Synopsis
Calls the AWS CloudFormation CreateChangeSet API operation.
Syntax
New-CFNChangeSet-StackName <String>-Capability <String[]>-ChangeSetName <String>-ChangeSetType <ChangeSetType>-ClientToken <String>-Description <String>-NotificationARNs <String[]>-Parameter <Parameter[]>-ResourceType <String[]>-RoleARN <String>-RollbackConfiguration <RollbackConfiguration>-Tag <Tag[]>-TemplateBody <String>-TemplateURL <String>-UsePreviousTemplate <Boolean>-Force <SwitchParameter>
Description
Creates a list of changes for a stack. AWS CloudFormation generates the change set by comparing the stack's information with the information that you submit. A change set can help you understand which resources AWS CloudFormation will change and how it will change them before you update your stack. Change sets allow you to check before you make a change so that you don't delete or replace critical resources.
AWS CloudFormation doesn't make any changes to the stack when you create a change set. To make the specified changes, you must execute the change set by using the ExecuteChangeSet action.
After the call successfully completes, AWS CloudFormation starts creating the change set. To check the status of the change set, use the DescribeChangeSet action.
Parameters
-Capability <String[]>
A list of values that you must specify before AWS CloudFormation can update certain stacks. Some stack templates might include resources that can affect permissions in your AWS account, for example, by creating new AWS Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge their capabilities by specifying this parameter.The only valid values are
CAPABILITY_IAM and CAPABILITY_NAMED_IAM. The following resources require you to specify this parameter: AWS::IAM::AccessKey, AWS::IAM::Group, AWS::IAM::InstanceProfile, AWS::IAM::Policy, AWS::IAM::Role, AWS::IAM::User, and AWS::IAM::UserToGroupAddition. If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.If you have IAM resources, you can specify either capability. If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM. If you don't specify this parameter, this action returns an InsufficientCapabilities error.For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates. | Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
| Aliases | Capabilities |
-ChangeSetName <String>
The name of the change set. The name must be unique among all change sets that are associated with the specified stack.A change set name can contain only alphanumeric, case sensitive characters and hyphens. It must start with an alphabetic character and cannot exceed 128 characters.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-ChangeSetType <ChangeSetType>
The type of change set operation. To create a change set for a new stack, specify
CREATE. To create a change set for an existing stack, specify UPDATE.If you create a change set for a new stack, AWS Cloudformation creates a stack with a unique stack ID, but no template or resources. The stack will be in the REVIEW_IN_PROGRESS state until you execute the change set.By default, AWS CloudFormation specifies UPDATE. You can't use the UPDATE type to create a change set for a new stack or the CREATE type to create a change set for an existing stack. | Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-ClientToken <String>
A unique identifier for this
CreateChangeSet request. Specify this token if you plan to retry requests so that AWS CloudFormation knows that you're not attempting to create another change set with the same name. You might retry CreateChangeSet requests to ensure that AWS CloudFormation successfully received them. | Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-Description <String>
A description to help you identify this change set.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-Force <SwitchParameter>
This parameter overrides confirmation prompts to force the cmdlet to continue its operation. This parameter should always be used with caution.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-NotificationARNs <String[]>
The Amazon Resource Names (ARNs) of Amazon Simple Notification Service (Amazon SNS) topics that AWS CloudFormation associates with the stack. To remove all associated notification topics, specify an empty list.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-Parameter <Parameter[]>
A list of
Parameter structures that specify input parameters for the change set. For more information, see the Parameter data type. | Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
| Aliases | Parameters |
-ResourceType <String[]>
The template resource types that you have permissions to work with if you execute this change set, such as
AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance.If the list of resource types doesn't include a resource type that you're updating, the stack update fails. By default, AWS CloudFormation grants permissions to all resource types. AWS Identity and Access Management (IAM) uses this parameter for condition keys in IAM policies for AWS CloudFormation. For more information, see Controlling Access with AWS Identity and Access Management in the AWS CloudFormation User Guide. | Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
| Aliases | ResourceTypes |
-RoleARN <String>
The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that AWS CloudFormation assumes when executing the change set. AWS CloudFormation uses the role's credentials to make calls on your behalf. AWS CloudFormation always uses this role for all future operations on the stack. As long as users have permission to operate on the stack, AWS CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least privilege.If you don't specify a value, AWS CloudFormation uses the role that was previously associated with the stack. If no role is available, AWS CloudFormation uses a temporary session that is generated from your user credentials.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-RollbackConfiguration <RollbackConfiguration>
The rollback triggers for AWS CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-StackName <String>
The name or the unique ID of the stack for which you are creating a change set. AWS CloudFormation generates the change set by comparing this stack's information with the information that you submit, such as a modified template or different parameter input values.
