWS::AppMesh::Route, AWS::AppMesh::VirtualNode, AWS::AppMesh::VirtualRouter, and AWS::AppMesh::VirtualService.

AWS::AppMesh::Mesh

The AWS::AppMesh::Mesh resource to specify a service mesh. A service mesh is a logical boundary for network traffic between the services that reside within it.

AWS::AppMesh::Route

Use the AWS::AppMesh::Route resource to specify a route that is associated with a virtual router.

AWS::AppMesh::VirtualNode

Use the AWS::AppMesh::VirtualNode resource to specify a virtual node within a service mesh.

AWS::AppMesh::VirtualRouter

Use the AWS::AppMesh::VirtualRouter resource to specify a virtual router within a service mesh.

AWS::AppMesh::VirtualService

Use the AWS::AppMesh::VirtualService resource to specify a virtual service within a service mesh.

March 27, 2019

New resources

The following resources were added: AWS::Greengrass::ConnectorDefinition, AWS::Greengrass::ConnectorDefinitionVersion, AWS::Greengrass::CoreDefinition, AWS::Greengrass::CoreDefinitionVersion, AWS::Greengrass::DeviceDefinition, AWS::Greengrass::DeviceDefinitionVersion, AWS::Greengrass::FunctionDefinition, AWS::Greengrass::FunctionDefinitionVersion, AWS::Greengrass::Group, AWS::Greengrass::GroupVersion, AWS::Greengrass::LoggerDefinition, AWS::Greengrass::LoggerDefinitionVersion, AWS::Greengrass::ResourceDefinition, AWS::Greengrass::ResourceDefinitionVersion, AWS::Greengrass::SubscriptionDefinition, and AWS::Greengrass::SubscriptionDefinitionVersion.

AWS::Greengrass::ConnectorDefinition and AWS::Greengrass::ConnectorDefinitionVersion

Use the AWS::Greengrass::ConnectorDefinition and AWS::Greengrass::ConnectorDefinitionVersion resources to create and manage your connectors.

AWS::Greengrass::CoreDefinition and AWS::Greengrass::CoreDefinitionVersion

Use the AWS::Greengrass::CoreDefinition and AWS::Greengrass::CoreDefinitionVersion resources to create and manage your cores.

AWS::Greengrass::DeviceDefinition and AWS::Greengrass::DeviceDefinitionVersion

Use the AWS::Greengrass::DeviceDefinition and AWS::Greengrass::DeviceDefinitionVersion resources to create and manage your devices.

AWS::Greengrass::FunctionDefinition and AWS::Greengrass::FunctionDefinitionVersion

Use the AWS::Greengrass::FunctionDefinition and AWS::Greengrass::FunctionDefinitionVersion resources to create and manage your functions.

AWS::Greengrass::Group and AWS::Greengrass::GroupVersion

Use the AWS::Greengrass::Group and AWS::Greengrass::GroupVersion resources to create and manage your Greengrass groups.

AWS::Greengrass::LoggerDefinitionVersion and AWS::Greengrass::LoggerDefinition

Use the AWS::Greengrass::LoggerDefinition and AWS::Greengrass::LoggerDefinitionVersion resources to create and manage your logging configuration.

AWS::Greengrass::ResourceDefinition and AWS::Greengrass::ResourceDefinitionVersion

Use the AWS::Greengrass::ResourceDefinition and AWS::Greengrass::ResourceDefinitionVersion resources to create and manage your local, machine learning, and secret resources.

AWS::Greengrass::SubscriptionDefinition and AWS::Greengrass::SubscriptionDefinitionVersion

Use the AWS::Greengrass::SubscriptionDefinition and AWS::Greengrass::SubscriptionDefinitionVersion resources to create and manage your subscriptions.

March 15, 2019

Updated resources

The following resources were updated: AWS::CodeBuild::Project, AWS::OpsWorksCM::Server, and AWS::SageMaker::NotebookInstance.

AWS::CodeBuild::Project

In the Project Source property type, use the GitSubmodulesConfig property to get information about Git submodules for a project.

In the Project S3Logs property type, use the EncryptionDisabled property to disable encryption on S3 build logs.

AWS::OpsWorksCM::Server

Use the AssociatePublicIpAddress property to associate a public IP address with the server.

AWS::SageMaker::NotebookInstance

Use the RootAccess property to specify whether root access is enabled or disabled for users of the notebook instance.

March 14, 2019

Updated resources

The following resources were updated: AWS::StepFunctions::Activity and AWS::StepFunctions::StateMachine.

AWS::StepFunctions::Activity

Use the Tags property to specify the tags (key-value pairs) that you want to attach to the Step Functions activity.

AWS::StepFunctions::StateMachine

Use the Tags property to specify the tags (key-value pairs) that you want to attach to the Step Functions state machine.

March 7, 2019

Updated resource

The following resource was updated: AWS::SageMaker::NotebookInstance.

AWS::SageMaker::NotebookInstance

Use the VolumeSizeInGB property to specify the size in GB of the persisted machine learning storage volume that is provisioned and attached to the Amazon SageMaker notebook instance.

February 28, 2019

Updated resources

The following resources were updated: AWS::ApiGateway::ApiKey, AWS::CodeBuild::Project, AWS::Elasticsearch::Domain, AWS::RDS::DBCluster, and AWS::RDS::DBInstance.

AWS::ApiGateway::ApiKey

Use the Value property to specify the value of the API key.

AWS::CodeBuild::Project

In the ProjectCache property type, you can use the Modes property to specify the type cache an AWS CodeBuild project uses.

AWS::Elasticsearch::Domain

Use the NodeToNodeEncryptionOptions property to specify whether node-to-node encryption is enabled.

AWS::RDS::DBCluster

Use the SourceRegion property to specify the AWS Region which contains the source DB cluster when replicating a DB cluster.

AWS::RDS::DBInstance

Use the UseDefaultProcessorFeatures property to specify that the DB instance class of the DB instance uses its default processor features.

February 21, 2019

New resources

The following resources were added: AWS::RAM::ResourceShare, AWS::RoboMaker::Fleet, AWS::RoboMaker::Robot, AWS::RoboMaker::RobotApplication, AWS::RoboMaker::RobotApplicationVersion, AWS::RoboMaker::SimulationApplication, and AWS::RoboMaker::SimulationApplicationVersion.

AWS::RAM::ResourceShare

Use the AWS::RAM::ResourceShare resource to create, update, and delete an Amazon ResourceShare.

AWS::RoboMaker::Fleet

Use the AWS::RoboMaker::Fleet resource to to create an AWS RoboMaker fleet.

AWS::RoboMaker::Robot

Use the AWS::RoboMaker::Robot resource to create an AWS RoboMaker robot.

AWS::RoboMaker::RobotApplication

Use the AWS::RoboMaker::RobotApplication resource to create an AWS RoboMaker robot application.

AWS::RoboMaker::RobotApplicationVersion

Use the AWS::RoboMaker::RobotApplicationVersion resource to create a version of an AWS RoboMaker robot application.

AWS::RoboMaker::SimulationApplication

Use the AWS::RoboMaker::SimulationApplication resource to create an AWS RoboMaker simulation application.

AWS::RoboMaker::SimulationApplicationVersion

Use the AWS::RoboMaker::SimulationApplicationVersion resource to create a version of an AWS RoboMaker simulation application.

February 21, 2019

Updated resource

The following resource was updated: AWS::CodeBuild::Project.

AWS::CodeBuild::Project

In the ProjectTriggers property type, you can use the WebhookFilters property to specify the webhook events that trigger a new AWS CodeBuild build.

February 15, 2019

New resources

The following resources were added: AWS::FSx::FileSystem, AWS::KinesisAnalyticsv2::Application, AWS::KinesisAnalyticsv2::ApplicationCloudWatchLoggingOption, AWS::KinesisAnalyticsv2::ApplicationOutput, and AWS::KinesisAnalyticsv2::ApplicationReferenceDataSource.

AWS::FSx::FileSystem

Use the AWS::FSx::FileSystem resource to create a new Amazon FSx for Lustre or Amazon FSx for Windows File Server file system.

AWS::KinesisAnalyticsV2::Application

Use the AWS::KinesisAnalyticsV2::Application resource to create an Amazon Kinesis Data Analytics application.

AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption

Use the AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption resource to add an Amazon CloudWatch log stream to monitor application configuration errors.

AWS::KinesisAnalyticsV2::ApplicationOutput

Use the AWS::KinesisAnalyticsV2::ApplicationOutput resource to describe a SQL-based Amazon Kinesis Data Analytics application's output configuration.

AWS::KinesisAnalyticsV2::ApplicationReferenceDataSource

Use the AWS::KinesisAnalyticsV2::ApplicationReferenceDataSource resource to describe a reference data source for a SQL-based Amazon Kinesis Data Analytics application.

February 15, 2019

Updated resources

The following resources were updated: AWS::OpsWorksCM::Server, AWS::ServiceDiscovery::Instance, and AWS::ServiceDiscovery::Service.

AWS::OpsWorksCM::Server

EngineAttributes were updated to include additional attributes that you can use to create an AWS OpsWorks for Puppet Enterprise master server.

AWS::ServiceDiscovery::Instance

The InstanceAttributes property now takes a String map value.

AWS::ServiceDiscovery::Service

The DNSConfig property is no longer required.

An update to the HealthCheckCustomConfig property now requires replacement.

February 8, 2019

New resources

The following resources were added: AWS::ApiGatewayV2::Api, AWS::ApiGatewayV2::Authorizer, AWS::ApiGatewayV2::Deployment, AWS::ApiGatewayV2::Integration, AWS::ApiGatewayV2::IntegrationResponse, AWS::ApiGatewayV2::Model, AWS::ApiGatewayV2::Route, AWS::ApiGatewayV2::RouteResponse, and AWS::ApiGatewayV2::Stage.

AWS::ApiGatewayV2::Api

Use the AWS::ApiGatewayV2::Api resource to manage an API Gateway WebSocket API.

AWS::ApiGatewayV2::Authorizer

Use the AWS::ApiGatewayV2::Authorizer resource to represent an API Gateway authorizer function.

AWS::ApiGatewayV2::Deployment

Use the AWS::ApiGatewayV2::Deployment resource to create an API Gateway WebSocket API deployment.

AWS::ApiGatewayV2::Integration

Use the AWS::ApiGatewayV2::Integration resource to specify information about the target backend that an API Gateway route calls.

AWS::ApiGatewayV2::IntegrationResponse

Use the AWS::ApiGatewayV2::IntegrationResponse resource to specify the response that API Gateway sends after a route's backend finishes processing a WebSocket message.

AWS::ApiGatewayV2::Model

Use the AWS::ApiGatewayV2::Model resource to define the structure of a route request or response payload for an API Gateway WebSocket API.

AWS::ApiGatewayV2::Route

Use the AWS::ApiGatewayV2::Route resource to specify information that is expected to be present in a WebSocket message payload.

AWS::ApiGatewayV2::RouteResponse

Use the AWS::ApiGatewayV2::RouteResponse resource to define the responses that can be sent to the client that sends a message to an API Gateway WebSocket API.

AWS::ApiGatewayV2::Stage

Use the AWS::ApiGatewayV2::Stage resource to create a stage for an API Gateway WebSocket API deployment.

February 8, 2019

Updated resources

The following resources were updated: AWS::CodeBuild::Project and AWS::ElasticLoadBalancingV2::Listener.

AWS::CodeBuild::Project

In the Environment property type, you can use the ImagePullCredentialsType property to specify the type of credentials AWS CodeBuild uses to pull images in your build.

In the Environment property type, you can use the RegistryCredential property to provide information about credentials that provide access to a private Docker registry.

AWS::ElasticLoadBalancingV2::Listener

Create TLS listeners for your Network Load Balancers.

January 24, 2019

New resource

The following resource was added: AWS::OpsWorksCM::Server.

AWS::OpsWorksCM::Server

Use the AWS::OpsWorksCM::Server resource to create an AWS OpsWorks for Chef Automate or AWS OpsWorks for Puppet Enterprise server.

