AWS CloudFormation 2010-05-15

A unique identifier for this CancelUpdateStack request. Specify this token if you plan to retry requests so that AWS CloudFormation knows that you're not attempting to cancel an update on a stack with the same name. You might retry CancelUpdateStack requests to ensure that AWS CloudFormation successfully received them.

The name or the unique stack ID that is associated with the stack.

A unique identifier for this ContinueUpdateRollback request. Specify this token if you plan to retry requests so that AWS CloudFormation knows that you're not attempting to continue the rollback to a stack with the same name. You might retry ContinueUpdateRollback requests to ensure that AWS CloudFormation successfully received them.

A list of the logical IDs of the resources that AWS CloudFormation skips during the continue update rollback operation. You can specify only resources that are in the UPDATE_FAILED state because a rollback failed. You can't specify resources that are in the UPDATE_FAILED state for other reasons, for example, because an update was cancelled. To check why a resource update failed, use the DescribeStackResources action, and view the resource status reason.

Specify the minimum number of resources required to successfully roll back your stack. For example, a failed resource update might cause dependent resources to fail. In this case, it might not be necessary to skip the dependent resources.

To skip resources that are part of nested stacks, use the following format: NestedStackName.ResourceLogicalID. If you want to specify the logical ID of a stack resource (Type: AWS::CloudFormation::Stack) in the ResourcesToSkip list, then its corresponding embedded stack must be in one of the following states: DELETE_IN_PROGRESS, DELETE_COMPLETE, or DELETE_FAILED.

The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that AWS CloudFormation assumes to roll back the stack. AWS CloudFormation uses the role's credentials to make calls on your behalf. AWS CloudFormation always uses this role for all future operations on the stack. As long as users have permission to operate on the stack, AWS CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least privilege.

If you don't specify a value, AWS CloudFormation uses the role that was previously associated with the stack. If no role is available, AWS CloudFormation uses a temporary session that is generated from your user credentials.

The name or the unique ID of the stack that you want to continue rolling back.

In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for AWS CloudFormation to create the stack.

• CAPABILITY_IAM and CAPABILITY_NAMED_IAM

  Some stack templates might include resources that can affect permissions in your AWS account; for example, by creating new AWS Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.

  The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

  • If you have IAM resources, you can specify either capability.

  • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

  • If you don't specify either of these capabilities, AWS CloudFormation returns an InsufficientCapabilities error.

  If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.

  • AWS::IAM::AccessKey

  • AWS::IAM::Group

  • AWS::IAM::InstanceProfile

  • AWS::IAM::Policy

  • AWS::IAM::Role

  • AWS::IAM::User

  • AWS::IAM::UserToGroupAddition

  For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.

• CAPABILITY_AUTO_EXPAND

  Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by AWS CloudFormation.

  This capacity does not apply to creating change sets, and specifying it when creating change sets has no effect.

  Also, change sets do not currently support nested stacks. If you want to create a stack from a stack template that contains macros and nested stacks, you must create or update the stack directly from the template using the CreateStack or UpdateStack action, and specifying this capability.

  For more information on macros, see Using AWS CloudFormation Macros to Perform Custom Processing on Templates.

The name of the change set. The name must be unique among all change sets that are associated with the specified stack.

A change set name can contain only alphanumeric, case sensitive characters and hyphens. It must start with an alphabetic character and cannot exceed 128 characters.

The type of change set operation. To create a change set for a new stack, specify CREATE. To create a change set for an existing stack, specify UPDATE. To create a change set for an import operation, specify IMPORT.

If you create a change set for a new stack, AWS Cloudformation creates a stack with a unique stack ID, but no template or resources. The stack will be in the REVIEW_IN_PROGRESS state until you execute the change set.

By default, AWS CloudFormation specifies UPDATE. You can't use the UPDATE type to create a change set for a new stack or the CREATE type to create a change set for an existing stack.

A unique identifier for this CreateChangeSet request. Specify this token if you plan to retry requests so that AWS CloudFormation knows that you're not attempting to create another change set with the same name. You might retry CreateChangeSet requests to ensure that AWS CloudFormation successfully received them.

A description to help you identify this change set.

The Amazon Resource Names (ARNs) of Amazon Simple Notification Service (Amazon SNS) topics that AWS CloudFormation associates with the stack. To remove all associated notification topics, specify an empty list.

A list of Parameter structures that specify input parameters for the change set. For more information, see the Parameter data type.

The template resource types that you have permissions to work with if you execute this change set, such as AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance.

If the list of resource types doesn't include a resource type that you're updating, the stack update fails. By default, AWS CloudFormation grants permissions to all resource types. AWS Identity and Access Management (IAM) uses this parameter for condition keys in IAM policies for AWS CloudFormation. For more information, see Controlling Access with AWS Identity and Access Management in the AWS CloudFormation User Guide.

The resources to import into your stack.

The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that AWS CloudFormation assumes when executing the change set. AWS CloudFormation uses the role's credentials to make calls on your behalf. AWS CloudFormation uses this role for all future operations on the stack. As long as users have permission to operate on the stack, AWS CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least privilege.

If you don't specify a value, AWS CloudFormation uses the role that was previously associated with the stack. If no role is available, AWS CloudFormation uses a temporary session that is generated from your user credentials.

