AWS CloudFormation 2010-05-15

Whether to automatically update the extension in this account and region when a new minor version is published by the extension publisher. Major versions released by the publisher must be manually updated.

The default is true.

The name of the IAM execution role to use to activate the extension.

Contains logging configuration information for an extension.

The major version of this extension you want to activate, if multiple major versions are available. The default is the latest major version. CloudFormation uses the latest available minor version of the major version selected.

You can specify MajorVersion or VersionBump, but not both.

The Amazon Resource Number (ARN) of the public extension.

Conditional: You must specify PublicTypeArn, or TypeName, Type, and PublisherId.

The ID of the extension publisher.

Conditional: You must specify PublicTypeArn, or TypeName, Type, and PublisherId.

The extension type.

Conditional: You must specify PublicTypeArn, or TypeName, Type, and PublisherId.

The name of the extension.

Conditional: You must specify PublicTypeArn, or TypeName, Type, and PublisherId.

An alias to assign to the public extension, in this account and region. If you specify an alias for the extension, CloudFormation treats the alias as the extension type name within this account and region. You must use the alias to refer to the extension in your templates, API calls, and CloudFormation console.

An extension alias must be unique within a given account and region. You can activate the same public resource multiple times in the same account and region, using different type name aliases.

Manually updates a previously-activated type to a new major or minor version, if available. You can also use this parameter to update the value of AutoUpdate.

• MAJOR: CloudFormation updates the extension to the newest major version, if one is available.

• MINOR: CloudFormation updates the extension to the newest minor version, if one is available.

The Amazon Resource Number (ARN) of the activated extension, in this account and region.

The list of identifiers for the desired extension configurations.

A list of information concerning any errors generated during the setting of the specified configurations.

A list of any of the specified extension configurations from the CloudFormation registry.

A list of any of the specified extension configurations that CloudFormation could not process for any reason.

A unique identifier for this CancelUpdateStack request. Specify this token if you plan to retry requests so that CloudFormation knows that you're not attempting to cancel an update on a stack with the same name. You might retry CancelUpdateStack requests to ensure that CloudFormation successfully received them.

The name or the unique stack ID that is associated with the stack.

A unique identifier for this ContinueUpdateRollback request. Specify this token if you plan to retry requests so that CloudFormationknows that you're not attempting to continue the rollback to a stack with the same name. You might retry ContinueUpdateRollback requests to ensure that CloudFormation successfully received them.

A list of the logical IDs of the resources that CloudFormation skips during the continue update rollback operation. You can specify only resources that are in the UPDATE_FAILED state because a rollback failed. You can't specify resources that are in the UPDATE_FAILED state for other reasons, for example, because an update was cancelled. To check why a resource update failed, use the DescribeStackResources action, and view the resource status reason.

Specify the minimum number of resources required to successfully roll back your stack. For example, a failed resource update might cause dependent resources to fail. In this case, it might not be necessary to skip the dependent resources.

To skip resources that are part of nested stacks, use the following format: NestedStackName.ResourceLogicalID. If you want to specify the logical ID of a stack resource (Type: AWS::CloudFormation::Stack) in the ResourcesToSkip list, then its corresponding embedded stack must be in one of the following states: DELETE_IN_PROGRESS, DELETE_COMPLETE, or DELETE_FAILED.

The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFormation assumes to roll back the stack. CloudFormation uses the role's credentials to make calls on your behalf. CloudFormation always uses this role for all future operations on the stack. As long as users have permission to operate on the stack, CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least privilege.

If you don't specify a value, CloudFormation uses the role that was previously associated with the stack. If no role is available, CloudFormation uses a temporary session that is generated from your user credentials.

The name or the unique ID of the stack that you want to continue rolling back.

In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to create the stack.

• CAPABILITY_IAM and CAPABILITY_NAMED_IAM

  Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.

  The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

  • If you have IAM resources, you can specify either capability.

  • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

  • If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.

  If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.

  • AWS::IAM::AccessKey

  • AWS::IAM::Group

  • AWS::IAM::InstanceProfile

  • AWS::IAM::Policy

  • AWS::IAM::Role

  • AWS::IAM::User

  • AWS::IAM::UserToGroupAddition

  For more information, see Acknowledging IAM Resources in CloudFormation Templates.

• CAPABILITY_AUTO_EXPAND

  Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation.

  This capacity does not apply to creating change sets, and specifying it when creating change sets has no effect.

  If you want to create a stack from a stack template that contains macros and nested stacks, you must create or update the stack directly from the template using the CreateStack or UpdateStack action, and specifying this capability.

  For more information on macros, see Using CloudFormation Macros to Perform Custom Processing on Templates.

The name of the change set. The name must be unique among all change sets that are associated with the specified stack.