January 24, 2019

UpdateReplacePolicy attribute added

Use the UpdateReplacePolicy attribute to retain or (in some cases) backup the existing physical instance of a resource when it is replaced during a stack update operation.

For more information, see UpdateReplacePolicy Attribute.

January 23, 2019

Updated resource

The following resource was updated: AWS::Inspector::AssessmentTarget

AWS::Inspector::AssessmentTarget

The ResourceGroupArn property is no longer required. If unspecified, all Amazon EC2 instances in your AWS account in the current region will be included in the assessment target.

January 17, 2019

Updated resource

The following resource was updated: AWS::ServiceCatalog::CloudFormationProvisionedProduct.

AWS::ServiceCatalog::CloudFormationProvisionedProduct

The ProductId property now requires no interruption upon update.

The ProductName property now requires no interruption upon update.

Each time a stack is created or updated, if ProductName is provided it will successfully resolve to ProductId as long as only one product exists in the account/region with that ProductName.

January 10, 2019

New resources

The following resources were added: AWS::DocDB::DBCluster, AWS::DocDB::DBClusterParameterGroup, AWS::DocDB::DBInstance, and AWS::DocDB::DBSubnetGroup.

AWS::DocDB::DBCluster

Use the AWS::DocDB::DBCluster resource to manage an Amazon DocumentDB cluster.

AWS::DocDB::DBClusterParameterGroup

Use the AWS::DocDB::DBClusterParameterGroup resource to manage an Amazon DocumentDB cluster parameter group.

AWS::DocDB::DBInstance

Use the AWS::DocDB::DBInstance resource to manage an Amazon DocumentDB instance.

AWS::DocDB::DBSubnetGroup

Use the AWS::DocDB::DBSubnetGroup resource to describe an Amazon DocumentDB subnet group.

January 10, 2019

Updated resources

The following resources were updated: AWS::AmazonMQ::Broker, AWS::AmazonMQ::Configuration, and AWS::SageMaker::Model.

AWS::AmazonMQ::Broker

Use the Tags property to specify an array of key-value pairs for cost allocation tagging.

AWS::AmazonMQ::Configuration

Use the Tags property to specify an array of key-value pairs for cost allocation tagging.

AWS::SageMaker::Model

Use the Containers property to specify the list of containers in the inference pipeline.

January 3, 2019

New resource

The following resource was added: AWS::Route53Resolver::ResolverRuleAssociation.

AWS::Route53Resolver::ResolverRuleAssociation

Use the AWS::Route53Resolver::ResolverRuleAssociation resource to associate an Amazon Route 53 Resolver rule and a VPC that you created using Amazon Virtual Private Cloud (Amazon VPC).

January 3, 2019

Updated resource

The following resource was updated: AWS::AmazonMQ::Broker.

AWS::AmazonMQ::Broker

The following attributes are now available using the Fn::Getatt intrinsic function:

  • IpAddresses

  • MqttEndpoints

  • OpenWireEndpoints

  • AmqpEndpoints

  • StompEndpoints

  • WssEndpoints

December 13, 2018

Stack instance operation limit

For StackSets, you can have a maximum of 1500 stack instance operations running in a given region at the same time, per administrator account.

For more information, see AWS CloudFormation Limits.

December 13, 2018

New resources

The following resources were added: AWS::AmazonMQ::ConfigurationAssociation, AWS::IoTAnalytics::Channel, AWS::IoTAnalytics::Dataset, AWS::IoTAnalytics::Datastore, and AWS::IoTAnalytics::Pipeline.

AWS::AmazonMQ::ConfigurationAssociation

Use the AWS::AmazonMQ::ConfigurationAssociation resource to associate a configuration with a broker, or return information about the specified configuration association.

AWS::IoTAnalytics::Channel

Use the AWS::IoTAnalytics::Channel resource to create a channel. A channel collects data from an MQTT topic and archives the raw, unprocessed messages before publishing the data to a pipeline.

AWS::IoTAnalytics::Dataset

Use the AWS::IoTAnalytics::Dataset resource to create a data set. A data set retrieves data from a data store and allows you to explore and analyze your data using machine learning tools.

AWS::IoTAnalytics::Datastore

Use the AWS::IoTAnalytics::Datastore resource to create a data store. A data store holds messages from a channel which have been processed through a pipeline.

AWS::IoTAnalytics::Pipeline

Use the AWS::IoTAnalytics::Pipeline resource to create a pipeline. A pipeline consumes messages from one or more channels and allows you to process the messages before storing them in a data store.

December 13, 2018

The CAPABILITY_AUTO_EXPAND capability is now available.

Use the CAPABILITY_AUTO_EXPAND capability to create or update a stack directly from a stack template that contains macros, without first reviewing the resulting changes in a change set first.

For more information, see CreateStack or UpdateStack in AWS CloudFormation API Reference.

December 7, 2018

Updated resource

The following resource was updated: AWS::CodeBuild::Project.

AWS::CodeBuild::Project
  • In the Environment property type, you can use the Certificate property to specify a certificate to use with your build project.

  • In the Artifacts property type, you can use the ArtifactIdentifier property to identify the project artifact.

  • In the Source property type, you can use the SourceIdentifier property to identify the project source.

December 6, 2018

Updated resource

The following resource was updated: AWS::Lambda::Function

AWS::Lambda::Function

Use the Layers property to specify a list of Amazon Resource Names (ARNs) for the function layers to add to the function's execution environment.

November 29, 2018

New resources

The following resources were added: AWS::Lambda::LayerVersion, AWS::Lambda::LayerVersionPermission.

AWS::Lambda::LayerVersion

Use the AWS CloudFormation AWS::Lambda::LayerVersion resource to create a layer version in AWS Lambda.

AWS::Lambda::LayerVersionPermission

Use the AWS CloudFormation AWS::Lambda::LayerVersionPermission resource to give other accounts permission to use a layer version in AWS Lambda.

November 29, 2018

Updated resources

The following resources were updated: AWS::DynamoDB::Table, AWS::EC2::Instance, and AWS::ServiceDiscovery::Service.

AWS::DynamoDB::Table

Use the BillingMode property to specify how you are charged for read and write throughput and how you manage capacity.

The ProvisionedThroughput property is now conditional.

In the GlobalSecondaryIndex property type, the ProvisionedThroughput property is now conditional.

AWS::EC2::Instance

Use the ElasticInferenceAccelerators property to specify a list of elastic inference accelerators for an instance.

Use the LicenseSpecifications property to associate a list of license configuration with an instance.

AWS::ServiceDiscovery::Service

Use the NamespaceId property to specify the ID of the namespace that you want to use to create the service.

In the DnsConfig property type, use the RoutingPolicy property to specify the routing policy that you want to apply to all DNS records that AWS Cloud Map creates when you register an instance and specify this service.

November 28, 2018

New resource

The following resource was added: AWS::ServiceDiscovery::HttpNamespace.

AWS::ServiceDiscovery::HttpNamespace

Use the HttpNamespace resource to create an HTTP namespace for Cloud Map.

November 28, 2018

New resources

The following resources were added: AWS::EC2::TransitGateway, AWS::EC2::TransitGatewayAttachment, AWS::EC2::TransitGatewayRoute, AWS::EC2::TransitGatewayRouteTable, AWS::EC2::TransitGatewayRouteTableAssociation, and AWS::EC2::TransitGatewayRouteTablePropagation.

AWS::EC2::TransitGateway

Use the AWS::EC2::TransitGateway resource to create a transit gateway.

AWS::EC2::TransitGatewayAttachment

Use the AWS::EC2::TransitGatewayAttachment resource to create an attachment between a VPC and a transit gateway.

AWS::EC2::TransitGatewayRoute

Use the AWS::EC2::TransitGatewayRoute resource to create a static route for a transit gateway route table.

AWS::EC2::TransitGatewayRouteTable

Use the AWS::EC2::TransitGatewayRouteTable resource to create a route table for a transit gateway.

AWS::EC2::TransitGatewayRouteTableAssociation

Use the AWS::EC2::TransitGatewayRouteTableAssociation resource to associate an attachment with a transit gateway route table.

AWS::EC2::TransitGatewayRouteTablePropagation

Use the AWS::EC2::TransitGatewayRouteTablePropagation resource to enable an attachment to propagate routes.

November 26, 2018

New resources

The following resources were added: Alexa::ASK::Skill, AWS::AppSync::FunctionConfiguration, AWS::EC2::EC2Fleet, AWS::Kinesis::StreamConsumer, AWS::Route53Resolver:ResolverEndpoint, and AWS::Route53Resolver::ResolverRule.

Alexa::ASK::Skill

Use the Alexa::ASK::Skill resource to create an Alexa skill.

AWS::AppSync::FunctionConfiguration

Use the AWS::AppSync::FunctionConfiguration resource to describe the functions defined with appsync datasource in AWS AppSync.

AWS::EC2::EC2Fleet

Use the AWS::EC2::EC2Fleet resource to launch an EC2 Fleet that can include multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet.

AWS::Kinesis::StreamConsumer

Use the AWS::Kinesis::StreamConsumer resource to to register a consumer with a Kinesis data stream.

AWS::Route53Resolver::ResolverEndpoint

Use the AWS::Route53Resolver::ResolverEndpoint resource to specify settings for inbound or outbound endpoints for Amazon Route 53.

AWS::Route53Resolver::ResolverRule

Use the AWS::Route53Resolver::ResolverRule resource to specify detailed information about a resolver rule, which specifies how to route DNS queries out of a VPC for Amazon Route 53.

November 20, 2018

Updated resources

The following resources were updated: AWS::ApiGateway::Deployment, AWS::ApiGateway::Stage, AWS::AutoScaling::AutoScalingGroup, AWS::EC2::EIP, AWS::ElasticLoadBalancingV2::Listener, AWS::EMR::Cluster, AWS::OpsWorks::Layer, AWS::RDS::DBCluster, AWS::RDS::DBInstance, AWS::S3::Bucket, and AWS::SNS::Topic.

AWS::ApiGateway::Deployment

In the StageDescription property type, use the Tags property to specify the AWS CloudFormation resource tags to associate with the stage.

AWS::ApiGateway::Stage

Use the Tags property to specify the AWS CloudFormation resource tags to associate with the stage.

AWS::AutoScaling::AutoScalingGroup

Use the MixedInstancesPolicy property to provision a combination of On-Demand Instances and Spot Instances across multiple instance types. When you create your Auto Scaling group, you can specify a launch configuration or template as a parameter for the top-level object, or you can specify a mixed instances policy, but not both at the same time.

AWS::EC2::EIP

Use the PublicIpv4Pool property to specify the ID of an address pool that you own to let Amazon EC2 select an address from the address pool.

AWS::ElasticLoadBalancingV2::Listener

In the Action property type:

  • Use the AuthenticateCognitoConfig property to specify request parameters to use when integrating with Amazon Cognito to authenticate users.

  • Use the AuthenticateOidcConfig property to request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.

  • Use the FixedResponseConfig property to specify information about an action that returns a custom HTTP response.

  • Use the RedirectConfig property to specify information about a redirect action.

AWS::ElasticLoadBalancingV2::ListenerRule

In the Actions property type:

  • Use the AuthenticateCognitoConfig property to specify request parameters to use when integrating with Amazon Cognito to authenticate users.

  • Use the AuthenticateOidcConfig property to request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.

  • Use the FixedResponseConfig property to specify information about an action that returns a custom HTTP response.

  • Use the RedirectConfig property to specify information about a redirect action.

AWS::EMR::Cluster

Use the HadoopJarStepConfig property type to specify a job flow step consisting of a JAR file whose main function will be executed.

Use the StepConfig property type to specify a cluster (job flow) step.

Use the KeyValue property type to specify a key value pair.

In the JobFlowInstancesConfig property type, use KeepJobFlowAliveWhenNoSteps property to specify whether the cluster should remain available after completing all steps.

AWS::OpsWorks::Layer

In the VolumeConfiguration property type, use the Encrypted property to specify whether an Amazon EBS volume is encrypted.

AWS::RDS::DBCluster

Use the DeletionProtection property to indicate whether the DB cluster should have deletion protection enabled. The database can't be deleted when this value is set to true. If you want to delete a stack with a protected cluster, update this value to false before you delete the stack.