The rollback triggers for AWS CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards.

The name or the unique ID of the stack for which you are creating a change set. AWS CloudFormation generates the change set by comparing this stack's information with the information that you submit, such as a modified template or different parameter input values.

Key-value pairs to associate with this stack. AWS CloudFormation also propagates these tags to resources in the stack. You can specify a maximum of 50 tags.

A structure that contains the body of the revised template, with a minimum length of 1 byte and a maximum length of 51,200 bytes. AWS CloudFormation generates the change set by comparing this template with the template of the stack that you specified.

Conditional: You must specify only TemplateBody or TemplateURL.

The location of the file that contains the revised template. The URL must point to a template (max size: 460,800 bytes) that is located in an S3 bucket. AWS CloudFormation generates the change set by comparing this template with the stack that you specified.

Conditional: You must specify only TemplateBody or TemplateURL.

Whether to reuse the template that is associated with the stack to create the change set.

The Amazon Resource Name (ARN) of the change set.

The unique ID of the stack.

In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for AWS CloudFormation to create the stack.

• CAPABILITY_IAM and CAPABILITY_NAMED_IAM

  Some stack templates might include resources that can affect permissions in your AWS account; for example, by creating new AWS Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.

  The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

  • If you have IAM resources, you can specify either capability.

  • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

  • If you don't specify either of these capabilities, AWS CloudFormation returns an InsufficientCapabilities error.

  If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.

  • AWS::IAM::AccessKey

  • AWS::IAM::Group

  • AWS::IAM::InstanceProfile

  • AWS::IAM::Policy

  • AWS::IAM::Role

  • AWS::IAM::User

  • AWS::IAM::UserToGroupAddition

  For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.

• CAPABILITY_AUTO_EXPAND

  Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by AWS CloudFormation.

  Change sets do not currently support nested stacks. If you want to create a stack from a stack template that contains macros and nested stacks, you must create the stack directly from the template using this capability.

  You should only create stacks directly from a stack template that contains macros if you know what processing the macro performs.

  Each macro relies on an underlying Lambda service function for processing stack templates. Be aware that the Lambda function owner can update the function operation without AWS CloudFormation being notified.

  For more information, see Using AWS CloudFormation Macros to Perform Custom Processing on Templates.

A unique identifier for this CreateStack request. Specify this token if you plan to retry requests so that AWS CloudFormation knows that you're not attempting to create a stack with the same name. You might retry CreateStack requests to ensure that AWS CloudFormation successfully received them.

All events triggered by a given stack operation are assigned the same client request token, which you can use to track operations. For example, if you execute a CreateStack operation with the token token1, then all the StackEvents generated by that operation will have ClientRequestToken set as token1.

In the console, stack operations display the client request token on the Events tab. Stack operations that are initiated from the console use the token format Console-StackOperation-ID, which helps you easily identify the stack operation . For example, if you create a stack using the console, each stack event would be assigned the same token in the following format: Console-CreateStack-7f59c3cf-00d2-40c7-b2ff-e75db0987002.

Set to true to disable rollback of the stack if stack creation failed. You can specify either DisableRollback or OnFailure, but not both.

Default: false

Whether to enable termination protection on the specified stack. If a user attempts to delete a stack with termination protection enabled, the operation fails and the stack remains unchanged. For more information, see Protecting a Stack From Being Deleted in the AWS CloudFormation User Guide. Termination protection is disabled on stacks by default.

For nested stacks, termination protection is set on the root stack and cannot be changed directly on the nested stack.

The Simple Notification Service (SNS) topic ARNs to publish stack related events. You can find your SNS topic ARNs using the SNS console or your Command Line Interface (CLI).

Determines what action will be taken if stack creation fails. This must be one of: DO_NOTHING, ROLLBACK, or DELETE. You can specify either OnFailure or DisableRollback, but not both.

Default: ROLLBACK

A list of Parameter structures that specify input parameters for the stack. For more information, see the Parameter data type.

The template resource types that you have permissions to work with for this create stack action, such as AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance. Use the following syntax to describe template resource types: AWS::* (for all AWS resource), Custom::* (for all custom resources), Custom::logical_ID (for a specific custom resource), AWS::service_name::* (for all resources of a particular AWS service), and AWS::service_name::resource_logical_ID (for a specific AWS resource).

If the list of resource types doesn't include a resource that you're creating, the stack creation fails. By default, AWS CloudFormation grants permissions to all resource types. AWS Identity and Access Management (IAM) uses this parameter for AWS CloudFormation-specific condition keys in IAM policies. For more information, see Controlling Access with AWS Identity and Access Management.

The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that AWS CloudFormation assumes to create the stack. AWS CloudFormation uses the role's credentials to make calls on your behalf. AWS CloudFormation always uses this role for all future operations on the stack. As long as users have permission to operate on the stack, AWS CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least privilege.

If you don't specify a value, AWS CloudFormation uses the role that was previously associated with the stack. If no role is available, AWS CloudFormation uses a temporary session that is generated from your user credentials.

The rollback triggers for AWS CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards.

The name that is associated with the stack. The name must be unique in the region in which you are creating the stack.