A change set name can contain only alphanumeric, case sensitive characters and hyphens. It must start with an alphabetic character and cannot exceed 128 characters.

The type of change set operation. To create a change set for a new stack, specify CREATE. To create a change set for an existing stack, specify UPDATE. To create a change set for an import operation, specify IMPORT.

If you create a change set for a new stack, CloudFormation creates a stack with a unique stack ID, but no template or resources. The stack will be in the REVIEW_IN_PROGRESS state until you execute the change set.

By default, CloudFormation specifies UPDATE. You can't use the UPDATE type to create a change set for a new stack or the CREATE type to create a change set for an existing stack.

A unique identifier for this CreateChangeSet request. Specify this token if you plan to retry requests so that CloudFormation knows that you're not attempting to create another change set with the same name. You might retry CreateChangeSet requests to ensure that CloudFormation successfully received them.

A description to help you identify this change set.

Creates a change set for the all nested stacks specified in the template. The default behavior of this action is set to False. To include nested sets in a change set, specify True.

The Amazon Resource Names (ARNs) of Amazon Simple Notification Service (Amazon SNS) topics that CloudFormation associates with the stack. To remove all associated notification topics, specify an empty list.

A list of Parameter structures that specify input parameters for the change set. For more information, see the Parameter data type.

The template resource types that you have permissions to work with if you execute this change set, such as AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance.

If the list of resource types doesn't include a resource type that you're updating, the stack update fails. By default, CloudFormation grants permissions to all resource types. Identity and Access Management (IAM) uses this parameter for condition keys in IAM policies for CloudFormation. For more information, see Controlling Access with Identity and Access Management in the CloudFormation User Guide.

The resources to import into your stack.

The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFormation assumes when executing the change set. CloudFormation uses the role's credentials to make calls on your behalf. CloudFormation uses this role for all future operations on the stack. As long as users have permission to operate on the stack, CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least privilege.

If you don't specify a value, CloudFormation uses the role that was previously associated with the stack. If no role is available, CloudFormation uses a temporary session that is generated from your user credentials.

The rollback triggers for CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards.

The name or the unique ID of the stack for which you are creating a change set. CloudFormation generates the change set by comparing this stack's information with the information that you submit, such as a modified template or different parameter input values.

Key-value pairs to associate with this stack. CloudFormation also propagates these tags to resources in the stack. You can specify a maximum of 50 tags.

A structure that contains the body of the revised template, with a minimum length of 1 byte and a maximum length of 51,200 bytes. CloudFormation generates the change set by comparing this template with the template of the stack that you specified.

Conditional: You must specify only TemplateBody or TemplateURL.

The location of the file that contains the revised template. The URL must point to a template (max size: 460,800 bytes) that is located in an S3 bucket or a Systems Manager document. CloudFormation generates the change set by comparing this template with the stack that you specified.

Conditional: You must specify only TemplateBody or TemplateURL.

Whether to reuse the template that is associated with the stack to create the change set.

The Amazon Resource Name (ARN) of the change set.

The unique ID of the stack.

In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to create the stack.

• CAPABILITY_IAM and CAPABILITY_NAMED_IAM

  Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.

  The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

  • If you have IAM resources, you can specify either capability.

  • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

  • If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.

  If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.

  • AWS::IAM::AccessKey

  • AWS::IAM::Group

  • AWS::IAM::InstanceProfile

  • AWS::IAM::Policy

  • AWS::IAM::Role

  • AWS::IAM::User

  • AWS::IAM::UserToGroupAddition

  For more information, see Acknowledging IAM Resources in CloudFormation Templates.

• CAPABILITY_AUTO_EXPAND

  Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation.

  If you want to create a stack from a stack template that contains macros and nested stacks, you must create the stack directly from the template using this capability.

  You should only create stacks directly from a stack template that contains macros if you know what processing the macro performs.

  Each macro relies on an underlying Lambda service function for processing stack templates. Be aware that the Lambda function owner can update the function operation without CloudFormation being notified.

  For more information, see Using CloudFormation Macros to Perform Custom Processing on Templates.

A unique identifier for this CreateStack request. Specify this token if you plan to retry requests so that CloudFormation knows that you're not attempting to create a stack with the same name. You might retry CreateStack requests to ensure that CloudFormation successfully received them.

All events triggered by a given stack operation are assigned the same client request token, which you can use to track operations. For example, if you execute a CreateStack operation with the token token1, then all the StackEvents generated by that operation will have ClientRequestToken set as token1.

In the console, stack operations display the client request token on the Events tab. Stack operations that are initiated from the console use the token format Console-StackOperation-ID, which helps you easily identify the stack operation . For example, if you create a stack using the console, each stack event would be assigned the same token in the following format: Console-CreateStack-7f59c3cf-00d2-40c7-b2ff-e75db0987002.