AWS::RDS::DBInstance

Use the DeleteAutomatedBackups property to indicate whether automated backups should be deleted (true) or retained (false) when you delete a DB instance. The default is true.

Use the DeletionProtection property to indicate whether the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to true. If you want to delete a stack with a protected instance, update this value to false before you delete the stack.

AWS::S3::Bucket

Use the PublicAccessBlockConfiguration property to specify the public access configuration for an Amazon S3 bucket.

AWS::SNS::Topic

Use the KmsMasterKeyId property to specify an AWS KMS key identifier. This can be a key ID, key ARN, or key alias.

November 19, 2018

Updated resource

The following resource was updated: AWS::CodePipeline::Pipeline.

AWS::CodePipeline::Pipeline

Use the ArtifactStores property to specify a list of ArtifactStoreMap mappings. There must be an artifact store for the pipeline region and for each cross-region action within the pipeline. You can only use either ArtifactStore or ArtifactStores, not both.

In the Actions property type, use the Region property to specify the action’s AWS Region, such as us-east-1.

November 13, 2018

Stack drift detection added

Drift detection enables you to detect whether a stack's actual configuration differs, or has drifted, from its expected template configuration as defined within AWS CloudFormation. You can have AWS CloudFormation detect drift on an entire stack, or individual stack resources.

For more information, see Detecting Unmanaged Configuration Changes to Stacks and Resources.

November 13, 2018

Updated resources

The following resources have been updated: AWS::ApiGateway::Deployment, AWS::ApiGateway::Stage, AWS::CloudWatch::Alarm, AWS::EC2::SecurityGroupIngress, AWS::IAM::Role, AWS::IAM::User, AWS::IoT::TopicRule, AWS::KMS::Key, AWS::RDS::DBCluster, AWS::RDS::DBInstance, AWS::Route53::RecordSet, AWS::S3::Bucket, and AWS::Workspaces::Workspace.

AWS::ApiGateway::Deployment

In the StageDescription property type, use the TracingEnabled property to specify whether active tracing with X-ray is enabled for this stage.

AWS::ApiGateway::Stage

Use the TracingEnabled property to specify whether active tracing with X-ray is enabled for this stage.

AWS::CloudWatch::Alarm

Use the DatapointsToAlarm property to specify the number of datapoints that must be breaching to trigger the alarm. This is used only if you are setting an "M out of N" alarm. In that case, this value is the M.

AWS::EC2::SecurityGroupIngress

Use the SourcePrefixListId property to specify the AWS service prefix of an Amazon VPC endpoint.

AWS::IAM::Role

Use the PermissionsBoundary property to specify the policy that is used to set the permissions boundary for the role.

AWS::IAM::User

Use the PermissionsBoundary property to specify the policy that is used to set the permissions boundary for the user.

AWS::IoT::TopicRule

In the TopicRulePayload property type, use the ErrorActions property to specify the action to take when an error occurs.

In the Action property type:

  • Use the IoTAnalytics property to send message data to an AWS IoT Analytics channel.

  • Use the StepFunctionsAction property to start execution of a Step Functions state machine.

AWS::KMS::Key

Use the PendingWindowInDays property to specify the waiting period, specified in number of days, after which AWS KMS deletes the customer master key (CMK).

AWS::RDS::DBInstance

Use the EnableCloudwatchLogsExports property to specify the list of log types that need to be enabled for exporting to CloudWatch Logs.

Use the EnableIAMDatabaseAuthentication property to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts.

Use the EnablePerformanceInsights property to enable Performance Insights for the DB instance.

Use the PerformanceInsightsKMSKeyId property to specify the AWS KMS key identifier for encryption of Performance Insights data. The AWS KMS key ID is the Amazon Resource Name (ARN), AWS KMS key identifier, or the AWS KMS key alias for the AWS KMS encryption key.

Use the PerformanceInsightsRetentionPeriod property to specify the amount of time, in days, to retain Performance Insights data.

Use the ProcessorFeatures property to specify the number of CPU cores and the number of threads per core for the DB instance class of the DB instance.

Use the PromotionTier property to specify the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance.

AWS::RDS::DBCluster

Use the EnableCloudwatchLogsExports property to specify the list of log types that need to be enabled for exporting to CloudWatch Logs.

Use the EnableIAMDatabaseAuthentication property to enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts.

Use the BacktrackWindow property to specify the target backtrack window, in seconds. To disable backtracking, specify 0. If specified, this property must be set to a number from 0 to 259,200 (72 hours).

AWS::Route53::RecordSet

Use the MultiValueAnswer property to route traffic approximately randomly to multiple resources, such as web servers. Create one multivalue answer record for each resource and specify true for MultiValueAnswer.

AWS::S3::Bucket

Use the RegionalDomainName attribute with the Fn::GetAtt function to return the regional domain name of the specified bucket.

AWS::Workspaces::Workspace

Use the Tags property to specify the tags (key-value pairs) that you want to attach to the WorkSpace.

Use the WorkspaceProperties property to specify information about a WorkSpace.

November 9, 2018

The secretsmanager dynamic reference is now available.

Use the secretsmanager dynamic reference to retrieve entire secrets or secret values that are stored in AWS Secrets Manager for use in your templates. Secrets can be database credentials, passwords, third-party API keys, and even arbitrary text. Using the secretsmanager dynamic reference guarantees that neither Secrets Manager nor CloudFormation logs or persists any resolved secret value.

For more information, see Using Dynamic References to Specify Template Values.

November 9, 2018

New resources

The following resources were added: AWS::DLM::LifecyclePolicy, AWS::SecretsManager::ResourcePolicy, AWS::SecretsManager::RotationSchedule, AWS::SecretsManager::Secret, and AWS::SecretsManager::SecretTargetAttachment.

AWS::DLM::LifecyclePolicy

The AWS::DLM::LifecyclePolicy resource creates a lifecycle policy for Amazon Data Lifecycle Manager.

AWS::SecretsManager::ResourcePolicy

Use the AWS::SecretsManager::ResourcePolicy resource to define a resource-based policy and attach it to a secret that's stored in Secrets Manager.

AWS::SecretsManager::RotationSchedule

Use the AWS::SecretsManager::RotationSchedule resource to configure rotation for a secret.

AWS::SecretsManager::Secret

Use the AWS::SecretsManager::Secret resource to create a secret and stores it in Secrets Manager.

AWS::SecretsManager::SecretTargetAttachment

Use the AWS::SecretsManager::SecretTargetAttachment resource to complete the final link between a Secrets Manager secret and its associated database.

November 9, 2018

Updated resource

The following resource was updated: AWS::SSM:MaintenanceWindow.

AWS::SSM:MaintenanceWindow

Use the StartDate and StartDate property types to specify when you want the Maintenance Window to become active or inactive. Use the ScheduleTimezone property type to specify the time zone to base scheduled Maintenance Window executions on, in Internet Assigned Numbers Authority (IANA) format.

November 1, 2018

Updated resources

The following resources were updated: AWS::AppSync::DataSource, AWS::AppSync::Resolver, AWS::AutoScalingPlans::ScalingPlan, AWS::Batch::JobDefinition, AWS::Batch::ComputeEnvironment, AWS::CloudWatch::Alarm, AWS::IoT1Click::Placement, and AWS::IoT1Click::Project.

AWS::AppSync::DataSource

Use the RelationalDatabaseConfig property type to specify RelationalDatabaseConfig for an AWS AppSync data source.

In the HttpConfig property type, use the AuthorizationConfig property to specify the authorization type and configurations for an AWS AppSync http data source.

AWS::AppSync::Resolver

Use the PipelineConfig property type to specify PipelineConfig for an AWS AppSync data source to connect with functions.

AWS::AutoScalingPlans::ScalingPlan

Use the ScalingInstruction property type to configure predictive scaling as part of the scaling configuration for an Amazon EC2 Auto Scaling group in an AWS Auto Scaling scaling plan.

Use the PredefinedLoadMetricSpecification property type to specify a predefined load metric for predictive scaling to use with AWS Auto Scaling.

Use the CustomizedLoadMetricSpecification property type to specify a customized load metric for predictive scaling to use with AWS Auto Scaling.

AWS::Batch::JobDefinition

The AWS::Batch::JobDefinition resource was updated to support AWS Batch multi-node parallel jobs.

AWS::Batch::ComputeEnvironment

The AWS::Batch::ComputeEnvironment resource was updated to support Amazon EC2 launch templates and placement groups.

AWS::CloudWatch::Alarm

Use the Metrics property to specify the metric data to return.

The MetricName, Namespace, and Period properties are now optional.

AWS::IoT1Click::Placement

The PlacementName property is now optional.

AWS::IoT1Click::Project

The ProjectName property is now optional.

October 25, 2018

New resources

The following resources were added: AWS::AppStream::DirectoryConfig, AWS::AppStream::Fleet, AWS::AppStream::ImageBuilder, AWS::AppStream::Stack, AWS::AppStream::StackFleetAssociation, AWS::AppStream::StackUserAssociation, AWS::AppStream::User.

AWS::AppStream::DirectoryConfig

Use the AWS::AppStream::DirectoryConfig resource to describe the configuration information required to join Amazon AppStream 2.0 fleets and image builders to Microsoft Active Directory domains.

AWS::AppStream::Fleet

Use the AWS::AppStream::Fleet resource to create a fleet for Amazon AppStream 2.0. A fleet consists of streaming instances that run a specified image.

AWS::AppStream::ImageBuilder

Use the AWS::AppStream::ImageBuilder resource to create an image builder for Amazon AppStream 2.0.

AWS::AppStream::Stack

Use the AWS::AppStream::Stack resource to create a stack to start streaming applications to Amazon AppStream 2.0 users.

AWS::AppStream::StackFleetAssociation

Use the AWS::AppStream::StackFleetAssociation resource to associate a fleet with a stack for Amazon AppStream 2.0.

AWS::AppStream::StackUserAssociation

Use the AWS::AppStream::StackUserAssociation resource to associate the specified stacks with the specified users for Amazon AppStream 2.0. Users in a user pool cannot be assigned to stacks with fleets that are joined to an Active Directory domain.

AWS::AppStream::User

Use the AWS::AppStream::User resource to create a new user in the user pool for Amazon AppStream 2.0.

October 25, 2018

Updated resource

Updated the following resources: AWS::AmazonMQ::Broker, AWS::GuardDuty::Detector, and AWS::SSM::PatchBaseline.

AWS::AmazonMQ::Broker

Amazon MQ now supports engine versions 5.15.6 and 5.15.0. Property changes include:

  • The EngineVersion property now requires some interruptions upon update.

  • The AutoMinorVersionUpgrade property now requires no interruption upon update.

AWS::GuardDuty::Detector

Use the FindingPublishingFrequency property to specify the frequency of notifications sent about the subsequent finding occurrences.

AWS::SSM::PatchBaseline

Use the PatchSource property type to provide information about the patches to use to update target instances.

October 18, 2018

New resource

Added the AWS::Events::EventBusPolicy resource.

AWS::Events::EventBusPolicy

Use the AWS::Events::EventBusPolicy resource to grant permission to other AWS accounts that send events to your account.

October 18, 2018

UseOnlineResharding update policy now available.

To modify a replication group's shards by adding or removing shards, rather than replacing the entire AWS::ElastiCache::ReplicationGroup resource, use the UseOnlineResharding update policy.

For more information, see UseOnlineResharding Policy.

September 20, 2018

Updated resources

The following resources have been updated: AWS::ApiGateway::Deployment, AWS::ApiGateway::Method, AWS::ApiGateway::Stage, AWS::ApiGateway::UsagePlan, AWS::CodeBuild::Project, AWS::CodeDeploy::DeploymentGroup, AWS::EC2::FlowLog, AWS::EC2::SpotFleet, AWS::EC2::VPCEndpoint, AWS::ECS::Service, AWS::ECS::TaskDefinition, and AWS::RDS::DBCluster.

AWS::ApiGateway::Deployment

Use the DeploymentCanarySettings property to specify settings for the canary deployment.