Structure containing the stack policy body. For more information, go to Prevent Updates to Stack Resources in the AWS CloudFormation User Guide. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

Location of a file containing the stack policy. The URL must point to a policy (maximum size: 16 KB) located in an S3 bucket in the same region as the stack. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

Key-value pairs to associate with this stack. AWS CloudFormation also propagates these tags to the resources created in the stack. A maximum number of 50 tags can be specified.

Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes. For more information, go to Template Anatomy in the AWS CloudFormation User Guide.

Conditional: You must specify either the TemplateBody or the TemplateURL parameter, but not both.

Location of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that is located in an Amazon S3 bucket. For more information, go to the Template Anatomy in the AWS CloudFormation User Guide.

Conditional: You must specify either the TemplateBody or the TemplateURL parameter, but not both.

The amount of time that can pass before the stack status becomes CREATE_FAILED; if DisableRollback is not set or is set to false, the stack will be rolled back.

Unique identifier of the stack.

The names of one or more AWS accounts that you want to create stack instances in the specified region(s) for.

The unique identifier for this stack set operation.

The operation ID also functions as an idempotency token, to ensure that AWS CloudFormation performs the stack set operation only once, even if you retry the request multiple times. You might retry stack set operation requests to ensure that AWS CloudFormation successfully received them.

If you don't specify an operation ID, the SDK generates one automatically.

Repeating this stack set operation with a new operation ID retries all stack instances whose status is OUTDATED.

Preferences for how AWS CloudFormation performs this stack set operation.

A list of stack set parameters whose values you want to override in the selected stack instances.

Any overridden parameter values will be applied to all stack instances in the specified accounts and regions. When specifying parameters and their values, be aware of how AWS CloudFormation sets parameter values during stack instance operations:

• To override the current value for a parameter, include the parameter and specify its value.

• To leave a parameter set to its present value, you can do one of the following:

  • Do not include the parameter in the list.

  • Include the parameter and specify UsePreviousValue as true. (You cannot specify both a value and set UsePreviousValue to true.)

• To set all overridden parameter back to the values specified in the stack set, specify a parameter list but do not include any parameters.

• To leave all parameters set to their present values, do not specify this property at all.

During stack set updates, any parameter values overridden for a stack instance are not updated, but retain their overridden value.

You can only override the parameter values that are specified in the stack set; to add or delete a parameter itself, use UpdateStackSet to update the stack set template.

The names of one or more regions where you want to create stack instances using the specified AWS account(s).

The name or unique ID of the stack set that you want to create stack instances from.

The unique identifier for this stack set operation.

The Amazon Resource Number (ARN) of the IAM role to use to create this stack set.

Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific stack sets within the same administrator account. For more information, see Prerequisites: Granting Permissions for Stack Set Operations in the AWS CloudFormation User Guide.

In some cases, you must explicitly acknowledge that your stack set template contains certain capabilities in order for AWS CloudFormation to create the stack set and related stack instances.

• CAPABILITY_IAM and CAPABILITY_NAMED_IAM

  Some stack templates might include resources that can affect permissions in your AWS account; for example, by creating new AWS Identity and Access Management (IAM) users. For those stack sets, you must explicitly acknowledge this by specifying one of these capabilities.

  The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.

  • If you have IAM resources, you can specify either capability.

  • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.

  • If you don't specify either of these capabilities, AWS CloudFormation returns an InsufficientCapabilities error.

  If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.

  • AWS::IAM::AccessKey

  • AWS::IAM::Group

  • AWS::IAM::InstanceProfile

  • AWS::IAM::Policy

  • AWS::IAM::Role

  • AWS::IAM::User

  • AWS::IAM::UserToGroupAddition

  For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.

• CAPABILITY_AUTO_EXPAND

  Some templates contain macros. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. For more information, see Using AWS CloudFormation Macros to Perform Custom Processing on Templates.

  Stack sets do not currently support macros in stack templates. (This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by AWS CloudFormation.) Even if you specify this capability, if you include a macro in your template the stack set operation will fail.

A unique identifier for this CreateStackSet request. Specify this token if you plan to retry requests so that AWS CloudFormation knows that you're not attempting to create another stack set with the same name. You might retry CreateStackSet requests to ensure that AWS CloudFormation successfully received them.

If you don't specify an operation ID, the SDK generates one automatically.

A description of the stack set. You can use the description to identify the stack set's purpose or other important information.

The name of the IAM execution role to use to create the stack set. If you do not specify an execution role, AWS CloudFormation uses the AWSCloudFormationStackSetExecutionRole role for the stack set operation.

Specify an IAM role only if you are using customized execution roles to control which stack resources users and groups can include in their stack sets.

The input parameters for the stack set template.

The name to associate with the stack set. The name must be unique in the region where you create your stack set.

The key-value pairs to associate with this stack set and the stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the stacks. A maximum number of 50 tags can be specified.

If you specify tags as part of a CreateStackSet action, AWS CloudFormation checks to see if you have the required IAM permission to tag resources. If you don't, the entire CreateStackSet action fails with an access denied error, and the stack set is not created.

The structure that contains the template body, with a minimum length of 1 byte and a maximum length of 51,200 bytes. For more information, see Template Anatomy in the AWS CloudFormation User Guide.