Set to true to disable rollback of the stack if stack creation failed. You can specify either DisableRollback or OnFailure, but not both.

Default: false

Whether to enable termination protection on the specified stack. If a user attempts to delete a stack with termination protection enabled, the operation fails and the stack remains unchanged. For more information, see Protecting a Stack From Being Deleted in the CloudFormation User Guide. Termination protection is disabled on stacks by default.

For nested stacks, termination protection is set on the root stack and cannot be changed directly on the nested stack.

The Simple Notification Service (SNS) topic ARNs to publish stack related events. You can find your SNS topic ARNs using the SNS console or your Command Line Interface (CLI).

Determines what action will be taken if stack creation fails. This must be one of: DO_NOTHING, ROLLBACK, or DELETE. You can specify either OnFailure or DisableRollback, but not both.

Default: ROLLBACK

A list of Parameter structures that specify input parameters for the stack. For more information, see the Parameter data type.

The template resource types that you have permissions to work with for this create stack action, such as AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance. Use the following syntax to describe template resource types: AWS::* (for all Amazon Web Services resources), Custom::* (for all custom resources), Custom::logical_ID (for a specific custom resource), AWS::service_name::* (for all resources of a particular Amazon Web Services service), and AWS::service_name::resource_logical_ID (for a specific Amazon Web Services resource).

If the list of resource types doesn't include a resource that you're creating, the stack creation fails. By default, CloudFormation grants permissions to all resource types. Identity and Access Management (IAM) uses this parameter for CloudFormation-specific condition keys in IAM policies. For more information, see Controlling Access with Identity and Access Management.

The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFormation assumes to create the stack. CloudFormation uses the role's credentials to make calls on your behalf. CloudFormation always uses this role for all future operations on the stack. As long as users have permission to operate on the stack, CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least privilege.

If you don't specify a value, CloudFormation uses the role that was previously associated with the stack. If no role is available, CloudFormation uses a temporary session that is generated from your user credentials.

The rollback triggers for CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards.

The name that is associated with the stack. The name must be unique in the Region in which you are creating the stack.

Structure containing the stack policy body. For more information, go to Prevent Updates to Stack Resources in the CloudFormation User Guide. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

Location of a file containing the stack policy. The URL must point to a policy (maximum size: 16 KB) located in an S3 bucket in the same Region as the stack. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

Key-value pairs to associate with this stack. CloudFormation also propagates these tags to the resources created in the stack. A maximum number of 50 tags can be specified.

Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes. For more information, go to Template Anatomy in the CloudFormation User Guide.

Conditional: You must specify either the TemplateBody or the TemplateURL parameter, but not both.

Location of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that is located in an Amazon S3 bucket or a Systems Manager document. For more information, go to the Template Anatomy in the CloudFormation User Guide.

Conditional: You must specify either the TemplateBody or the TemplateURL parameter, but not both.

The amount of time that can pass before the stack status becomes CREATE_FAILED; if DisableRollback is not set or is set to false, the stack will be rolled back.

Unique identifier of the stack.

[Self-managed permissions] The names of one or more Amazon Web Services accounts that you want to create stack instances in the specified Region(s) for.

You can specify Accounts or DeploymentTargets, but not both.

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

• If you are signed in to the management account, specify SELF.

• If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

  Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

[Service-managed permissions] The Organizations accounts for which to create stack instances in the specified Regions.

You can specify Accounts or DeploymentTargets, but not both.

The unique identifier for this stack set operation.

The operation ID also functions as an idempotency token, to ensure that CloudFormation performs the stack set operation only once, even if you retry the request multiple times. You might retry stack set operation requests to ensure that CloudFormation successfully received them.

If you don't specify an operation ID, the SDK generates one automatically.

Repeating this stack set operation with a new operation ID retries all stack instances whose status is OUTDATED.

Preferences for how CloudFormation performs this stack set operation.

A list of stack set parameters whose values you want to override in the selected stack instances.

Any overridden parameter values will be applied to all stack instances in the specified accounts and Regions. When specifying parameters and their values, be aware of how CloudFormation sets parameter values during stack instance operations:

• To override the current value for a parameter, include the parameter and specify its value.

• To leave an overridden parameter set to its present value, include the parameter and specify UsePreviousValue as true. (You cannot specify both a value and set UsePreviousValue to true.)

• To set an overridden parameter back to the value specified in the stack set, specify a parameter list but do not include the parameter in the list.

• To leave all parameters set to their present values, do not specify this property at all.

During stack set updates, any parameter values overridden for a stack instance are not updated, but retain their overridden value.

You can only override the parameter values that are specified in the stack set; to add or delete a parameter itself, use UpdateStackSet to update the stack set template.