In the StageDescription property type:

  • Use the AccessLogSetting property to specify settings for logging access in this stage.

  • Use the CanarySetting property to specify settings for the canary deployment in this stage.

AWS::ApiGateway::Method

Use the AuthorizationScopes property to specify a list of authorization scopes configured on the method.

In the Integration:

  • Use the ConnectionId property to specify the ID of the VpcLink used for the integration when connectionType=VPC_LINK.

  • Use the ConnectionType property to specify the type of the network connection to the integration endpoint.

  • Use the TimeoutInMillis property to specify a custom timeout between 50 and 29,000 milliseconds.

AWS::ApiGateway::Stage

Use the AccessLogSetting property to specify settings for logging access in this stage.

Use the CanarySetting property to specify settings for the canary deployment in this stage.

AWS::ApiGateway::UsagePlan

In the ApiStage property type, use the Throttle property to specify a map containing method-level throttling information for API stage in a usage plan.

AWS::CodeBuild::Project

Use the LogsConfig property specify logs for a project. Logs can be CloudWatch Logs, uploaded to a specified S3 bucket, or both.

In the LogsConfig property type:

  • Use the CloudWatchLogs property to specify details about CloudWatch Logs.

  • Use the S3Logs property to specify details about logs that are uploaded to an S3 bucket.

AWS::CodeDeploy::DeploymentGroup

Use the Ec2TagSet property to specify information about groups of tags applied to EC2 instances. The deployment group will include only EC2 instances identified by all the tag groups.

Use the OnPremisesInstanceTagSet property to specify information about groups of tags applied to on-premises instances. The deployment group will include only on-premises instances identified by all the tag groups.

The DeliverLogsPermissionArn and LogGroupName properties are no longer required.

AWS::EC2::FlowLog

Use the LogDestination property to specify the destination to which the flow log data is to be published.

Use the LogDestinationType property to specify the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3.

AWS::EC2::SpotFleet

In the SpotFleetRequestConfigData property type, use the InstanceInterruptionBehavior property to specify the behavior when a Spot Instance is interrupted.

In the SpotFleetRequestConfigData property type, use the LoadBalancersConfig property to specify one or more Classic Load Balancers and target groups to attach to the Spot Fleet request. Spot Fleet registers the running Spot Instances with the specified Classic Load Balancers and target groups.

In the Placement property type, use the Tenancy property to specify the tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for Spot Instances.

AWS::EC2::VPCEndpoint

Use the following attributes with the Fn::GetAtt function to return attribute values.

  • Use CreationTimestamp to return the date and time the VPC endpoint was created.

  • Use DnsEntries to return the DNS entries for the endpoint.

  • Use NetworkInterfaceIds to return the network interfaces for the endpoint.

AWS::ECS::Service

The ServiceRegistries property now requires replacement upon update.

Use the SchedulingStrategy property to specify the scheduling strategy to use for the service.

In the ServiceRegistry property type:

  • Use the ContainerName property to specify the container name value, already specified in the task definition, to be used for your service discovery service.

  • Use the ContainerPort property to specify the port value, already specified in the task definition, to be used for your service discovery service.

AWS::ECS::TaskDefinition

In the LinuxParameters property type:

  • Use the Tmpfs property to specify the container path, mount options, and size of the tmpfs mount.

  • Use the SharedMemorySize property to specify the size (in MiB) of the /dev/shm volume.

In the Volumes property type, use the DockerVolumeConfiguration property to specify the configuration of a Docker volume.

In the ContainerDefinition property type, use the RepositoryCredentials property to specify the repository credentials for private registry authentication.

AWS::ElastiCache::ReplicationGroup

The NodeGroupConfiguration and NumNodeGroups properties are now conditional for some update operations.

In the NodeGroupConfiguration property type, use the NodeGroupId property to specify either the ElastiCache for Redis supplied 4-digit id or a user supplied id for the node group these configuration values apply to.

AWS::RDS::DBCluster

Use the EngineMode property to specify the DB engine mode of the DB cluster.

Use the ScalingConfiguration property to specify the scaling properties of the DB cluster, for DB clusters in serverless DB engine mode.

September 20, 2018

New resources

The following resources were added: AWS::IoT1Click::Device, AWS::IoT1Click::Placement, and AWS::IoT1Click::Project.

AWS::IoT1Click::Device

Use the AWS::IoT1Click::Device resource to change the enabled state of an AWS IoT 1-Click compatible device.

AWS::IoT1Click::Placement

Use the AWS::IoT1Click::Placement resource to create an empty AWS IoT 1-Click placement.

AWS::IoT1Click::Project

Use the AWS::IoT1Click::Project resource to create an empty project with a placement template.

September 20, 2018

New resource

Added the AWS::CloudFormation::Macro resource.

AWS::CloudFormation::Macro

Use the AWS::CloudFormation::Macro resource to create a template macro to perform custom processing on AWS CloudFormation templates.

September 6, 2018

Macros now available

Use macros to to perform custom processing on templates, from simple actions like find-and-replace operations to extensive transformations of entire templates.

See Using AWS CloudFormation Macros to Perform Custom Processing on Templates for more information.

September 6, 2018

Updated resources

Added the Logs property to AWS::AmazonMQ::Broker. Added the SecondaryArtifacts and SecondarySources properties to AWS::CodeBuild::Project.

AWS::AmazonMQ::Broker

Use the Logs property to enable general or audit logging for an Amazon MQ broker.

AWS::CodeBuild::Project

In the Artifacts property type, you can use the SecondaryArtifacts property to specify secondary artifacts for a build project. You can use the SecondarySources property to specify secondary inputs for a build project.

August 30, 2018

Updated resources

Added the Configuration property to AWS::Glue::Crawler. Added the JsonClassifier and XMLClassifier properties to AWS::Glue::Classifier.

AWS::Glue::Crawler

Use the Configuration property to specify crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior.

AWS::Glue::Classifier

Use the JsonClassifier property to specify AWS Glue classifier for JSON.

Use the XMLClassifier property to specify AWS Glue classifier for XML content.

August 23, 2018

AWS CloudFormation now supports VPC endpoints powered by PrivateLink.

You can use a VPC endpoint to create a private connection between your VPC and AWS CloudFormation without requiring access over the Internet, through a NAT instance, a VPN connection, or AWS Direct Connect.

For more information, see Setting Up VPC Endpoints for AWS CloudFormation.

August 22, 2018

Dynamic references support secure strings

Use new dynamic references to specify values that are stored and managed in other services, including Systems Manager Parameter Store SecureString type parameters, in your stack templates.

For more information, see Using Dynamic References to Specify Template Values.

August 16, 2018

Updated resources

The following resources were updated: AWS::ApiGateway::DomainName, AWS::CertificateManager::Certificate, AWS::EC2::VPCPeeringConnection, AWS::EFS::FileSystem, AWS::EMR::Cluster, AWS::RDS::DBClusterParameterGroup, AWS::SNS::Subscription, and AWS::SQS::Queue.

AWS::ApiGateway::DomainName

Use the following attributes with the Fn::GetAtt intrinsic function:

  • The DistributionHostedZoneId attribute returns the region-agnostic Amazon Route 53 Hosted Zone ID of the edge-optimized endpoint.

  • The RegionalDomainName attribute returns the domain name associated with the regional endpoint for this custom domain name.

  • The RegionalHostedZoneId attribute returns the region-specific Amazon Route 53 Hosted Zone ID of the regional endpoint.

AWS::CertificateManager::Certificate

Use the ValidationMethod property to specify the method you want to use if you are requesting a public certificate to validate that you own or control a domain.

AWS::EC2::VPCPeeringConnection

Use the PeerRegion property to specify the region code for the accepter VPC, if the accepter VPC is located in a region other than the region in which you make the request.

AWS::EFS::FileSystem
  • Use the ProvisionedThroughputInMibps property to specify the throughput, measured in MiB/s, that you want to provision for a file system that you're creating.

  • Use the ThroughputMode property to specify the throughput mode for the file system to be created.

AWS::EMR::Cluster

Use the KerberosAttributes property to specify attributes for Kerberos configuration when Kerberos authentication is enabled using a security configuration.

AWS::RDS::DBClusterParameterGroup

The Tags property now requires no interruption to update.

AWS::SNS::Subscription
  • Use the DeliveryPolicy property to specify the JSON serialization of the subscription's delivery policy.

  • Use the FilterPolicy property to specify the filter policy JSON that is assigned to the subscription.

  • Use the RawMessageDelivery property to specify if raw message delivery is enabled for the subscription.

  • Use the Region property to specify the region in which the topic resides.

AWS::SQS::Queue

Use the Tags property to specify the tags that you want to attach to this queue.

August 15, 2018

Updated resource

Added the SSESpecification property to AWS::DAX::Cluster.

AWS::DAX::Cluster

Use the SSESpecification property to specify the settings to enable server-side encryption.

August 9, 2018

New resource

Added the AWS::EC2::VPCEndpointServicePermissions resource.

AWS::EC2::VPCEndpointServicePermissions

Grant or revoke permissions for service consumers to connect the VPC endpoint service.

August 9, 2018

Updated resource

Added the OverrideArtifactName property to AWS::CodeBuild::Project.

AWS::CodeBuild::Project

In the Artifacts property type, set the OverrideArtifactName property to true to override the artifact name with a name specified in the buildspec file. The name specified in a buildspec file is calculated at build time and uses the Shell command language. For example, you can append a date and time to your artifact name so that it is always unique.

August 7, 2018

Updated resource

Added the EncryptionDisabled property to AWS::CodeBuild::Project.

AWS::CodeBuild::Project

In the Artifacts property type, set the EncryptionDisabled property to true to disable encryption for build output artifacts. This option is only valid if your artifact type is Amazon S3. If this is set to true with another artifact type, an invalidInputException will be thrown.

July 26, 2018

Updated resource

Added the Timeout property to AWS::Batch::JobDefinition.

AWS::Batch::JobDefinition

Use the Timeout property type to specify a job timeout configuration.

July 19, 2018

New resource

The following resource was added: AWS::IAM::ServiceLinkedRole.

AWS::IAM::ServiceLinkedRole

Use the AWS::IAM::ServiceLinkedRole resource to create a service-linked role in IAM. A service-linked role is a unique type of IAM role that is linked directly to an AWS service. Service-linked roles are predefined by the service and include all the permissions that the service requires to call other AWS services on your behalf.

July 19, 2018

Updated resources

Added the FieldLevelEncryptionId property to AWS::CloudFront::Distribution property types.

AWS::CloudFront::Distribution

In the CacheBehavior and DefaultCacheBehavior property types, use the FieldLevelEncryptionId property to specify the ID for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for a cache behavior or for the default cache behavior.

July 18, 2018

Updated resource

Added the HttpConfig property to AWS::AppSync::DataSource.

AWS::AppSync::DataSource

Use the HttpConfig property type to specify HttpConfig for an AWS AppSync data source.

July 12, 2018

Updated resource

Added the ReportBuildStatus property to AWS::CodeBuild::Project.

AWS::CodeBuild::Project

In the Source property type, use the ReportBuildStatus property to specify whether to send your source provider the status of a build's start and completion.

July 10, 2018

New resource

The following resource was added: AWS::CodePipeline::Webhook.

AWS::CodePipeline::Webhook

Use the AWS::CodePipeline::Webhook resource to create a webhook that connects your pipeline to an external event, such as a GitHub source repository change, which triggers your pipeline to start every time the external event occurs.

July 5, 2018

Updated resource

Added the following properties to AWS::EC2::VPCEndpoint: PrivateDnsEnabled, SecurityGroupIds, SubnetIds, and VpcEndpointType.

AWS::EC2::VPCEndpoint

Use the PrivateDnsEnabled property to indicate whether to associate a private hosted zone with the specified VPC.

Use the SecurityGroupIds property to specify the ID of one or more security groups to associate with the endpoint network interface.

Use the SubnetIds property to specify the ID of one or more subnets in which to create an endpoint network interface.

Use the VpcEndpointType property to specify the type of endpoint.