Conditional: You must specify either the TemplateBody or the TemplateURL parameter, but not both.

The location of the file that contains the template body. The URL must point to a template (maximum size: 460,800 bytes) that's located in an Amazon S3 bucket. For more information, see Template Anatomy in the AWS CloudFormation User Guide.

Conditional: You must specify either the TemplateBody or the TemplateURL parameter, but not both.

The ID of the stack set that you're creating.

The name or Amazon Resource Name (ARN) of the change set that you want to delete.

If you specified the name of a change set to delete, specify the stack name or ID (ARN) that is associated with it.

A unique identifier for this DeleteStack request. Specify this token if you plan to retry requests so that AWS CloudFormation knows that you're not attempting to delete a stack with the same name. You might retry DeleteStack requests to ensure that AWS CloudFormation successfully received them.

All events triggered by a given stack operation are assigned the same client request token, which you can use to track operations. For example, if you execute a CreateStack operation with the token token1, then all the StackEvents generated by that operation will have ClientRequestToken set as token1.

In the console, stack operations display the client request token on the Events tab. Stack operations that are initiated from the console use the token format Console-StackOperation-ID, which helps you easily identify the stack operation . For example, if you create a stack using the console, each stack event would be assigned the same token in the following format: Console-CreateStack-7f59c3cf-00d2-40c7-b2ff-e75db0987002.

For stacks in the DELETE_FAILED state, a list of resource logical IDs that are associated with the resources you want to retain. During deletion, AWS CloudFormation deletes the stack but does not delete the retained resources.

Retaining resources is useful when you cannot delete a resource, such as a non-empty S3 bucket, but you want to delete the stack.

The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that AWS CloudFormation assumes to delete the stack. AWS CloudFormation uses the role's credentials to make calls on your behalf.

If you don't specify a value, AWS CloudFormation uses the role that was previously associated with the stack. If no role is available, AWS CloudFormation uses a temporary session that is generated from your user credentials.

The name or the unique stack ID that is associated with the stack.

The names of the AWS accounts that you want to delete stack instances for.

The unique identifier for this stack set operation.

If you don't specify an operation ID, the SDK generates one automatically.

The operation ID also functions as an idempotency token, to ensure that AWS CloudFormation performs the stack set operation only once, even if you retry the request multiple times. You can retry stack set operation requests to ensure that AWS CloudFormation successfully received them.

Repeating this stack set operation with a new operation ID retries all stack instances whose status is OUTDATED.

Preferences for how AWS CloudFormation performs this stack set operation.

The regions where you want to delete stack set instances.

Removes the stack instances from the specified stack set, but doesn't delete the stacks. You can't reassociate a retained stack or add an existing, saved stack to a new stack set.

For more information, see Stack set operation options.

The name or unique ID of the stack set that you want to delete stack instances for.

The unique identifier for this stack set operation.

The name or unique ID of the stack set that you're deleting. You can obtain this value by running ListStackSets.

The Amazon Resource Name (ARN) of the type.

Conditional: You must specify TypeName or Arn.

The kind of type.

Currently the only valid value is RESOURCE.

The name of the type.

Conditional: You must specify TypeName or Arn.

The ID of a specific version of the type. The version ID is the value at the end of the Amazon Resource Name (ARN) assigned to the type version when it is registered.

A string that identifies the next page of limits that you want to retrieve.

An account limit structure that contain a list of AWS CloudFormation account limits and their values.

If the output exceeds 1 MB in size, a string that identifies the next page of limits. If no additional page exists, this value is null.

The name or Amazon Resource Name (ARN) of the change set that you want to describe.

A string (provided by the DescribeChangeSet response output) that identifies the next page of information that you want to retrieve.

If you specified the name of a change set, specify the stack name or ID (ARN) of the change set you want to describe.

If you execute the change set, the list of capabilities that were explicitly acknowledged when the change set was created.

The ARN of the change set.

The name of the change set.

A list of Change structures that describes the resources AWS CloudFormation changes if you execute the change set.

The start time when the change set was created, in UTC.

Information about the change set.

If the change set execution status is AVAILABLE, you can execute the change set. If you can’t execute the change set, the status indicates why. For example, a change set might be in an UNAVAILABLE state because AWS CloudFormation is still creating it or in an OBSOLETE state because the stack was already updated.

If the output exceeds 1 MB, a string that identifies the next page of changes. If there is no additional page, this value is null.

The ARNs of the Amazon Simple Notification Service (Amazon SNS) topics that will be associated with the stack if you execute the change set.

A list of Parameter structures that describes the input parameters and their values used to create the change set. For more information, see the Parameter data type.

The rollback triggers for AWS CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards.

The ARN of the stack that is associated with the change set.

The name of the stack that is associated with the change set.

The current status of the change set, such as CREATE_IN_PROGRESS, CREATE_COMPLETE, or FAILED.

A description of the change set's status. For example, if your attempt to create a change set failed, AWS CloudFormation shows the error message.

If you execute the change set, the tags that will be associated with the stack.

The ID of the drift detection results of this operation.