The names of one or more Regions where you want to create stack instances using the specified Amazon Web Services accounts.

The name or unique ID of the stack set that you want to create stack instances from.

The unique identifier for this stack set operation.

The Amazon Resource Number (ARN) of the IAM role to use to create this stack set.

Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see Prerequisites: Granting Permissions for Stack Set Operations in the CloudFormation User Guide.

Describes whether StackSets automatically deploys to Organizations accounts that are added to the target organization or organizational unit (OU). Specify only if PermissionModel is SERVICE_MANAGED.

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

• To create a stack set with service-managed permissions while signed in to the management account, specify SELF.

• To create a stack set with service-managed permissions while signed in to a delegated administrator account, specify DELEGATED_ADMIN.

  Your Amazon Web Services account must be registered as a delegated admin in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

Stack sets with service-managed permissions are created in the management account, including stack sets that are created by delegated administrators.

In some cases, you must explicitly acknowledge that your stack set template contains certain capabilities in order for CloudFormation to create the stack set and related stack instances.

• CAPABILITY_IAM and CAPABILITY_NAMED_IAM

  Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new Identity and Access Management (IAM) users. For those stack sets, you must explicitly acknowledge this by specifying one of these capabilities.

  The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

  • If you have IAM resources, you can specify either capability.

  • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

  • If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.

  If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.

  • AWS::IAM::AccessKey

  • AWS::IAM::Group

  • AWS::IAM::InstanceProfile

  • AWS::IAM::Policy

  • AWS::IAM::Role

  • AWS::IAM::User

  • AWS::IAM::UserToGroupAddition

  For more information, see Acknowledging IAM Resources in CloudFormation Templates.

• CAPABILITY_AUTO_EXPAND

  Some templates reference macros. If your stack set template references one or more macros, you must create the stack set directly from the processed template, without first reviewing the resulting changes in a change set. To create the stack set directly, you must acknowledge this capability. For more information, see Using CloudFormation Macros to Perform Custom Processing on Templates.

  Stack sets with service-managed permissions do not currently support the use of macros in templates. (This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation.) Even if you specify this capability for a stack set with service-managed permissions, if you reference a macro in your template the stack set operation will fail.

A unique identifier for this CreateStackSet request. Specify this token if you plan to retry requests so that CloudFormation knows that you're not attempting to create another stack set with the same name. You might retry CreateStackSet requests to ensure that CloudFormation successfully received them.

If you don't specify an operation ID, the SDK generates one automatically.

A description of the stack set. You can use the description to identify the stack set's purpose or other important information.

The name of the IAM execution role to use to create the stack set. If you do not specify an execution role, CloudFormation uses the AWSCloudFormationStackSetExecutionRole role for the stack set operation.

Specify an IAM role only if you are using customized execution roles to control which stack resources users and groups can include in their stack sets.

The input parameters for the stack set template.

Describes how the IAM roles required for stack set operations are created. By default, SELF-MANAGED is specified.

• With self-managed permissions, you must create the administrator and execution roles required to deploy to target accounts. For more information, see Grant Self-Managed Stack Set Permissions.

• With service-managed permissions, StackSets automatically creates the IAM roles required to deploy to accounts managed by Organizations. For more information, see Grant Service-Managed Stack Set Permissions.

The stack ID you are importing into a new stack set. Specify the Amazon Resource Number (ARN) of the stack.

The name to associate with the stack set. The name must be unique in the Region where you create your stack set.

The key-value pairs to associate with this stack set and the stacks created from it. CloudFormation also propagates these tags to supported resources that are created in the stacks. A maximum number of 50 tags can be specified.

If you specify tags as part of a CreateStackSet action, CloudFormation checks to see if you have the required IAM permission to tag resources. If you don't, the entire CreateStackSet action fails with an access denied error, and the stack set is not created.

The structure that contains the template body, with a minimum length of 1 byte and a maximum length of 51,200 bytes. For more information, see Template Anatomy in the CloudFormation User Guide.

Conditional: You must specify either the TemplateBody or the TemplateURL parameter, but not both.

The location of the file that contains the template body. The URL must point to a template (maximum size: 460,800 bytes) that's located in an Amazon S3 bucket or a Systems Manager document. For more information, see Template Anatomy in the CloudFormation User Guide.

Conditional: You must specify either the TemplateBody or the TemplateURL parameter, but not both.

The ID of the stack set that you're creating.

The Amazon Resource Name (ARN) for the extension, in this account and region.

Conditional: You must specify either Arn, or TypeName and Type.

The extension type.

Conditional: You must specify either Arn, or TypeName and Type.

The type name of the extension, in this account and region. If you specified a type name alias when enabling the extension, use the type name alias.