June 21, 2018

New resources

The following resources were added: AWS::EC2::VPCEndpointConnectionNotification and AWS::EC2::VPCEndpointService.

AWS::EC2::VPCEndpointConnectionNotification

Use the AWS::EC2::VPCEndpointConnectionNotification resource to create a connection notification for the specified VPC endpoint or VPC endpoint service.

AWS::EC2::VPCEndpointService

Use the AWS::EC2::VPCEndpointService resource to create a VPC endpoint service configuration to which service consumers (AWS accounts, IAM users, and IAM roles) can connect.

June 21, 2018

Updated resource

Added the following property to AWS::ServiceDiscovery::Service: HealthCheckCustomConfig.

AWS::ServiceDiscovery::Service

Use the HealthCheckCustomConfig property to specify information about an optional custom health check.

June 14, 2018

New resources

The following new resources were released: AWS::AmazonMQ::Broker and AWS::AmazonMQ::Configuration.

AWS::AmazonMQ::Broker

Use the AWS::AmazonMQ::Broker resource to create a broker, add configuration changes or modify users for the specified broker, return information about the specified broker, or delete the specified broker.

AWS::AmazonMQ::Configuration

Use the AWS::AmazonMQ::Configuration resource to create a configuration, update the specified configuration, or return information about the specified configuration.

June 14, 2018

New resource

The following resource was added: AWS::SSM::ResourceDataSync.

AWS::SSM::ResourceDataSync

Use the AWS::SSM::ResourceDataSync resource to create or delete a Resource Data Sync for Systems Manager Inventory. You can use Resource Data Sync to send Inventory data collected from all of your Systems Manager managed instances to a single Amazon S3 bucket.

June 11, 2018

New resource

The following resource was released: AWS::EKS::Cluster.

AWS::EKS::Cluster

Use the AWS::EKS::Cluster resource to create Amazon EKS clusters.

June 5, 2018

Updated resource

For the AWS::GuardDuty::Master resource, the InvitationId property is now optional.

AWS::GuardDuty::Master

The InvitationId property is now optional.

May 31, 2018

New resources

The following new resources were released: AWS::SageMaker::Endpoint, AWS::SageMaker::EndpointConfig, AWS::SageMaker::Model, AWS::SageMaker::NotebookInstance, and AWS::SageMaker::NotebookInstanceLifecycleConfig.

AWS::SageMaker::Endpoint

Use the AWS::SageMaker::Endpoint resource to create a SageMaker endpoint to host trained models.

AWS::SageMaker::EndpointConfig

Use the AWS::SageMaker::EndpointConfig resource to create a configuration for an endpoint.

AWS::SageMaker::Model

Use the AWS::SageMaker::Model resource to create a model to host at an Amazon SageMaker endpoint.

AWS::SageMaker::NotebookInstance

Use the AWS::SageMaker::NotebookInstance resource to create an Amazon SageMaker notebook instance.

AWS::SageMaker::NotebookInstanceLifecycleConfig

Use the AWS::SageMaker::NotebookInstanceLifecycleConfig resource to specify shell scripts that run when you create or start a notebook instance.

May 31, 2018

Stack sets now support customized execution roles

Use customized execution roles in target accounts to control the stack resources that users or groups can include in their stack sets.

For more information, see Granting Permissions for Stack Set Operations.

May 30, 2018

Selective updates of stack instances

Use the optional Accounts and Regions parameters to specify the accounts and regions in which to update stack instances during a stack set update operation.

For more information, see UpdateStackSet in the AWS CloudFormation API Reference.

May 30, 2018

New resources

The following new resources were released: AWS::Neptune::DBCluster, AWS::Neptune::DBClusterParameterGroup, AWS::Neptune::DBInstance, AWS::Neptune::DBParameterGroup, and AWS::Neptune::DBSubnetGroup.

AWS::Neptune::DBCluster

Use the AWS::Neptune::DBCluster resource to create an Amazon Neptune DB cluster.

AWS::Neptune::DBClusterParameterGroup

Use the AWS::Neptune::DBClusterParameterGroup resource to create a DB cluster parameter group.

AWS::Neptune::DBInstance

Use the AWS::Neptune::DBInstance resource to create an Amazon Neptune database instance.

AWS::Neptune::DBParameterGroup

Use the AWS::Neptune::DBParameterGroup resource to create a custom parameter group for Amazon Neptune.

AWS::Neptune::DBSubnetGroup

Use the AWS::Neptune::DBSubnetGroup resource to create an Amazon Neptune database subnet group that contains subnets.

May 30, 2018

Updated resources

The following resources were updated: AWS::ApiGateway::RestApi, AWS::AutoScaling::AutoScalingGroup, AWS::AutoScaling::LaunchConfiguration, AWS::DirectoryService::MicrosoftAD, AWS::DynamoDB::Table, AWS::EC2::Instance, AWS::ECS::Service, AWS::ECS::TaskDefinition, AWS::Elasticsearch::Domain, AWS::IAM::Role, AWS::KinesisFirehose::DeliveryStream, AWS::Lambda::EventSourceMapping, AWS::Logs::MetricFilter, and AWS::SSM::Association.

AWS::ApiGateway::RestApi

Use the Policy property to specify a policy document that contains the permissions for the specified RestAPI.

AWS::AutoScaling::AutoScalingGroup

Use the ServiceLinkedRoleARN property to specify the Amazon Resource Name (ARN) of the service-linked role that the Auto Scaling group uses to call other AWS services on your behalf.

AWS::AutoScaling::LaunchConfiguration

Use the LaunchConfigurationName property to specify the name of the launch configuration.

AWS::DirectoryService::MicrosoftAD

Use the Edition property to specify the AWS Microsoft AD edition to use.

AWS::DynamoDB::Table

Use the PointInTimeRecoverySpecification property to specify the settings used to enable point in time recovery.

AWS::EC2::Instance

Use the LaunchTemplate property to specify the launch template to use for an Amazon EC2 instance.

AWS::ECS::Service

Use the ServiceRegistry property type to specify the details of the service registry.

AWS::ECS::TaskDefinition

Use the HealthCheck property type to specify a container health check.

AWS::Elasticsearch::Domain

Use the EncryptionAtRestOptions property type to specify whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use.

AWS::IAM::Role

Use the RoleId attribute to have Fn::GetAtt return the stable and unique string identifying the role.

Use the MaxSessionDuration property to specify the maximum session duration (in seconds) for the specified role.

AWS::KinesisFirehose::DeliveryStream

Use the SplunkDestinationConfiguration property to specify the configuration of a destination in Splunk for a Kinesis Data Firehose delivery stream.

AWS::Lambda::EventSourceMapping

The StartingPosition property is no longer required.

AWS::Logs::MetricFilter

In the MetricTransformation property type, use the DefaultValue property to specify the value to emit when a filter pattern does not match a log event.

AWS::SSM::Association

Use the OutputLocation property to specify an Amazon S3 bucket where you want to store the results of an association request.

May 24, 2018

New resources

The following new resources were released: AWS::ServiceCatalog::AcceptedPortfolioShare, AWS::ServiceCatalog::CloudFormationProduct, AWS::ServiceCatalog::LaunchNotificationConstraint, AWS::ServiceCatalog::LaunchRoleConstraint, AWS::ServiceCatalog::LaunchTemplateConstraint, AWS::ServiceCatalog::Portfolio, AWS::ServiceCatalog::PortfolioPrincipalAssociation, AWS::ServiceCatalog::PortfolioProductAssociation, AWS::ServiceCatalog::PortfolioShare, AWS::ServiceCatalog::TagOption, and AWS::ServiceCatalog::TagOptionAssociation.

AWS::ServiceCatalog::AcceptedPortfolioShare

Use the AWS::ServiceCatalog::AcceptedPortfolioShare resource to accept an offer to share the specified portfolio for AWS Service Catalog.

AWS::ServiceCatalog::CloudFormationProduct

Use the AWS::ServiceCatalog::CloudFormationProduct resource to create a product for AWS Service Catalog.

AWS::ServiceCatalog::LaunchNotificationConstraint

Use the AWS::ServiceCatalog::LaunchNotificationConstraint resource to create a notification constraint for AWS Service Catalog.

AWS::ServiceCatalog::LaunchRoleConstraint

Use the AWS::ServiceCatalog::LaunchRoleConstraint resource to create a launch constraint for AWS Service Catalog.

AWS::ServiceCatalog::LaunchTemplateConstraint

Use the AWS::ServiceCatalog::LaunchTemplateConstraint resource to create a template constraint for AWS Service Catalog.

AWS::ServiceCatalog::Portfolio

Use the AWS::ServiceCatalog::Portfolio resource to create a portfolio for AWS Service Catalog.

AWS::ServiceCatalog::PortfolioPrincipalAssociation

Use the AWS::ServiceCatalog::PortfolioPrincipalAssociation resource to associate a principal with a portfolio for AWS Service Catalog.

AWS::ServiceCatalog::PortfolioProductAssociation

Use the AWS::ServiceCatalog::PortfolioProductAssociation resource to associate a product with a portfolio for AWS Service Catalog.

AWS::ServiceCatalog::PortfolioShare

Use the AWS::ServiceCatalog::PortfolioShare resource to share a portfolio for AWS Service Catalog.

AWS::ServiceCatalog::TagOption

Use the AWS::ServiceCatalog::TagOption resource to create a TagOption.

AWS::ServiceCatalog::TagOptionAssociation

Use the AWS::ServiceCatalog::TagOptionAssociation resource to associate a TagOption with a resource for AWS Service Catalog.

May 24, 2018

AWS CloudFormation now creates S3 buckets with encryption enabled

For Amazon S3 buckets that AWS CloudFormation creates to store uploaded stack templates, server-side encryption is now enabled by default, thereby encrypting all objects stored in those buckets.

For more information, see Selecting a Stack Template.

May 24, 2018

New resource

The following resource was released: AWS::Budgets::Budget.

AWS::Budgets::Budget

Use the AWS::Budgets::Budget resource to create a budget.

May 22, 2018

FIPS endpoints added

AWS CloudFormation now offers new endpoints which use FIPS 140-2 validated cryptographic modules in the following public US regions: US-East-1, US-East-2, US-West-1, and US-West-2.

See Regions and Endpoints in the Amazon Web Services General Reference for the new FIPS-compliant endpoint URLs.

May 17, 2018

New resource

The following resource was released: AWS::AutoScalingPlans::ScalingPlan.

AWS::AutoScalingPlans::ScalingPlan

Use the AWS::AutoScalingPlans::ScalingPlan resource to create a scaling plan for the scalable resources for your application.

May 9, 2018

New resource

The following resource was released: AWS::GuardDuty::Filter.

AWS::GuardDuty::Filter

Use the AWS::GuardDuty::Filter resource to create a filter for your GuardDuty findings.

May 8, 2018

Updated resources

The following resources were updated: AWS::AppSync::GraphQLApi and AWS::GuardDuty::Member.

AWS::AppSync::GraphQLApi

Use the OpenIDConnectConfig property to specify the authorization configuration for using an OpenId Connect compliant service with your GraphQL endpoint.

AWS::GuardDuty::Member

Use the DisableEmailNotification property to specify whether an email notification is to be sent to the accounts that you want to invite to GuardDuty as members. When set to 'True', email notification is not sent to the invitees.

May 1, 2018

New resource

The following resource was released: AWS::ServiceCatalog::CloudFormationProvisionedProduct.

AWS::ServiceCatalog::CloudFormationProvisionedProduct

Use the AWS::ServiceCatalog::CloudFormationProvisionedProduct resource to provision the specified product for AWS Service Catalog.

May 1, 2018

Earlier Updates

The following table describes important changes in each release of the AWS CloudFormation User Guide before May 2018.

Change Release Date Description API Version

Updated resources

July 22, 2019

Use the encryptionOptions property to specify an AWS-owned CMK or a customer-managed CMK for Amazon MQ brokers.

2010-05-15

Stack set naming convention

April 10, 2018

AWS CloudFormation stacks created using stack sets now follow a new naming convention, in which the stack name contains the stack set name.