AWS CloudFormation generates new results, with a new drift detection ID, each time this operation is run. However, the number of drift results AWS CloudFormation retains for any given stack, and for how long, may vary.

The status of the stack drift detection operation.

• DETECTION_COMPLETE: The stack drift detection operation has successfully completed for all resources in the stack that support drift detection. (Resources that do not currently support stack detection remain unchecked.)

  If you specified logical resource IDs for AWS CloudFormation to use as a filter for the stack drift detection operation, only the resources with those logical IDs are checked for drift.

• DETECTION_FAILED: The stack drift detection operation has failed for at least one resource in the stack. Results will be available for resources on which AWS CloudFormation successfully completed drift detection.

• DETECTION_IN_PROGRESS: The stack drift detection operation is currently in progress.

The reason the stack drift detection operation has its current status.

Total number of stack resources that have drifted. This is NULL until the drift detection operation reaches a status of DETECTION_COMPLETE. This value will be 0 for stacks whose drift status is IN_SYNC.

The ID of the drift detection results of this operation.

AWS CloudFormation generates new results, with a new drift detection ID, each time this operation is run. However, the number of reports AWS CloudFormation retains for any given stack, and for how long, may vary.

Status of the stack's actual configuration compared to its expected configuration.

• DRIFTED: The stack differs from its expected template configuration. A stack is considered to have drifted if one or more of its resources have drifted.

• NOT_CHECKED: AWS CloudFormation has not checked if the stack differs from its expected template configuration.

• IN_SYNC: The stack's actual configuration matches its expected template configuration.

• UNKNOWN: This value is reserved for future use.

The ID of the stack.

Time at which the stack drift detection operation was initiated.

A string that identifies the next page of events that you want to retrieve.

The name or the unique stack ID that is associated with the stack, which are not always interchangeable:

• Running stacks: You can specify either the stack's name or its unique stack ID.

• Deleted stacks: You must specify the unique stack ID.

Default: There is no default value.

If the output exceeds 1 MB in size, a string that identifies the next page of events. If no additional page exists, this value is null.

A list of StackEvents structures.

The ID of an AWS account that's associated with this stack instance.

The name of a region that's associated with this stack instance.

The name or the unique stack ID of the stack set that you want to get stack instance information for.

The stack instance that matches the specified request parameters.

The logical name of the resource as specified in the template.

Default: There is no default value.

The name or the unique stack ID that is associated with the stack, which are not always interchangeable:

• Running stacks: You can specify either the stack's name or its unique stack ID.

• Deleted stacks: You must specify the unique stack ID.

Default: There is no default value.

A StackResourceDetail structure containing the description of the specified resource in the specified stack.

The maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.

A string that identifies the next page of stack resource drift results.

The name of the stack for which you want drift information.

The resource drift status values to use as filters for the resource drift results returned.

• DELETED: The resource differs from its expected template configuration in that the resource has been deleted.

• MODIFIED: One or more resource properties differ from their expected template values.

• IN_SYNC: The resources's actual configuration matches its expected template configuration.

• NOT_CHECKED: AWS CloudFormation does not currently return this value.

If the request doesn't return all of the remaining results, NextToken is set to a token. To retrieve the next set of results, call DescribeStackResourceDrifts again and assign that token to the request object's NextToken parameter. If the request returns all results, NextToken is set to null.

Drift information for the resources that have been checked for drift in the specified stack. This includes actual and expected configuration values for resources where AWS CloudFormation detects drift.

For a given stack, there will be one StackResourceDrift for each stack resource that has been checked for drift. Resources that have not yet been checked for drift are not included. Resources that do not currently support drift detection are not checked, and so not included. For a list of resources that support drift detection, see Resources that Support Drift Detection.

The logical name of the resource as specified in the template.

Default: There is no default value.

The name or unique identifier that corresponds to a physical instance ID of a resource supported by AWS CloudFormation.

For example, for an Amazon Elastic Compute Cloud (EC2) instance, PhysicalResourceId corresponds to the InstanceId. You can pass the EC2 InstanceId to DescribeStackResources to find which stack the instance belongs to and what other resources are part of the stack.

Required: Conditional. If you do not specify PhysicalResourceId, you must specify StackName.

Default: There is no default value.

The name or the unique stack ID that is associated with the stack, which are not always interchangeable:

• Running stacks: You can specify either the stack's name or its unique stack ID.

• Deleted stacks: You must specify the unique stack ID.

Default: There is no default value.

Required: Conditional. If you do not specify StackName, you must specify PhysicalResourceId.

A list of StackResource structures.

The name or unique ID of the stack set whose description you want.

The specified stack set.

The unique ID of the stack set operation.

The name or the unique stack ID of the stack set for the stack operation.

The specified stack set operation.

A string that identifies the next page of stacks that you want to retrieve.

The name or the unique stack ID that is associated with the stack, which are not always interchangeable:

• Running stacks: You can specify either the stack's name or its unique stack ID.

• Deleted stacks: You must specify the unique stack ID.

Default: There is no default value.

If the output exceeds 1 MB in size, a string that identifies the next page of stacks. If no additional page exists, this value is null.

A list of stack structures.

The Amazon Resource Name (ARN) of the type.

Conditional: You must specify TypeName or Arn.

