AWS Tools for Windows PowerShell
Command Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Synopsis

Calls the AWS CloudFormation CreateChangeSet API operation.

Syntax

New-CFNChangeSet
-StackName <String>
-Capability <String[]>
-ChangeSetName <String>
-ChangeSetType <ChangeSetType>
-ClientToken <String>
-Description <String>
-NotificationARNs <String[]>
-Parameter <Parameter[]>
-ResourcesToImport <ResourceToImport[]>
-ResourceType <String[]>
-RoleARN <String>
-RollbackConfiguration <RollbackConfiguration>
-Tag <Tag[]>
-TemplateBody <String>
-TemplateURL <String>
-UsePreviousTemplate <Boolean>
-Select <String>
-PassThru <SwitchParameter>
-Force <SwitchParameter>

Description

Creates a list of changes that will be applied to a stack so that you can review the changes before executing them. You can create a change set for a stack that doesn't exist or an existing stack. If you create a change set for a stack that doesn't exist, the change set shows all of the resources that AWS CloudFormation will create. If you create a change set for an existing stack, AWS CloudFormation compares the stack's information with the information that you submit in the change set and lists the differences. Use change sets to understand which resources AWS CloudFormation will create or change, and how it will change resources in an existing stack, before you create or update a stack. To create a change set for a stack that doesn't exist, for the ChangeSetType parameter, specify CREATE. To create a change set for an existing stack, specify UPDATE for the ChangeSetType parameter. To create a change set for an import operation, specify IMPORT for the ChangeSetType parameter. After the CreateChangeSet call successfully completes, AWS CloudFormation starts creating the change set. To check the status of the change set or to review it, use the DescribeChangeSet action. When you are satisfied with the changes the change set will make, execute the change set by using the ExecuteChangeSet action. AWS CloudFormation doesn't make changes until you execute the change set.

Parameters

-Capability <String[]>
In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for AWS CloudFormation to create the stack.
  • CAPABILITY_IAM and CAPABILITY_NAMED_IAMSome stack templates might include resources that can affect permissions in your AWS account; for example, by creating new AWS Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.
    • If you have IAM resources, you can specify either capability.
    • If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.
    • If you don't specify either of these capabilities, AWS CloudFormation returns an InsufficientCapabilities error.
    If your stack template contains these resources, we recommend that you review all permissions associated with them and edit their permissions if necessary.For more information, see Acknowledging IAM Resources in AWS CloudFormation Templates.
  • CAPABILITY_AUTO_EXPANDSome template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by AWS CloudFormation.This capacity does not apply to creating change sets, and specifying it when creating change sets has no effect.Also, change sets do not currently support nested stacks. If you want to create a stack from a stack template that contains macros and nested stacks, you must create or update the stack directly from the template using the CreateStack or UpdateStack action, and specifying this capability.For more information on macros, see Using AWS CloudFormation Macros to Perform Custom Processing on Templates.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesCapabilities
-ChangeSetName <String>
The name of the change set. The name must be unique among all change sets that are associated with the specified stack.A change set name can contain only alphanumeric, case sensitive characters and hyphens. It must start with an alphabetic character and cannot exceed 128 characters.
Required?True
Position?Named
Accept pipeline input?True (ByPropertyName)
-ChangeSetType <ChangeSetType>
The type of change set operation. To create a change set for a new stack, specify CREATE. To create a change set for an existing stack, specify UPDATE. To create a change set for an import operation, specify IMPORT.If you create a change set for a new stack, AWS Cloudformation creates a stack with a unique stack ID, but no template or resources. The stack will be in the REVIEW_IN_PROGRESS state until you execute the change set.By default, AWS CloudFormation specifies UPDATE. You can't use the UPDATE type to create a change set for a new stack or the CREATE type to create a change set for an existing stack.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-ClientToken <String>
A unique identifier for this CreateChangeSet request. Specify this token if you plan to retry requests so that AWS CloudFormation knows that you're not attempting to create another change set with the same name. You might retry CreateChangeSet requests to ensure that AWS CloudFormation successfully received them.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Description <String>
A description to help you identify this change set.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
This parameter overrides confirmation prompts to force the cmdlet to continue its operation. This parameter should always be used with caution.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-NotificationARNs <String[]>
The Amazon Resource Names (ARNs) of Amazon Simple Notification Service (Amazon SNS) topics that AWS CloudFormation associates with the stack. To remove all associated notification topics, specify an empty list.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Parameter <Parameter[]>
A list of Parameter structures that specify input parameters for the change set. For more information, see the Parameter data type.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesParameters
-PassThru <SwitchParameter>
Changes the cmdlet behavior to return the value passed to the StackName parameter. The -PassThru parameter is deprecated, use -Select '^StackName' instead. This parameter will be removed in a future version.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-ResourcesToImport <ResourceToImport[]>
The resources to import into your stack.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-ResourceType <String[]>
The template resource types that you have permissions to work with if you execute this change set, such as AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance.If the list of resource types doesn't include a resource type that you're updating, the stack update fails. By default, AWS CloudFormation grants permissions to all resource types. AWS Identity and Access Management (IAM) uses this parameter for condition keys in IAM policies for AWS CloudFormation. For more information, see Controlling Access with AWS Identity and Access Management in the AWS CloudFormation User Guide.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesResourceTypes
-RoleARN <String>
The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that AWS CloudFormation assumes when executing the change set. AWS CloudFormation uses the role's credentials to make calls on your behalf. AWS CloudFormation uses this role for all future operations on the stack. As long as users have permission to operate on the stack, AWS CloudFormation uses this role even if the users don't have permission to pass it. Ensure that the role grants least privilege.If you don't specify a value, AWS CloudFormation uses the role that was previously associated with the stack. If no role is available, AWS CloudFormation uses a temporary session that is generated from your user credentials.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-RollbackConfiguration <RollbackConfiguration>
The rollback triggers for AWS CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Select <String>
Use the -Select parameter to control the cmdlet output. The default value is 'Id'. Specifying -Select '*' will result in the cmdlet returning the whole service response (Amazon.CloudFormation.Model.CreateChangeSetResponse). Specifying the name of a property of type Amazon.CloudFormation.Model.CreateChangeSetResponse will result in that property being returned. Specifying -Select '^ParameterName' will result in the cmdlet returning the selected cmdlet parameter value.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-StackName <String>
The name or the unique ID of the stack for which you are creating a change set. AWS CloudFormation generates the change set by comparing this stack's information with the information that you submit, such as a modified template or different parameter input values.
Required?True
Position?1
Accept pipeline input?True (ByValue, ByPropertyName)
-Tag <Tag[]>
Key-value pairs to associate with this stack. AWS CloudFormation also propagates these tags to resources in the stack. You can specify a maximum of 50 tags.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesTags
-TemplateBody <String>
A structure that contains the body of the revised template, with a minimum length of 1 byte and a maximum length of 51,200 bytes. AWS CloudFormation generates the change set by comparing this template with the template of the stack that you specified.Conditional: You must specify only TemplateBody or TemplateURL.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-TemplateURL <String>
The location of the file that contains the revised template. The URL must point to a template (max size: 460,800 bytes) that is located in an S3 bucket. AWS CloudFormation generates the change set by comparing this template with the stack that you specified.Conditional: You must specify only TemplateBody or TemplateURL.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-UsePreviousTemplate <Boolean>
Whether to reuse the template that is associated with the stack to create the change set.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)