2010-05-15

New resources

April 10, 2018

AWS::AppSync::ApiKey

Use the AWS::AppSync::ApiKey resource to create a unique key that you can distribute to clients who are executing GraphQL operations with AWS AppSync.

AWS::AppSync::DataSource

Use the AWS::AppSync::DataSource resource to create data sources for resolvers in AWS AppSync.

AWS::AppSync::GraphQLApi

Use the AWS::AppSync::GraphQLApi resource to create a new AWS AppSync GraphQL API.

AWS::AppSync::GraphQLSchema

Use the AWS::AppSync::GraphQLSchema resource to create the data model for your AWS AppSync GraphQL API.

AWS::AppSync::Resolver

Use the AWS::AppSync::Resolver resource to define the logical GraphQL resolver that you will attach to fields in a schema.

2010-05-15

Updated resource

April 10, 2018

AWS::Config::ConfigurationAggregator

Use the OrganizationAggregationSource property type to specify the regions of AWS Config data to aggregate into an AWS Config configuration aggregator and the IAM role to use to retrieve AWS Organizations details.

2010-05-15

New resources

April 4, 2018

AWS::Config::AggregationAuthorization

Use the AWS::Config::AggregationAuthorization resource to grant permission to an aggregator account to collect your AWS Config data.

AWS::Config::ConfigurationAggregator

Use the AWS::Config::ConfigurationAggregator resource to create a configuration aggregator for AWS Config.

2010-05-15

Stack sets now support customized administrator roles

March 29, 2018

Use customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see Granting Permissions for Stack Set Operations.

2010-05-15

New resource

March 29, 2018

AWS::EC2::LaunchTemplate

Use the AWS::EC2::LaunchTemplate resource to create a launch template for an Amazon EC2 instance.

2010-05-15

Updated resources

March 29, 2018

AWS::AutoScaling::AutoScalingGroup

Use the LaunchTemplate property to specify the launch template to use to launch instances.

AWS::EC2::SpotFleet

In the SpotFleetRequestConfigData property type, use the LaunchTemplateConfigs property to describe a launch template and overrides.

2010-05-15

New Fn::Cidr intrinsic function

March 6, 2018

Returns the specified Cidr address block. For more information, see Fn::Cidr.

2010-05-15

New resources

March 6, 2018

AWS::ApiGateway::VpcLink

Use the AWS::ApiGateway::VpcLink resource to specify an API Gateway VPC link for a AWS::ApiGateway::RestApi to access resources in an Amazon Virtual Private Cloud (VPC).

AWS::GuardDuty::Master

Use the AWS::GuardDuty::Master resource to create a GuardDuty master account.

AWS::GuardDuty::Member

Use the AWS::GuardDuty::Member resource to create a GuardDuty member account.

AWS::SES::ConfigurationSet

Use the AWS::SES::ConfigurationSet resource to to create groups of rules that you can apply to the emails you send.

AWS::SES::ConfigurationSetEventDestination

Use the AWS::SES::ConfigurationSetEventDestination resource to specify a configuration set event destination.

AWS::SES::ReceiptFilter

Use the AWS::SES::ReceiptFilter resource to specify whether to accept or reject mail originating from an IP address or range of IP addresses.

AWS::SES::ReceiptRule

Use the AWS::SES::ReceiptRule resource to specify which actions Amazon SES should take when it receives mail on behalf of one or more email addresses or domains that you own.

AWS::SES::ReceiptRuleSet

Use the AWS::SES::ReceiptRuleSet resource to specify an empty rule set for Amazon SES.

AWS::SES::Template

Use the AWS::SES::Template resource to to specify the content of the email, composed of a subject line, an HTML part, and a text-only part.

2010-05-15

Updated resources

March 6, 2018

AWS::AutoScaling::AutoScalingGroup

Use the AutoScalingGroupName property to specify the name of the Auto Scaling group.

AWS::ApiGateway::RestApi

Use the ApiKeySourceType property to specify the source of the API key for metering requests according to a usage plan.

Use the MinimumCompressionSize property to specify a nullable integer that is used to enable compression or disable compression on an API.

AWS::ApplicationAutoScaling::ScalingPolicy

In the TargetTrackingScalingPolicyConfiguration property type, use the DisableScaleIn property to specify whether scale in by the target tracking policy is disabled.

AWS::EC2::SpotFleet

In the LaunchSpecifications property type, use the TagSpecifications property to specify the tags to apply during SpotFleet creation.

AWS::Elasticsearch::Domain

Use the Arn attribute to have Fn::GetAtt return the Amazon Resource Name (ARN) of the domain.

The DomainArn attribute of Fn::GetAtt has been deprecated.

AWS::RDS::DBCluster

Use the DBClusterIdentifier property to specify the DB cluster identifier.

AWS::RDS::DBCluster

Use the DBClusterIdentifier property to specify the DB cluster identifier.

AWS::Redshift::Cluster

Use the ClusterIdentifier property to specify the unique identifier of the cluster.

AWS::Route53::HealthCheck

In the HealthCheckConfig property type, use the Regions property to specify the regions from which you want Route 53 health checkers to check the specified endpoint.

AWS::SSM::Document

Use the Tags property to specify the AWS CloudFormation resource tags to apply to the document.

2010-05-15

Updated resource

February 19, 2018

AWS::CodeBuild::Project

Use the Triggers property to configure a webhook for the project to begin to automatically rebuild the source code every time a code change is pushed to the repository. This is available only for GitHub projects in AWS CloudFormation. It is not available for GitHub Enterprise projects.

2010-05-15

Updated resource

February 8, 2018

AWS::DynamoDB::Table

Use the SSESpecification property to specify the settings to enable server-side encryption.

2010-05-15

Updated resource

February 5, 2018

AWS::CodeBuild::Project

In the Source AWS CodeBuild Project Source property type:

  • Use the GitCloneDepth property to specify the depth of history to download.

  • Use the InsecureSsl property to specify whether to ignore SSL warnings while connecting to your GitHub Enterprise project repository.

2010-05-15

Updated resources

January 23, 2018

AWS::AutoScaling::LifecycleHook

Use the LifecycleHookName property to specify the name of the lifecycle hook.

AWS::DynamoDB::Table

The AttributeDefinitions property now requires replacement when updated.

AWS::EC2::Instance

Use the CreditSpecification property to specify the credit option for CPU usage of a T2 instance.

Use the ElasticGpuSpecifications property to specify Elastic GPUs, GPU resources that you can attach to your instance to accelerate the graphics performance of your applications.

AWS::EC2::VPC

The InstanceTenancy property now requires no interruption when updated from "dedicated" to "default".

AWS::ECS::Service

Use the HealthCheckGracePeriodSeconds property to specify the period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks after a task has first started.

AWS::IoT::TopicRule

In the DynamoDBAction property type, the RangeKeyField and RangeKeyValue properties are no longer required.

AWS::KinesisAnalytics::ApplicationOutput

In the ApplicationOutput property type, use the LambdaOutput property to identify a Lambda function as the destination when configuring application output.

AWS::Kinesis::Stream

Use the StreamEncryption property to enable or update server-side encryption using an AWS KMS key for a specified stream.

AWS::Lambda::Function

Use the ReservedConcurrentExecutions property to specify the maximum of concurrent executions you want reserved for the function.

AWS::RDS::DBSubnetGroup

Use the DBSubnetGroupName property to specify the name for the DB Subnet Group.

AWS::S3::Bucket

Use the BucketEncryption property to specify default encryption for a bucket using server-side encryption with Amazon S3-managed keys SSE-S3 or AWS KMS-managed Keys (SSE-KMS) bucket.

In the ReplicationRule property type, use the SourceSelectionCriteria property to specify additional filters in identifying source objects that you want to replicate.

In the ReplicationDestination property type:

  • Use the AccessControlTranslation property to specify replica ownership of the AWS account that owns the destination bucket.

  • Use the Account property to specify destination bucket owner account ID.

  • Use the EncryptionConfiguration property to specify encryption-related information for a bucket that is a destination for replicated objects.

AWS::SSM::Association

Use the AssociationName property to specify the name of the association between an SSM document and EC2 instances that contain a configuration agent to process the document.

2010-05-15

Rollback triggers added to the AWS CloudFormation console.

January 15, 2018

Rollback triggers enable you to have AWS CloudFormation monitor the state of your application during stack creation and updating, and to roll back that operation if the application breaches the threshold of any of the alarms you've specified. For more information, see Monitor and Roll Back Stack Operations.

2010-05-15

Updated resource

January 12, 2018

AWS::SSM::Parameter

Use the AllowedPattern property to specify a regular expression used to validate the parameter value.

2010-05-15

New resources

December 5, 2017

AWS::Inspector::AsssmentTarget

Use the AWS::Inspector::AsssmentTarget resource to create an Amazon Inspector assessment target.

AWS::Inspector::AssessmentTemplate

Use the AWS::Inspector::AssessmentTemplate resource to create an Amazon Inspector assessment template.

AWS::Inspector::ResourceGroup

Use the AWS::Inspector::ResourceGroup resource to create an Amazon Inspector resource group, which defines tags that identify AWS resources that make up an Amazon Inspector assessment target.

AWS::ServiceDiscovery::Instance

Use the AWS::ServiceDiscovery::Instance resource to specify information about an instance that Amazon Route 53 creates.

AWS::ServiceDiscovery::PrivateDnsNamespace

Use the AWS::ServiceDiscovery::PrivateDnsNamespace resource to specify information about a private namespace for Amazon Route 53.

AWS::ServiceDiscovery::PublicDnsNamespace

Use the AWS::ServiceDiscovery::PublicDnsNamespace resource to specify information about a public namespace for Amazon Route 53.

AWS::ServiceDiscovery::Service

Use the AWS::ServiceDiscovery::Service resource to define a template for up to five records and an optional health check that you want Amazon Route 53 to create when you register an instance.

2010-05-15

Updated resource

December 5, 2017

AWS::KinesisAnalytics::Application

In the Input property type, use the InputProcessingConfiguration property to transform records as they are received from the stream.

2010-05-15

Updated resource

December 1, 2017

AWS::CodeBuild::Project

Use the BadgeEnabled property to generate a publicly accessible URL for a project's build badge.

Use the Cache property to configure cache settings for build dependencies.

Use the VpcConfig property to enable AWS CodeBuild to access resources in an Amazon VPC.

In the EnvironmentVariable property type, use the Type property to specify the type of environment variable.

2010-05-15

New resource

November 30, 2017

AWS::Cloud9::EnvironmentEC2

Use the AWS::Cloud9::EnvironmentEC2 resource to create an Amazon EC2 development environment in AWS Cloud9.

2010-05-15

Updated resources November 29, 2017
AWS::ECS::TaskDefinition

Use the Cpu property to specify the number of cpu units needed for the task.

Use the ExecutionRoleArn property to specify the ARN of the execution role.

Use the Memory property to specify the amount (in MiB) of memory needed for the task.

Use the RequiresCompatibilities property to specify the launch type the task requires.

AWS::ECS::Service

Use the LaunchType property to specify the launch type on which to run your service.

Use the NetworkConfiguration property to specify the network configuration for the service.

Use the PlatformVersion property to specify the platform version on which to run your service.

2010-05-15

New resources

November 28, 2017

AWS::GuardDuty::Detector

Use the AWS::GuardDuty::Detector resource to create a single Amazon GuardDuty detector.

AWS::GuardDuty::IPSet

Use the AWS::GuardDuty::IPSet resource to create an Amazon GuardDuty IP set.

AWS::GuardDuty::ThreatIntelSet

Use the AWS::GuardDuty::ThreatIntelSet resource to create a ThreatIntelSet.

2010-05-15

Updated resources

November 28, 2017

AWS::CodeDeploy::Application

Use the ComputePlatform property to specify an AWS Lambda compute platform for CodeDeploy to deploy an application to.

AWS::CodeDeploy::DeploymentGroup

In the DeploymentStyle property type, use the DeploymentType property to specify a blue/green deployment on a Lambda compute platform.

AWS::EC2::SpotFleet

In the SpotFleetRequestConfigData property type, the SpotPrice property is now optional.