Conditional: You must specify either Arn, or TypeName and Type.

The name or Amazon Resource Name (ARN) of the change set that you want to delete.

If you specified the name of a change set to delete, specify the stack name or ID (ARN) that is associated with it.

A unique identifier for this DeleteStack request. Specify this token if you plan to retry requests so that CloudFormation knows that you're not attempting to delete a stack with the same name. You might retry DeleteStack requests to ensure that CloudFormation successfully received them.

All events triggered by a given stack operation are assigned the same client request token, which you can use to track operations. For example, if you execute a CreateStack operation with the token token1, then all the StackEvents generated by that operation will have ClientRequestToken set as token1.

In the console, stack operations display the client request token on the Events tab. Stack operations that are initiated from the console use the token format Console-StackOperation-ID, which helps you easily identify the stack operation . For example, if you create a stack using the console, each stack event would be assigned the same token in the following format: Console-CreateStack-7f59c3cf-00d2-40c7-b2ff-e75db0987002.

For stacks in the DELETE_FAILED state, a list of resource logical IDs that are associated with the resources you want to retain. During deletion, CloudFormation deletes the stack but does not delete the retained resources.

Retaining resources is useful when you cannot delete a resource, such as a non-empty S3 bucket, but you want to delete the stack.

The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFormation assumes to delete the stack. CloudFormation uses the role's credentials to make calls on your behalf.

If you don't specify a value, CloudFormation uses the role that was previously associated with the stack. If no role is available, CloudFormation uses a temporary session that is generated from your user credentials.

The name or the unique stack ID that is associated with the stack.

[Self-managed permissions] The names of the Amazon Web Services accounts that you want to delete stack instances for.

You can specify Accounts or DeploymentTargets, but not both.

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

• If you are signed in to the management account, specify SELF.

• If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

  Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

[Service-managed permissions] The Organizations accounts from which to delete stack instances.

You can specify Accounts or DeploymentTargets, but not both.

The unique identifier for this stack set operation.

If you don't specify an operation ID, the SDK generates one automatically.

The operation ID also functions as an idempotency token, to ensure that CloudFormation performs the stack set operation only once, even if you retry the request multiple times. You can retry stack set operation requests to ensure that CloudFormation successfully received them.

Repeating this stack set operation with a new operation ID retries all stack instances whose status is OUTDATED.

Preferences for how CloudFormation performs this stack set operation.

The Regions where you want to delete stack set instances.

Removes the stack instances from the specified stack set, but doesn't delete the stacks. You can't reassociate a retained stack or add an existing, saved stack to a new stack set.

For more information, see Stack set operation options.

The name or unique ID of the stack set that you want to delete stack instances for.

The unique identifier for this stack set operation.

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

• If you are signed in to the management account, specify SELF.

• If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

  Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

The name or unique ID of the stack set that you're deleting. You can obtain this value by running ListStackSets.

The Amazon Resource Name (ARN) of the extension.

Conditional: You must specify either TypeName and Type, or Arn.

The kind of extension.

Conditional: You must specify either TypeName and Type, or Arn.

The name of the extension.

Conditional: You must specify either TypeName and Type, or Arn.

The ID of a specific version of the extension. The version ID is the value at the end of the Amazon Resource Name (ARN) assigned to the extension version when it is registered.

A string that identifies the next page of limits that you want to retrieve.

An account limit structure that contain a list of CloudFormation account limits and their values.

If the output exceeds 1 MB in size, a string that identifies the next page of limits. If no additional page exists, this value is null.

The name or Amazon Resource Name (ARN) of the change set that you want to describe.

A string (provided by the DescribeChangeSet response output) that identifies the next page of information that you want to retrieve.

If you specified the name of a change set, specify the stack name or ID (ARN) of the change set you want to describe.

If you execute the change set, the list of capabilities that were explicitly acknowledged when the change set was created.

The ARN of the change set.

The name of the change set.

A list of Change structures that describes the resources CloudFormation changes if you execute the change set.

The start time when the change set was created, in UTC.

Information about the change set.

If the change set execution status is AVAILABLE, you can execute the change set. If you can’t execute the change set, the status indicates why. For example, a change set might be in an UNAVAILABLE state because CloudFormation is still creating it or in an OBSOLETE state because the stack was already updated.

Verifies if IncludeNestedStacks is set to True.

If the output exceeds 1 MB, a string that identifies the next page of changes. If there is no additional page, this value is null.

The ARNs of the Amazon Simple Notification Service (Amazon SNS) topics that will be associated with the stack if you execute the change set.

A list of Parameter structures that describes the input parameters and their values used to create the change set. For more information, see the Parameter data type.

Specifies the change set ID of the parent change set in the current nested change set hierarchy.

The rollback triggers for CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards.