The kind of type.

Currently the only valid value is RESOURCE.

The name of the type.

Conditional: You must specify TypeName or Arn.

The ID of a specific version of the type. The version ID is the value at the end of the Amazon Resource Name (ARN) assigned to the type version when it is registered.

If you specify a VersionId, DescribeType returns information about that specific type version. Otherwise, it returns information about the default type version.

The Amazon Resource Name (ARN) of the type.

The ID of the default version of the type. The default version is used when the type version is not specified.

To set the default version of a type, use SetTypeDefaultVersion .

The deprecation status of the type.

Valid values include:

• LIVE: The type is registered and can be used in CloudFormation operations, dependent on its provisioning behavior and visibility scope.

• DEPRECATED: The type has been deregistered and can no longer be used in CloudFormation operations.

The description of the registered type.

The URL of a page providing detailed documentation for this type.

The Amazon Resource Name (ARN) of the IAM execution role used to register the type. If your resource type calls AWS APIs in any of its handlers, you must create an IAM execution role that includes the necessary permissions to call those AWS APIs, and provision that execution role in your account. CloudFormation then assumes that execution role to provide your resource type with the appropriate credentials.

When the specified type version was registered.

Contains logging configuration information for a type.

The provisioning behavior of the type. AWS CloudFormation determines the provisioning type during registration, based on the types of handlers in the schema handler package submitted.

Valid values include:

• FULLY_MUTABLE: The type includes an update handler to process updates to the type during stack update operations.

• IMMUTABLE: The type does not include an update handler, so the type cannot be updated and must instead be replaced during stack update operations.

• NON_PROVISIONABLE: The type does not include all of the following handlers, and therefore cannot actually be provisioned.

  • create

  • read

  • delete

The schema that defines the type.

For more information on type schemas, see Resource Provider Schema in the CloudFormation CLI User Guide.

The URL of the source code for the type.

When the specified type version was registered.

The kind of type.

Currently the only valid value is RESOURCE.

The name of the registered type.

The scope at which the type is visible and usable in CloudFormation operations.

Valid values include:

• PRIVATE: The type is only visible and usable within the account in which it is registered. Currently, AWS CloudFormation marks any types you register as PRIVATE.

• PUBLIC: The type is publically visible and usable within any Amazon account.

The identifier for this registration request.

This registration token is generated by CloudFormation when you initiate a registration request using RegisterType .

The description of the type registration request.

The current status of the type registration request.

The Amazon Resource Name (ARN) of the type being registered.

For registration requests with a ProgressStatus of other than COMPLETE, this will be null.

The Amazon Resource Name (ARN) of this specific version of the type being registered.

For registration requests with a ProgressStatus of other than COMPLETE, this will be null.

The logical names of any resources you want to use as filters.

The name of the stack for which you want to detect drift.

The ID of the drift detection results of this operation.

AWS CloudFormation generates new results, with a new drift detection ID, each time this operation is run. However, the number of drift results AWS CloudFormation retains for any given stack, and for how long, may vary.

The logical name of the resource for which to return drift information.

The name of the stack to which the resource belongs.

Information about whether the resource's actual configuration has drifted from its expected template configuration, including actual and expected property values and any differences detected.

The ID of the stack set operation.

The user-specified preferences for how AWS CloudFormation performs a stack set operation.

For more information on maximum concurrent accounts and failure tolerance, see Stack set operation options.

The name of the stack set on which to perform the drift detection operation.

The ID of the drift detection stack set operation.

you can use this operation id with DescribeStackSetOperation to monitor the progress of the drift detection operation.

A list of Parameter structures that specify input parameters.

Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes. (For more information, go to Template Anatomy in the AWS CloudFormation User Guide.)

Conditional: You must pass TemplateBody or TemplateURL. If both are passed, only TemplateBody is used.

Location of file containing the template body. The URL must point to a template that is located in an Amazon S3 bucket. For more information, go to Template Anatomy in the AWS CloudFormation User Guide.

Conditional: You must pass TemplateURL or TemplateBody. If both are passed, only TemplateBody is used.

An AWS Simple Monthly Calculator URL with a query string that describes the resources required to run the template.

The name or ARN of the change set that you want use to update the specified stack.

A unique identifier for this ExecuteChangeSet request. Specify this token if you plan to retry requests so that AWS CloudFormation knows that you're not attempting to execute a change set to update a stack with the same name. You might retry ExecuteChangeSet requests to ensure that AWS CloudFormation successfully received them.

If you specified the name of a change set, specify the stack name or ID (ARN) that is associated with the change set you want to execute.

The name or unique stack ID that is associated with the stack whose policy you want to get.

Structure containing the stack policy body. (For more information, go to Prevent Updates to Stack Resources in the AWS CloudFormation User Guide.)

The name or Amazon Resource Name (ARN) of a change set for which AWS CloudFormation returns the associated template. If you specify a name, you must also specify the StackName.

The name or the unique stack ID that is associated with the stack, which are not always interchangeable:

• Running stacks: You can specify either the stack's name or its unique stack ID.

• Deleted stacks: You must specify the unique stack ID.

Default: There is no default value.