AWS::Lambda::Alias

Use the RoutingConfig property to specify two different versions of an AWS Lambda function, allowing you to dictate what percentage of traffic will invoke each version.

2010-05-15

New CodeDeployLambdaAliasUpdate update policy

November 28, 2017

Use the CodeDeployLambdaAliasUpdate update policy to perform an CodeDeploy deployment when the version changes on an AWS::Lambda::Alias resource. For more information, see UpdatePolicy Attribute.

2010-05-15

New SSM parameter types

November 21, 2017

Use SSM parameter types to use existing parameters from Systems Manager Parameter Store. Note: AWS CloudFormation doesn't currently support the SecureString type. For more information, see SSM Parameter Types.

2010-05-15

New ResolvedValue field for Parameter data type

November 21, 2017

The ResolvedValue field returns the value that's used in the stack definition for an SSM parameter. For more information, see the Parameter data type in the AWS CloudFormation API Reference.

2010-05-15

Updated resources

November 20, 2017

AWS::ApiGateway::ApiKey

Use the CustomerId property to specify an AWS Marketplace customer identifier.

Use the GenerateDistinctId property to specify whether the key identifier is distinct from the created API key value.

AWS::ApiGateway::Authorizer

Use the AuthType property to specify a customer-defined field that's used in Swagger imports and exports without functional impact.

AWS::ApiGateway::DomainName

Use the EndpointConfiguration property to specify the endpoint types of an API Gateway domain name.

Use the RegionalCertificateArn property to reference a certificate for use by the regional endpoint for a domain name.

AWS::ApiGateway::Method

In the Integration and IntegrationResponse property types, use the ContentHandling property to specify how to handle request payload content type conversions.

AWS::ApiGateway::RestApi

Use the EndpointConfiguration property to specify the endpoint types of an API Gateway REST API.

AWS::ApplicationAutoScaling::ScalableTarget

Use the ScheduledActions property to specify scheduled actions for an Application Auto Scaling scalable target.

AWS::ECR::Repository

Use the LifecyclePolicy property to specify a lifecycle policy for an Amazon ECR repository.

AWS::ECS::TaskDefinition

In the ContainerDefinition property type, use the LinuxParameters property to specify Linux-specific options for an Amazon ECS container.

AWS::ElastiCache::ReplicationGroup

Use the AtRestEncryptionEnabled property to enable encryption at rest.

Use the AuthToken property to specify a password that's used to access a password-protected server.

Use the TransitEncryptionEnabled property to enable in-transit encryption.

AWS::ElasticLoadBalancingV2::TargetGroup

Use the TargetGroupName attribute with the Fn::GetAtt function to get the name of an Elastic Load Balancing target group.

AWS::Elasticsearch::Domain

Use the VPCOptions property to specify a VPC configuration for the Amazon ES domain.

AWS::EMR::Cluster

Use the EbsRootVolumeSize property to specify the size of the EBS root volume for an Amazon EMR cluster.

AWS::RDS::DBInstance

Use the SourceRegion and KmsKeyId properties to create an encrypted read replica from a cross-region source DB instance.

AWS::Route53::HostedZone

Use the QueryLoggingConfig property to specify a configuration for DNS query logging.

2010-05-15

New NoEcho field for custom resource Response objects

November 20, 2017

You can now use the optional NoEcho field to mask the output of a custom resource. For more information, see Custom Resource Response Objects.

The corresponding noEcho parameter is supported by the send method. For more information, see cfn-response Module.

2010-05-15

Stack instance overrides added for stack sets.

November 17, 2017

AWS CloudFormation StackSets allows you to override parameter values in stack instances by account and region. You can override parameter values when you create the stack instances, or when updating existing stack instances. For more information, see Override Parameters on Stack Instances.

2010-05-15

Updated resource

November 15, 2017

AWS::StepFunctions::StateMachine

You can use AWS::StepFunctions::StateMachine to specify a StateMachineName when creating a state machine, and both DefinitionString and RoleArn can be updated without replacing the state machine.

2010-05-15

StackSets now supports a maximum of 500 stack instances per stack set.

November 6, 2017

You can now create up to a maximum of 500 stack instances per stack set. For more information on AWS CloudFormation limits, see AWS CloudFormation Limits.

2010-05-15

New resources

November 2, 2017

AWS::CloudFront::CloudFrontOriginAccessIdentity

Use the AWS::CloudFront::CloudFrontOriginAccessIdentity resource to specify the Amazon CloudFront origin access identity to associate with the origin of a CloudFront distribution.

AWS::CloudFront::StreamingDistribution

Use the AWS::CloudFront::StreamingDistribution resource to specify an Adobe Real-Time Messaging Protocol (RTMP) streaming distribution for CloudFront.

2010-05-15

Updated resources November 2, 2017
AWS::ApiGateway::Deployment

The StageName property has been deprecated on the StageDescription property type.

AWS::ApiGateway::Method

Use the OperationName property to assign a friendly name to an API Gateway method.

Use the RequestValidatorId property to associate a request validator with a method.

AWS::AutoScaling::AutoScalingGroup

Use the LifecycleHookSpecificationList property to specify actions to perform when Auto Scaling launches or terminates instances.

AWS::CloudFront::Distribution

Use the Tags property to specify an arbitrary set of tags (key–value pairs) to associate with a CloudFront distribution.

In the CacheBehavior and DefaultCacheBehavior property types, use the LambdaFunctionAssociations property to specify Lambda function associations for a CloudFront distribution.

In the CustomOriginConfig property type, use the OriginKeepaliveTimeout property to specify a custom keep-alive timeout, and use the OriginReadTimeout property to specify a custom origin read timeout.

In the DistributionConfig property type, use the IPV6Enabled property to specify whether CloudFront responds to IPv6 DNS requests with an IPv6 address for your distribution.

AWS::CodeDeploy::DeploymentGroup

In the LoadBalancerInfo property type, use the TargetGroupInfoList property to specify information about a target group in Elastic Load Balancing to use in a deployment.

AWS::EC2::SecurityGroup, AWS::EC2::SecurityGroupEgress, and AWS::EC2::SecurityGroupIngress

Use the Description property to specify the description of a security group rule.

AWS::EC2::Subnet

The Ipv6CidrBlock property now supports No interruption updates.

AWS::EC2::VPNGateway

Use the AmazonSideAsn property to specify a private Autonomous System Number (ASN) for the Amazon side of a BGP session.

AWS::EC2::VPNConnection

Use the VpnTunnelOptionsSpecifications property to configure tunnel options for a VPN connection.

AWS::ElasticBeanstalk::ConfigurationTemplate and AWS::ElasticBeanstalk::Environment

In the ConfigurationOptionSetting and OptionSetting property types, use the ResourceName property to specify a resource name for a time-based scaling configuration option.

AWS::EMR::Cluster

Use the CustomAmiId property to specify a custom Amazon Linux AMI for a cluster.

AWS::KinesisFirehose::DeliveryStream

Use the Arn attribute with the Fn::GetAtt function to get the Amazon Resource Name (ARN) of the delivery stream.

AWS::KMS::Key

Use the Tags property to specify an arbitrary set of tags (key–value pairs) to associate with a custom master key (CMS).

AWS::OpsWorks::Layer and AWS::OpsWorks::Stack

Use the Tags property to specify an arbitrary set of tags (key–value pairs) to associate with an AWS OpsWorks layer or stack.

AWS::RDS::OptionGroup

In the OptionConfiguration property type, use the OptionVersion property to specify a version for the option.

AWS::S3::Bucket

Use the AnalyticsConfigurations property to configure an analysis filter for an Amazon S3 bucket.

2010-05-15

New resources

October 24, 2017

AWS::Glue::Classifier

Use the AWS::Glue::Classifier resource to create an AWS Glue classifier.

AWS::Glue::Connection

Use the AWS::Glue::Connection resource to specify an AWS Glue connection to a data source.

AWS::Glue::Crawler

Use the AWS::Glue::Crawler resource to specify an AWS Glue crawler.

AWS::Glue::Database

Use the AWS::Glue::Database resource to create an AWS Glue database.

AWS::Glue::DevEndpoint

Use the AWS::Glue::DevEndpoint resource to specify a development endpoint for remotely debugging ETL scripts.

AWS::Glue::Job

Use the AWS::Glue::Job resource to specify an AWS Glue job in the data catalog.

AWS::Glue::Partition

Use the AWS::Glue::Partition resource to create an AWS Glue partition, which represents a slice of table data.

AWS::Glue::Table

Use the AWS::Glue::Table resource to create an AWS Glue table.

AWS::Glue::Trigger

Use the AWS::Glue::Trigger resource to specify triggers that run AWS Glue jobs.

2010-05-15

New resources

October 11, 2017

AWS::SSM::MaintenanceWindow

Use the AWS::SSM::MaintenanceWindow resource to create an AWS Systems Manager Maintenance Window.

AWS::SSM::MaintenanceWindowTarget

Use the AWS::SSM::MaintenanceWindowTarget resource to register a target with a Maintenance Window.

AWS::SSM::MaintenanceWindowTask

Use the AWS::SSM::MaintenanceWindowTask resource to define a Maintenance Window task.

AWS::SSM::PatchBaseline

Use the AWS::SSM::PatchBaseline resource to define a Systems Manager patch baseline.

2010-05-15

New resource

October 10, 2017

AWS::ElasticLoadBalancingV2::ListenerCertificate

Use the AWS::ElasticLoadBalancingV2::ListenerCertificate resource to specify certificates for an Elastic Load Balancing listener.

2010-05-15

New resource

September 27, 2017

AWS::Athena::NamedQuery

Use the AWS::Athena::NamedQuery resource to create an Amazon Athena query.

2010-05-15

Updated resources September 27, 2017
AWS::EC2::NatGateway

Use the Tags property to specify resource tags for a NAT gateway.

AWS::ElasticBeanstalk::Application

Use the ResourceLifecycleConfig property to define lifecycle settings for resources that belong to the application, and the service role that Elastic Beanstalk assumes in order to apply lifecycle settings.

AWS::ElasticBeanstalk::ConfigurationTemplate and AWS::ElasticBeanstalk::Environment

Use the PlatformArn property to specify a custom platform for Elastic Beanstalk.

AWS::ElasticLoadBalancingV2::TargetGroup

In the TargetDescription property type, use the AvailabilityZone property to specify the Availability Zone where the IP address is to be registered.

AWS::Events::Rule

In the Target property type, use the following properties for input transformation of events and setting Amazon ECS task and Kinesis stream targets.

  • EcsParameters

  • InputTransformer

  • KinesisParameters

  • RunCommandParameters

AWS::KinesisFirehose::DeliveryStream

Use the DeliveryStreamType property to specify the stream type and the KinesisStreamSourceConfiguration property to specify the stream and role ARNs for a Kinesis stream used as the source for a delivery stream.

AWS::RDS::DBInstance

For the Engine property, if you have specified oracle-se or oracle-se1, you can update to oracle-se2 without the database instance being replaced.

AWS::S3::Bucket

Use the AccelerateConfiguration property to configure the transfer acceleration state for an Amazon S3 bucket.

2010-05-15
Termination protection added for stacks. September 26, 2017

Enabling termination protection on a stack prevents it from being accidentally deleted. A user cannot delete a stack with termination protection enabled. For more information, see Protecting a Stack From Being Deleted.

2010-05-15

Changed default umask value from version 1.4-22 onwards

September 14, 2017

The default umask parameter value for the cfn-hup.conf configuration file is now 022. For more information, see cfn-hup .

Updated resources September 7, 2017
AWS::ElasticLoadBalancingV2::LoadBalancer

Use the SubnetMappings property to specify the IDs of the subnets to attach to the load balancer.

Use the Type property to specify the type of load balancer to create.

AWS::ElasticLoadBalancingV2::TargetGroup

Use the TargetType property to specify the registration type of the targets in this target group.

2010-05-15

Rollback triggers added to the AWS CloudFormation API

August 31, 2017

Rollback triggers enable you to have AWS CloudFormation monitor the state of your application during stack creation and updating, and to roll back that operation if the application breaches the threshold of any of the alarms you've specified. For more information, see RollbackConfiguration in the AWS CloudFormation API Reference.