Specifies the change set ID of the root change set in the current nested change set hierarchy.

The ARN of the stack that is associated with the change set.

The name of the stack that is associated with the change set.

The current status of the change set, such as CREATE_IN_PROGRESS, CREATE_COMPLETE, or FAILED.

A description of the change set's status. For example, if your attempt to create a change set failed, CloudFormation shows the error message.

If you execute the change set, the tags that will be associated with the stack.

The ID of the extension publisher.

If you do not supply a PublisherId, and you have registered as an extension publisher, DescribePublisher returns information about your own publisher account.

The type of account used as the identity provider when registering this publisher with CloudFormation.

The ID of the extension publisher.

The URL to the publisher's profile with the identity provider.

Whether the publisher is verified. Currently, all registered publishers are verified.

The ID of the drift detection results of this operation.

CloudFormation generates new results, with a new drift detection ID, each time this operation is run. However, the number of drift results CloudFormation retains for any given stack, and for how long, may vary.

The status of the stack drift detection operation.

• DETECTION_COMPLETE: The stack drift detection operation has successfully completed for all resources in the stack that support drift detection. (Resources that do not currently support stack detection remain unchecked.)

  If you specified logical resource IDs for CloudFormation to use as a filter for the stack drift detection operation, only the resources with those logical IDs are checked for drift.

• DETECTION_FAILED: The stack drift detection operation has failed for at least one resource in the stack. Results will be available for resources on which CloudFormation successfully completed drift detection.

• DETECTION_IN_PROGRESS: The stack drift detection operation is currently in progress.

The reason the stack drift detection operation has its current status.

Total number of stack resources that have drifted. This is NULL until the drift detection operation reaches a status of DETECTION_COMPLETE. This value will be 0 for stacks whose drift status is IN_SYNC.

The ID of the drift detection results of this operation.

CloudFormation generates new results, with a new drift detection ID, each time this operation is run. However, the number of reports CloudFormation retains for any given stack, and for how long, may vary.

Status of the stack's actual configuration compared to its expected configuration.

• DRIFTED: The stack differs from its expected template configuration. A stack is considered to have drifted if one or more of its resources have drifted.

• NOT_CHECKED: CloudFormation has not checked if the stack differs from its expected template configuration.

• IN_SYNC: The stack's actual configuration matches its expected template configuration.

• UNKNOWN: This value is reserved for future use.

The ID of the stack.

Time at which the stack drift detection operation was initiated.

A string that identifies the next page of events that you want to retrieve.

The name or the unique stack ID that is associated with the stack, which are not always interchangeable:

• Running stacks: You can specify either the stack's name or its unique stack ID.

• Deleted stacks: You must specify the unique stack ID.

Default: There is no default value.

If the output exceeds 1 MB in size, a string that identifies the next page of events. If no additional page exists, this value is null.

A list of StackEvents structures.

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

• If you are signed in to the management account, specify SELF.

• If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

  Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

The ID of an Amazon Web Services account that's associated with this stack instance.

The name of a Region that's associated with this stack instance.

The name or the unique stack ID of the stack set that you want to get stack instance information for.

The stack instance that matches the specified request parameters.

The logical name of the resource as specified in the template.

Default: There is no default value.

The name or the unique stack ID that is associated with the stack, which are not always interchangeable:

• Running stacks: You can specify either the stack's name or its unique stack ID.

• Deleted stacks: You must specify the unique stack ID.

Default: There is no default value.

A StackResourceDetail structure containing the description of the specified resource in the specified stack.

The maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.

A string that identifies the next page of stack resource drift results.

The name of the stack for which you want drift information.

The resource drift status values to use as filters for the resource drift results returned.

• DELETED: The resource differs from its expected template configuration in that the resource has been deleted.

• MODIFIED: One or more resource properties differ from their expected template values.

• IN_SYNC: The resources's actual configuration matches its expected template configuration.

• NOT_CHECKED: CloudFormation does not currently return this value.

If the request doesn't return all of the remaining results, NextToken is set to a token. To retrieve the next set of results, call DescribeStackResourceDrifts again and assign that token to the request object's NextToken parameter. If the request returns all results, NextToken is set to null.

Drift information for the resources that have been checked for drift in the specified stack. This includes actual and expected configuration values for resources where CloudFormation detects drift.

For a given stack, there will be one StackResourceDrift for each stack resource that has been checked for drift. Resources that have not yet been checked for drift are not included. Resources that do not currently support drift detection are not checked, and so not included. For a list of resources that support drift detection, see Resources that Support Drift Detection.

The logical name of the resource as specified in the template.

Default: There is no default value.

The name or unique identifier that corresponds to a physical instance ID of a resource supported by CloudFormation.