For templates that include transforms, the stage of the template that AWS CloudFormation returns. To get the user-submitted template, specify Original. To get the template after AWS CloudFormation has processed all transforms, specify Processed.

If the template doesn't include transforms, Original and Processed return the same template. By default, AWS CloudFormation specifies Original.

The stage of the template that you can retrieve. For stacks, the Original and Processed templates are always available. For change sets, the Original template is always available. After AWS CloudFormation finishes creating the change set, the Processed template becomes available.

Structure containing the template body. (For more information, go to Template Anatomy in the AWS CloudFormation User Guide.)

AWS CloudFormation returns the same template that was used when the stack was created.

The name or the stack ID that is associated with the stack, which are not always interchangeable. For running stacks, you can specify either the stack's name or its unique stack ID. For deleted stack, you must specify the unique stack ID.

Conditional: You must specify only one of the following parameters: StackName, StackSetName, TemplateBody, or TemplateURL.

The name or unique ID of the stack set from which the stack was created.

Conditional: You must specify only one of the following parameters: StackName, StackSetName, TemplateBody, or TemplateURL.

Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes. For more information about templates, see Template Anatomy in the AWS CloudFormation User Guide.

Conditional: You must specify only one of the following parameters: StackName, StackSetName, TemplateBody, or TemplateURL.

Location of file containing the template body. The URL must point to a template (max size: 460,800 bytes) that is located in an Amazon S3 bucket. For more information about templates, see Template Anatomy in the AWS CloudFormation User Guide.

Conditional: You must specify only one of the following parameters: StackName, StackSetName, TemplateBody, or TemplateURL.

The capabilities found within the template. If your template contains IAM resources, you must specify the CAPABILITY_IAM or CAPABILITY_NAMED_IAM value for this parameter when you use the CreateStack or UpdateStack actions with your template; otherwise, those actions return an InsufficientCapabilities error.

For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.

The list of resources that generated the values in the Capabilities response element.

A list of the transforms that are declared in the template.

The value that is defined in the Description property of the template.

The value that is defined for the Metadata property of the template.

A list of parameter declarations that describe various properties for each parameter.

A list of resource identifier summaries that describe the target resources of an import operation and the properties you can provide during the import to identify the target resources. For example, BucketName is a possible identifier property for an AWS::S3::Bucket resource.

A list of all the template resource types that are defined in the template, such as AWS::EC2::Instance, AWS::Dynamo::Table, and Custom::MyCustomInstance.

The AWS template format version, which identifies the capabilities of the template.

A string (provided by the ListChangeSets response output) that identifies the next page of change sets that you want to retrieve.

The name or the Amazon Resource Name (ARN) of the stack for which you want to list change sets.

If the output exceeds 1 MB, a string that identifies the next page of change sets. If there is no additional page, this value is null.

A list of ChangeSetSummary structures that provides the ID and status of each change set for the specified stack.

A string (provided by the ListExports response output) that identifies the next page of exported output values that you asked to retrieve.

The output for the ListExports action.

If the output exceeds 100 exported output values, a string that identifies the next page of exports. If there is no additional page, this value is null.

The name of the exported output value. AWS CloudFormation returns the stack names that are importing this value.

A string (provided by the ListImports response output) that identifies the next page of stacks that are importing the specified exported output value.

A list of stack names that are importing the specified exported output value.

A string that identifies the next page of exports. If there is no additional page, this value is null.

The maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.

If the previous request didn't return all of the remaining results, the response's NextToken parameter value is set to a token. To retrieve the next set of results, call ListStackInstances again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

The name of the AWS account that you want to list stack instances for.

The name of the region where you want to list stack instances.

The name or unique ID of the stack set that you want to list stack instances for.

If the request doesn't return all of the remaining results, NextToken is set to a token. To retrieve the next set of results, call ListStackInstances again and assign that token to the request object's NextToken parameter. If the request returns all results, NextToken is set to null.

A list of StackInstanceSummary structures that contain information about the specified stack instances.

A string that identifies the next page of stack resources that you want to retrieve.

The name or the unique stack ID that is associated with the stack, which are not always interchangeable:

• Running stacks: You can specify either the stack's name or its unique stack ID.

• Deleted stacks: You must specify the unique stack ID.

Default: There is no default value.

If the output exceeds 1 MB, a string that identifies the next page of stack resources. If no additional page exists, this value is null.

A list of StackResourceSummary structures.

The maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.

If the previous request didn't return all of the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call ListStackSetOperationResults again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

The ID of the stack set operation.

The name or unique ID of the stack set that you want to get operation results for.

If the request doesn't return all results, NextToken is set to a token. To retrieve the next set of results, call ListOperationResults again and assign that token to the request object's NextToken parameter. If there are no remaining results, NextToken is set to null.

A list of StackSetOperationResultSummary structures that contain information about the specified operation results, for accounts and regions that are included in the operation.

The maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.

If the previous paginated request didn't return all of the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call ListStackSetOperations again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

The name or unique ID of the stack set that you want to get operation summaries for.

If the request doesn't return all results, NextToken is set to a token. To retrieve the next set of results, call ListOperationResults again and assign that token to the request object's NextToken parameter. If there are no remaining results, NextToken is set to null.

A list of StackSetOperationSummary structures that contain summary information about operations for the specified stack set.

The maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.

If the previous paginated request didn't return all of the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call ListStackSets again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

The status of the stack sets that you want to get summary information about.

If the request doesn't return all of the remaining results, NextToken is set to a token. To retrieve the next set of results, call ListStackInstances again and assign that token to the request object's NextToken parameter. If the request returns all results, NextToken is set to null.

A list of StackSetSummary structures that contain information about the user's stack sets.

A string that identifies the next page of stacks that you want to retrieve.

Stack status to use as a filter. Specify one or more stack status codes to list only stacks with the specified status codes. For a complete list of stack status codes, see the StackStatus parameter of the Stack data type.

If the output exceeds 1 MB in size, a string that identifies the next page of stacks. If no additional page exists, this value is null.

A list of StackSummary structures containing information about the specified stacks.

The maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.

If the previous paginated request didn't return all of the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

The current status of the type registration request.

The kind of type.

Currently the only valid value is RESOURCE.

The Amazon Resource Name (ARN) of the type.

Conditional: You must specify TypeName or Arn.

The name of the type.

Conditional: You must specify TypeName or Arn.

If the request doesn't return all of the remaining results, NextToken is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If the request returns all results, NextToken is set to null.

A list of type registration tokens.

Use DescribeTypeRegistration to return detailed information about a type registration request.

The Amazon Resource Name (ARN) of the type for which you want version summary information.

Conditional: You must specify TypeName or Arn.

The deprecation status of the type versions that you want to get summary information about.

Valid values include:

• LIVE: The type version is registered and can be used in CloudFormation operations, dependent on its provisioning behavior and visibility scope.

• DEPRECATED: The type version has been deregistered and can no longer be used in CloudFormation operations.

The maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.

If the previous paginated request didn't return all of the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

The kind of the type.

Currently the only valid value is RESOURCE.

The name of the type for which you want version summary information.

Conditional: You must specify TypeName or Arn.

If the request doesn't return all of the remaining results, NextToken is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If the request returns all results, NextToken is set to null.

A list of TypeVersionSummary structures that contain information about the specified type's versions.

The deprecation status of the types that you want to get summary information about.

Valid values include:

• LIVE: The type is registered for use in CloudFormation operations.

• DEPRECATED: The type has been deregistered and can no longer be used in CloudFormation operations.

The maximum number of results to be returned with a single call. If the number of available results exceeds this maximum, the response includes a NextToken value that you can assign to the NextToken request parameter to get the next set of results.

If the previous paginated request didn't return all of the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.

The provisioning behavior of the type. AWS CloudFormation determines the provisioning type during registration, based on the types of handlers in the schema handler package submitted.

Valid values include:

• FULLY_MUTABLE: The type includes an update handler to process updates to the type during stack update operations.

• IMMUTABLE: The type does not include an update handler, so the type cannot be updated and must instead be replaced during stack update operations.

• NON_PROVISIONABLE: The type does not include create, read, and delete handlers, and therefore cannot actually be provisioned.

The scope at which the type is visible and usable in CloudFormation operations.

Valid values include:

• PRIVATE: The type is only visible and usable within the account in which it is registered. Currently, AWS CloudFormation marks any types you create as PRIVATE.

• PUBLIC: The type is publically visible and usable within any Amazon account.

If the request doesn't return all of the remaining results, NextToken is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If the request returns all results, NextToken is set to null.

A list of TypeSummary structures that contain information about the specified types.

Reserved for use by the CloudFormation CLI.

Reserved for use by the CloudFormation CLI.

Reserved for use by the CloudFormation CLI.

Reserved for use by the CloudFormation CLI.

Reserved for use by the CloudFormation CLI.

Reserved for use by the CloudFormation CLI.

Reserved for use by the CloudFormation CLI.

A unique identifier that acts as an idempotency key for this registration request. Specifying a client request token prevents CloudFormation from generating more than one version of a type from the same registeration request, even if the request is submitted multiple times.

The Amazon Resource Name (ARN) of the IAM execution role to use to register the type. If your resource type calls AWS APIs in any of its handlers, you must create an IAM execution role that includes the necessary permissions to call those AWS APIs, and provision that execution role in your account. CloudFormation then assumes that execution role to provide your resource type with the appropriate credentials.

Specifies logging configuration information for a type.

A url to the S3 bucket containing the schema handler package that contains the schema, event handlers, and associated files for the type you want to register.

For information on generating a schema handler package for the type you want to register, see submit in the CloudFormation CLI User Guide.

The kind of type.

Currently, the only valid value is RESOURCE.

The name of the type being registered.

We recommend that type names adhere to the following pattern: company_or_organization::service::type.

The identifier for this registration request.

Use this registration token when calling DescribeTypeRegistration , which returns information about the status and IDs of the type registration.

The name or unique stack ID that you want to associate a policy with.

Structure containing the stack policy body. For more information, go to Prevent Updates to Stack Resources in the AWS CloudFormation User Guide. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.

Location of a file containing the stack policy. The URL must point to a policy (maximum size: 16 KB) located in an S3 bucket in the same region as the stack. You can specify either the StackPolicyBody or the StackPolicyURL parameter, but not both.