Common Credential and Region Parameters

-AccessKey <String>
The AWS access key for the user account. This can be a temporary access key if the corresponding session token is supplied to the -SessionToken parameter.
Required? False
Position? Named
Accept pipeline input? True (ByPropertyName)
Aliases AK
-Credential <AWSCredentials>
An AWSCredentials object instance containing access and secret key information, and optionally a token for session-based credentials.
Required? False
Position? Named
Accept pipeline input? True (ByPropertyName)
-ProfileLocation <String>

Used to specify the name and location of the ini-format credential file (shared with the AWS CLI and other AWS SDKs)

If this optional parameter is omitted this cmdlet will search the encrypted credential file used by the AWS SDK for .NET and AWS Toolkit for Visual Studio first. If the profile is not found then the cmdlet will search in the ini-format credential file at the default location: (user's home directory)\.aws\credentials. Note that the encrypted credential file is not supported on all platforms. It will be skipped when searching for profiles on Windows Nano Server, Mac, and Linux platforms.

If this parameter is specified then this cmdlet will only search the ini-format credential file at the location given.

As the current folder can vary in a shell or during script execution it is advised that you use specify a fully qualified path instead of a relative path.

Required? False
Position? Named
Accept pipeline input? True (ByPropertyName)
Aliases AWSProfilesLocation, ProfilesLocation
-ProfileName <String>
The user-defined name of an AWS credentials or SAML-based role profile containing credential information. The profile is expected to be found in the secure credential file shared with the AWS SDK for .NET and AWS Toolkit for Visual Studio. You can also specify the name of a profile stored in the .ini-format credential file used with the AWS CLI and other AWS SDKs.
Required? False
Position? Named
Accept pipeline input? True (ByPropertyName)
Aliases AWSProfileName, StoredCredentials
-NetworkCredential <PSCredential>
Used with SAML-based authentication when ProfileName references a SAML role profile. Contains the network credentials to be supplied during authentication with the configured identity provider's endpoint. This parameter is not required if the user's default network identity can or should be used during authentication.
Required? False
Position? Named
Accept pipeline input? True (ByPropertyName)
-SecretKey <String>
The AWS secret key for the user account. This can be a temporary secret key if the corresponding session token is supplied to the -SessionToken parameter.
Required? False
Position? Named
Accept pipeline input? True (ByPropertyName)
Aliases SecretAccessKey, SK
-SessionToken <String>
The session token if the access and secret keys are temporary session-based credentials.
Required? False
Position? Named
Accept pipeline input? True (ByPropertyName)
Aliases ST
-Region <String>
The system name of the AWS region in which the operation should be invoked. For example, us-east-1, eu-west-1 etc.
Required? False
Position? Named
Accept pipeline input? True (ByPropertyName)
Aliases RegionToCall
-EndpointUrl <String>

The endpoint to make the call against.

Note: This parameter is primarily for internal AWS use and is not required/should not be specified for normal usage. The cmdlets normally determine which endpoint to call based on the region specified to the -Region parameter or set as default in the shell (via Set-DefaultAWSRegion). Only specify this parameter if you must direct the call to a specific custom endpoint.

Required? False
Position? Named
Accept pipeline input? True (ByPropertyName)

Inputs

You can pipe a String object to this cmdlet for the StackName parameter.

Outputs

This cmdlet returns a System.String object. The service call response (type Amazon.CloudFormation.Model.CreateChangeSetResponse) can also be referenced from properties attached to the cmdlet entry in the $AWSHistory stack.

Supported Version

AWS Tools for PowerShell: 2.x.y.z