For example, for an Amazon Elastic Compute Cloud (EC2) instance, PhysicalResourceId corresponds to the InstanceId. You can pass the EC2 InstanceId to DescribeStackResources to find which stack the instance belongs to and what other resources are part of the stack.

Required: Conditional. If you do not specify PhysicalResourceId, you must specify StackName.

Default: There is no default value.

The name or the unique stack ID that is associated with the stack, which are not always interchangeable:

• Running stacks: You can specify either the stack's name or its unique stack ID.

• Deleted stacks: You must specify the unique stack ID.

Default: There is no default value.

Required: Conditional. If you do not specify StackName, you must specify PhysicalResourceId.

A list of StackResource structures.

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

• If you are signed in to the management account, specify SELF.

• If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

  Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

The name or unique ID of the stack set whose description you want.

The specified stack set.

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

• If you are signed in to the management account, specify SELF.

• If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

  Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

The unique ID of the stack set operation.

The name or the unique stack ID of the stack set for the stack operation.

The specified stack set operation.

A string that identifies the next page of stacks that you want to retrieve.

The name or the unique stack ID that is associated with the stack, which are not always interchangeable:

• Running stacks: You can specify either the stack's name or its unique stack ID.

• Deleted stacks: You must specify the unique stack ID.

Default: There is no default value.

If the output exceeds 1 MB in size, a string that identifies the next page of stacks. If no additional page exists, this value is null.

A list of stack structures.

The Amazon Resource Name (ARN) of the extension.

Conditional: You must specify either TypeName and Type, or Arn.

The version number of a public third-party extension.

The publisher ID of the extension publisher.

Extensions provided by Amazon are not assigned a publisher ID.

The kind of extension.

Conditional: You must specify either TypeName and Type, or Arn.

The name of the extension.

Conditional: You must specify either TypeName and Type, or Arn.

The ID of a specific version of the extension. The version ID is the value at the end of the Amazon Resource Name (ARN) assigned to the extension version when it is registered.

If you specify a VersionId, DescribeType returns information about that specific extension version. Otherwise, it returns information about the default extension version.

The Amazon Resource Name (ARN) of the extension.

Whether CloudFormation automatically updates the extension in this account and region when a new minor version is published by the extension publisher. Major versions released by the publisher must be manually updated. For more information, see Activating public extensions for use in your account in the CloudFormation User Guide.

A JSON string that represent the current configuration data for the extension in this account and region.

To set the configuration data for an extension, use SetTypeConfiguration. For more information, see Configuring extensions at the account level in the CloudFormation User Guide.

The ID of the default version of the extension. The default version is used when the extension version is not specified.

This applies only to private extensions you have registered in your account. For public extensions, both those provided by Amazon and published by third parties, CloudFormation returns null. For more information, see RegisterType.

To set the default version of an extension, use SetTypeDefaultVersion .

The deprecation status of the extension version.

Valid values include:

• LIVE: The extension is activated or registered and can be used in CloudFormation operations, dependent on its provisioning behavior and visibility scope.

• DEPRECATED: The extension has been deactivated or deregistered and can no longer be used in CloudFormation operations.

For public third-party extensions, CloudFormation returns null.

The description of the extension.

The URL of a page providing detailed documentation for this extension.

The Amazon Resource Name (ARN) of the IAM execution role used to register the extension. This applies only to private extensions you have registered in your account. For more information, see RegisterType.

If the registered extension calls any Amazon Web Services APIs, you must create an IAM execution role that includes the necessary permissions to call those Amazon Web Services APIs, and provision that execution role in your account. CloudFormation then assumes that execution role to provide your extension with the appropriate credentials.

Whether or not the extension is activated in the account and region.

This only applies to public third-party extensions. For all other extensions, CloudFormation returns null.

Whether the specified extension version is set as the default version.

This applies only to private extensions you have registered in your account, and extensions published by Amazon. For public third-party extensions, whether or not they are activated in your account, CloudFormation returns null.

When the specified extension version was registered. This applies only to:

• Private extensions you have registered in your account. For more information, see RegisterType.

• Public extensions you have activated in your account with auto-update specified. For more information, see ActivateType.

The latest version of a public extension that is available for use.

This only applies if you specify a public extension, and you do not specify a version. For all other requests, CloudFormation returns null.

Contains logging configuration information for private extensions. This applies only to private extensions you have registered in your account. For public extensions, both those provided by Amazon and published by third parties, CloudFormation returns null. For more information, see RegisterType.

For public extensions that have been activated for this account and region, the Amazon Resource Name (ARN) of the public extension.

For public extensions that have been activated for this account and region, the type name of the public extension.

If you specified a TypeNameAlias when enabling the extension in this account and region, CloudFormation treats that alias as the extension's type name within the account and region, not the type name of the public extension. For more information, see Specifying aliases to refer to extensions in the CloudFormation User Guide.