2010-05-15

New umask parameter for cfn-hup.conf file

August 31, 2017

Use the umask parameter in the cfn-hup.conf configuration file to control file permissions used by the cfn-hup daemon (version 1.4-21). For more information, see cfn-hup.

Updated resources for VPC Sizing support

August 29, 2017

AWS::EC2::VPCCidrBlock

Use the CidrBlock property to associate an IPv4 CIDR block with a VPC.

AWS::EC2::VPC

Use the CidrBlockAssociations attribute with the Fn::GetAtt function to get a list of IPv4 CIDR block association IDs associated with the VPC.

2010-05-15

Updated resources

August 23, 2017

AWS::S3::Bucket

In the Rule property type, use the TagFilters property to specify tags to use in identifying a subset of objects for an Amazon S3 bucket.

Use the MetricsConfiguration property to specify a metrics configuration for the CloudWatch request metrics from an Amazon S3 bucket.

AWS::IoT::TopicRule

In the Action property type, use the DynamoDBv2Action property to describe an AWS IoT action that writes data to a DynamoDB table.

In the Action property type, the DynamoDBAction property now supports the HashKeyType and RangeKeyType properties.

AWS::Lambda::Permission

Use the EventSourceToken property to specify a unique token that must be supplied by the principal invoking the function.

2010-05-15

New pseudo parameters

August 23, 2017

Use the AWS::Partition pseudo parameter to return the partition that a resource is in.

Use the AWS::URLSuffix pseudo parameter to return the suffix for a domain.

For more information, see Pseudo Parameters Reference.

2010-05-15

New resources for DAX support August 22, 2017
AWS::DAX::Cluster

Use the AWS::DAX::Cluster resource to create a DAX cluster for use with Amazon DynamoDB.

AWS::DAX::ParameterGroup

Use the AWS::DAX::ParameterGroup resource to create a parameter group for use with Amazon DynamoDB.

AWS::DAX::SubnetGroup

Use the AWS::DAX::SubnetGroup resource to create a subnet group for use with DAX (DynamoDB Accelerator).

2010-05-15

New resources

August 18, 2017

AWS::ApiGateway::DocumentationPart and AWS::ApiGateway::DocumentationPart

Use the AWS::ApiGateway::DocumentationPart and AWS::ApiGateway::DocumentationVersion resources to create documentation for your API Gateway API.

AWS::ApiGateway::GatewayResponse

Use the AWS::ApiGateway::GatewayResponse resource to create a custom response for your API Gateway API.

AWS::ApiGateway::RequestValidator

Use the AWS::ApiGateway::RequestValidator resource to set up validation rules for incoming requests to your API Gateway API.

AWS::EC2::NetworkInterfacePermission

Use the AWS::EC2::NetworkInterfacePermission resource to grant an AWS account permission to a network interface.

2010-05-15

Updated resources

August 18, 2017

AWS::ApiGateway::Stage

Use the DocumentationVersion property to specify a versioned snapshot of the API documentation.

AWS::AutoScaling::ScalingPolicy

Use the TargetTrackingConfiguration property to specify an Auto Scaling target tracking scaling policy configuration.

AWS::CloudTrail::Trail

Use the EventSelectors property for Amazon S3 Data Events support.

AWS::CodeDeploy::DeploymentGroup

Use the LoadBalancerInfo and DeploymentStyle properties to specify an Elastic Load Balancing load balancer for an in-place deployment.

Use the AutoRollbackConfiguration property to configure automatic rollback for the deployment.

AWS::EC2::SpotFleet

In the SpotFleetRequestConfigData property type, use the ReplaceUnhealthyInstances property to indicate whether the Spot fleet should replace unhealthy instances and the Type property to specify the type of request.

AWS::EC2::Subnet

Use the AssignIpv6AddressOnCreation and Ipv6CidrBlock properties to create a subnet with an IPv6 CIDR block.

AWS::KinesisFirehose::DeliveryStream

Use the ExtendedS3DestinationConfiguration property to configure a destination in Amazon S3.

Use the ProcessingConfiguration subproperty within each destination configuration to invoke Lambda functions that transform incoming source data and deliver the transformed data to destinations.

AWS::RDS::DBCluster and AWS::RDS::DBInstance

The default DeletionPolicy is now Snapshot for AWS::RDS::DBCluster resources and for AWS::RDS::DBInstance resources that don't specify the DBClusterIdentifier property. For more information about how AWS CloudFormation deletes resources, see DeletionPolicy Attribute.

AWS::S3::Bucket

In the Rule property type, use the AbortIncompleteMultipartUpload property to specify a lifecycle rule that aborts incomplete multipart uploads to an Amazon S3 bucket.

AWS::SQS::Queue

Use the KmsMasterKeyId and KmsDataKeyReusePeriodSeconds properties to configure server-side encryption for Amazon SQS.

Added the Arn attribute to the Fn::GetAtt intrinsic function for the following resources:

2010-05-15

Support for stack tags in CodePipeline artifacts

August 18, 2017

You can now specify tags for stacks in template configuration files for use as artifacts for CodePipeline pipelines. Specified tags are applied to stacks created using the template configuration file. For more information, see AWS CloudFormation Artifacts.

2010-05-15

Create encrypted file systems

August 14, 2017

AWS::EFS::FileSystem

Use the Encrypted property to encrypt an Amazon EFS file system during creation.

Use the KmsKeyId property to optionally specify a custom customer master key to use to protect the encrypted file system.

2010-05-15

New resources for AWS Batch support

August 8, 2017

AWS::Batch::ComputeEnvironment

Use the AWS::Batch::ComputeEnvironment resource to define your AWS Batch compute environment.

AWS::Batch::JobDefinition

Use the AWS::Batch::JobDefinition resource to specify the parameters for an AWS Batch job definition.

AWS::Batch::JobQueue

Use the AWS::Batch::JobQueue resource to define your AWS Batch job queue.

2010-05-15

New resources for Amazon Kinesis Data Analytics support

July 28, 2017

AWS::KinesisAnalytics::Application

Use the AWS::KinesisAnalytics::Application resource to create an Amazon Kinesis Data Analytics application.

AWS::KinesisAnalytics::ApplicationOutput

Use the AWS::KinesisAnalytics::ApplicationOutput resource to add an external destination to your Amazon Kinesis Data Analytics application.

AWS::KinesisAnalytics::ApplicationReferenceDataSource

Use the AWS::KinesisAnalytics::ApplicationReferenceDataSource resource to add a reference data source to an existing Amazon Kinesis Data Analytics application.

2010-05-15

Use StackSets to centrally manage stacks across accounts and regions

July 25, 2017

StackSets enables you to create, update, or delete stacks across multiple accounts and regions in a single operation. Using an administrator account, you define and manage an AWS CloudFormation template, and use the template as the basis for provisioning stacks into selected target accounts across specified regions. For more information about StackSets, see Working with AWS CloudFormation StackSets.

2010-05-15

View stack events by client request token

July 14, 2017

In the console, stack operations display the client request token on the Events tab. All events triggered by a given stack operation are assigned the same client request token, which you can use to track operations. For more information, see Viewing AWS CloudFormation Stack Data and Resources on the AWS Management Console and StackEvent in the AWS CloudFormation API Reference.

2010-05-15

Use stack quick-create links

July 14, 2017

Use quick-create links to get stacks up and running quickly. You can specify the template URL, stack name, and template parameters to prepopulate a single Create Stack Wizard page. For more information, see Creating Quick-Create Links for Stacks.

2010-05-15

New resources for AWS Database Migration Service support

July 12, 2017

AWS::DMS::Certificate

Use the AWS::DMS::Certificate resource to create an SSL certificate that encrypts connections between AWS DMS endpoints and the replication instance.

AWS::DMS::Endpoint

Use the AWS::DMS::Endpoint resource to create an AWS DMS endpoint.

AWS::DMS::EventSubscription

Use the AWS::DMS::EventSubscription resource to get notifications for AWS DMS events through the Amazon Simple Notification Service.

AWS::DMS::ReplicationInstance

Use the AWS::DMS::ReplicationInstance resource to create an AWS DMS replication instance.

AWS::DMS::ReplicationSubnetGroup

Use the AWS::DMS::ReplicationSubnetGroup resource to create an AWS DMS replication subnet group.

AWS::DMS::ReplicationTask

Use the AWS::DMS::ReplicationTask resource to create an AWS DMS replication task.

2010-05-15

New resources

July 5, 2017

AWS::CloudWatch::Dashboard

Use the AWS::CloudWatch::Dashboard resource to specify a custom CloudWatch dashboard for your CloudWatch console.

AWS::ApiGateway::DomainName

Use the AWS::ApiGateway::DomainName resource to specify a custom, friendly URL for your API that's deployed to Amazon API Gateway.

AWS::EC2::EgressOnlyInternetGateway

Use the AWS::EC2::EgressOnlyInternetGateway resource to create an egress-only internet gateway for your VPC.

InstanceFleetConfig

Use the InstanceFleetConfig resource to configure a Spot Instance fleet for an Amazon EMR cluster.

2010-05-15

Updated resources

July 5, 2017

AWS::ApiGateway::RestApi

Use the BinaryMediaTypes property to specify supported binary media types.

AWS::ApplicationAutoScaling::ScalingPolicy

Use the TargetTrackingScalingPolicyConfiguration property to specify a a target tracking scaling policy configuration.

AWS::CloudTrail::Trail

Use the TrailName property to specify a custom name for an AWS CloudTrail resource.

Use the Tags property to specify resource tags.

AWS::CodeDeploy::DeploymentGroup

Use the AlarmConfiguration property to configure alarms for the deployment group.

Use the TriggerConfigurations property to configure notification triggers for the deployment group.

AWS::EMR::Cluster

Use the CoreInstanceFleet property and the MasterInstanceFleet property in the JobFlowInstancesConfig property type to configure the Spot Instance fleet for an Amazon EMR cluster.

AWS::DynamoDB::Table

Use the TimeToLiveSpecification property to specify the Time to Live (TTL) settings for an Amazon DynamoDB table.

Use the Tags property to specify resource tags for a DynamoDB table.

AWS::EC2::Instance

The IamInstanceProfile property now supports No interruption updates.

AWS::EC2::Route

Use the EgressOnlyInternetGatewayId property to specify an egress-only Internet gateway for an EC2 route.

AWS::Kinesis::Stream

Use the RetentionPeriodHours property to specify the number of hours that data records stored in shards remain accessible.

AWS::RDS::DBCluster

Use the ReplicationSourceIdentifier property to create a DB cluster as a Read Replica of another DB cluster or an Amazon RDS MySQL DB instance.

AWS::Redshift::Cluster

Use the LoggingProperties property to create audit log files and store them in Amazon S3.

2010-05-15

New resources

June 6, 2017

AWS::EMR::SecurityConfiguration

Use the AWS::EMR::SecurityConfiguration resource to create a security configuration, which is stored in the service and can be specified when a cluster is created.

2010-05-15

Updated resources

June 6, 2017

AWS::AutoScaling::LifecycleHook

The NotificationTargetARN and RoleARN properties are now optional.

AWS::CloudWatch::Alarm

You can now use the EvaluateLowSampleCountPercentile, ExtendedStatistic, and TreatMissingData properties when creating AWS::CloudWatch::Alarm resources.

AWS::EC2::SpotFleet

AWS CloudFormation supports mutable changes to Spot fleet properties.

The following properties of the SpotFleetRequestConfigData property support Replacement updates:

  • AllocationStrategy

  • IamFleetRole

  • LaunchSpecifications

  • SpotPrice

  • TerminateInstancesWithExpiration

  • ValidFrom

  • ValidUntil

The following properties of the SpotFleetRequestConfigData property support No interruption updates:

  • ExcessCapacityTerminationPolicy

  • TargetCapacity

AWS::EMR::InstanceGroupConfig

AWS CloudFormation now supports Auto Scaling for Amazon EMR task instance groups.

AWS::Events::Rule

The RoleArn property is deprecated on the Rule resource.

Use the RoleArn property on the Target property type to specify the IAM role to use for a target.