| Required? | False |
| Position? | 1 |
| Accept pipeline input? | True (ByValue, ByPropertyName) |
-Tag <Tag[]>
Key-value pairs to associate with this stack. AWS CloudFormation also propagates these tags to resources in the stack. You can specify a maximum of 10 tags.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
| Aliases | Tags |
-TemplateBody <String>
A structure that contains the body of the revised template, with a minimum length of 1 byte and a maximum length of 51,200 bytes. AWS CloudFormation generates the change set by comparing this template with the template of the stack that you specified.Conditional: You must specify only
TemplateBody or TemplateURL. | Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-TemplateURL <String>
The location of the file that contains the revised template. The URL must point to a template (max size: 460,800 bytes) that is located in an S3 bucket. AWS CloudFormation generates the change set by comparing this template with the stack that you specified.Conditional: You must specify only
TemplateBody or TemplateURL. | Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-UsePreviousTemplate <Boolean>
Whether to reuse the template that is associated with the stack to create the change set.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
Common Credential and Region Parameters
-AccessKey <String>
The AWS access key for the user account. This can be a temporary access key
if the corresponding session token is supplied to the -SessionToken parameter.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-Credential <AWSCredentials>
An AWSCredentials object instance containing access and secret key information,
and optionally a token for session-based credentials.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-ProfileLocation <String>
Used to specify the name and location of the ini-format credential file (shared with the AWS CLI and other AWS SDKs)
If this optional parameter is omitted this cmdlet will search the encrypted credential file used by the AWS SDK for .NET and AWS Toolkit for Visual Studio first. If the profile is not found then the cmdlet will search in the ini-format credential file at the default location: (user's home directory)\.aws\credentials. Note that the encrypted credential file is not supported on all platforms. It will be skipped when searching for profiles on Windows Nano Server, Mac, and Linux platforms.
If this parameter is specified then this cmdlet will only search the ini-format credential file at the location given.
As the current folder can vary in a shell or during script execution it is advised that you use specify a fully qualified path instead of a relative path.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-ProfileName <String>
The user-defined name of an AWS credentials or SAML-based role profile containing
credential information. The profile is expected to be found in the secure credential
file shared with the AWS SDK for .NET and AWS Toolkit for Visual Studio. You can also
specify the name of a profile stored in the .ini-format credential file used with
the AWS CLI and other AWS SDKs.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-NetworkCredential <PSCredential>
Used with SAML-based authentication when ProfileName references a SAML role profile.
Contains the network credentials to be supplied during authentication with the
configured identity provider's endpoint. This parameter is not required if the
user's default network identity can or should be used during authentication.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-SecretKey <String>
The AWS secret key for the user account. This can be a temporary secret key
if the corresponding session token is supplied to the -SessionToken parameter.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-SessionToken <String>
The session token if the access and secret keys are temporary session-based
credentials.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-Region <String>
The system name of the AWS region in which the operation should be invoked. For example, us-east-1, eu-west-1 etc.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
-EndpointUrl <String>
The endpoint to make the call against.
Note: This parameter is primarily for internal AWS use and is not required/should not be specified for normal usage. The cmdlets normally determine which endpoint to call based on the region specified to the -Region parameter or set as default in the shell (via Set-DefaultAWSRegion). Only specify this parameter if you must direct the call to a specific custom endpoint.
| Required? | False |
| Position? | Named |
| Accept pipeline input? | False |
Inputs
You can pipe a String object to this cmdlet for the StackName parameter.
Outputs
This cmdlet returns a String object.
The service call response (type Amazon.CloudFormation.Model.CreateChangeSetResponse) can also be referenced from properties attached to the cmdlet entry in the $AWSHistory stack.
Related Links
Supported Version
AWS Tools for PowerShell: 2.x.y.z