For resource type extensions, the provisioning behavior of the resource type. CloudFormation determines the provisioning type during registration, based on the types of handlers in the schema handler package submitted.

Valid values include:

• FULLY_MUTABLE: The resource type includes an update handler to process updates to the type during stack update operations.

• IMMUTABLE: The resource type does not include an update handler, so the type cannot be updated and must instead be replaced during stack update operations.

• NON_PROVISIONABLE: The resource type does not include all of the following handlers, and therefore cannot actually be provisioned.

  • create

  • read

  • delete

The version number of a public third-party extension.

This applies only if you specify a public extension you have activated in your account, or specify a public extension without specifying a version. For all other extensions, CloudFormation returns null.

The publisher ID of the extension publisher.

This applies only to public third-party extensions. For private registered extensions, and extensions provided by Amazon, CloudFormation returns null.

For extensions that are modules, the public third-party extensions that must be activated in your account in order for the module itself to be activated.

The schema that defines the extension.

For more information on extension schemas, see Resource Provider Schema in the CloudFormation CLI User Guide.

The URL of the source code for the extension.

When the specified private extension version was registered or activated in your account.

The kind of extension.

The name of the extension.

If the extension is a public third-party type you have activated with a type name alias, CloudFormation returns the type name alias. For more information, see ActivateType.

The contract test status of the registered extension version. To return the extension test status of a specifc extension version, you must specify VersionId.

This applies only to registered private extension versions. CloudFormation does not return this information for public extensions, whether or not they are activated in your account.

• PASSED: The extension has passed all its contract tests.

  An extension must have a test status of PASSED before it can be published. For more information, see Publishing extensions to make them available for public use in the CloudFormation Command Line Interface User Guide.

• FAILED: The extension has failed one or more contract tests.

• IN_PROGRESS: Contract tests are currently being performed on the extension.

• NOT_TESTED: Contract tests have not been performed on the extension.

The description of the test status. To return the extension test status of a specifc extension version, you must specify VersionId.

This applies only to registered private extension versions. CloudFormation does not return this information for public extensions, whether or not they are activated in your account.

The scope at which the extension is visible and usable in CloudFormation operations.

Valid values include:

• PRIVATE: The extension is only visible and usable within the account in which it is registered. CloudFormation marks any extensions you register as PRIVATE.

• PUBLIC: The extension is publically visible and usable within any Amazon account.

The identifier for this registration request.

This registration token is generated by CloudFormation when you initiate a registration request using RegisterType .

The description of the extension registration request.

The current status of the extension registration request.

The Amazon Resource Name (ARN) of the extension being registered.

For registration requests with a ProgressStatus of other than COMPLETE, this will be null.

The Amazon Resource Name (ARN) of this specific version of the extension being registered.

For registration requests with a ProgressStatus of other than COMPLETE, this will be null.

The logical names of any resources you want to use as filters.

The name of the stack for which you want to detect drift.

The ID of the drift detection results of this operation.

CloudFormation generates new results, with a new drift detection ID, each time this operation is run. However, the number of drift results CloudFormation retains for any given stack, and for how long, may vary.

The logical name of the resource for which to return drift information.

The name of the stack to which the resource belongs.

Information about whether the resource's actual configuration has drifted from its expected template configuration, including actual and expected property values and any differences detected.

[Service-managed permissions] Specifies whether you are acting as an account administrator in the organization's management account or as a delegated administrator in a member account.

By default, SELF is specified. Use SELF for stack sets with self-managed permissions.

• If you are signed in to the management account, specify SELF.

• If you are signed in to a delegated administrator account, specify DELEGATED_ADMIN.

  Your Amazon Web Services account must be registered as a delegated administrator in the management account. For more information, see Register a delegated administrator in the CloudFormation User Guide.

The ID of the stack set operation.

The user-specified preferences for how CloudFormation performs a stack set operation.

For more information on maximum concurrent accounts and failure tolerance, see Stack set operation options.

The name of the stack set on which to perform the drift detection operation.

The ID of the drift detection stack set operation.

you can use this operation id with DescribeStackSetOperation to monitor the progress of the drift detection operation.

A list of Parameter structures that specify input parameters.

Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes. (For more information, go to Template Anatomy in the CloudFormation User Guide.)

Conditional: You must pass TemplateBody or TemplateURL. If both are passed, only TemplateBody is used.

Location of file containing the template body. The URL must point to a template that is located in an Amazon S3 bucket or a Systems Manager document. For more information, go to Template Anatomy in the CloudFormation User Guide.

Conditional: You must pass TemplateURL or TemplateBody. If both are passed, only TemplateBody is used.