验证堆栈部署

利用部署前验证，您可以在执行 CloudFormation 更改集之前识别并解决可能出现的部署问题。此功能会针对常见的故障场景对您的模板进行验证，从而帮助您在开发周期的早期就发现问题。

部署前验证的工作原理

部署前验证涉及以下阶段：

1. 创建更改集：按照通常做法为您的 CloudFormation 堆栈更新生成更改集。创建更改集时，部署前验证默认处于启用状态。

2. 验证执行：CloudFormation 会针对您的模板和目标环境运行多项验证检查。目前支持 3 种类型的验证：根据资源模式对属性进行属性语法验证、检测现有资源中是否存在名称冲突，以及对删除操作进行 S3 存储桶空闲状态验证。

3. 审核验证结果：CloudFormation 会对发现的任何问题提供详细的反馈，包括在模板中定位问题位置的精确路径，无需手动调试模板。

4. 解决问题：在继续部署之前，通过更新模板或解决冲突来解决已识别的问题。

5. 自信地执行：在部署更改集时，请放心，常见的失败场景已提前得到验证。

注意事项

使用部署前验证时，请牢记以下内容：

• 部署前验证侧重于三种常见的部署失败场景。这并不能保证您的部署会成功，但能降低常见故障发生的可能性。

• 验证模式的运作方式各不相同：

  • FAIL 模式会在验证检测到错误时阻止更改集的执行，从而确保有问题的模板无法进入部署流程。这适用于属性语法错误以及资源命名冲突的情况。

  • WARN 模式允许在验证失败的情况下仍能成功创建更改集，同时会给出警告信息，供开发人员在执行操作前进行查看和解决。这适用于约束违规问题，例如 S3 存储桶为空等，而这些问题通常可以通过人工干预来解决。

• 验证结果与特定的更改集相关联。如果您修改模板，则需要创建新的更改集以获取更新的验证结果。

• S3 存储桶验证仅检查对象是否存在，而不检查存储桶策略或其他可能阻止删除的约束。

先决条件

要使用部署前验证，您必须具备：

• 在您的账户中创建更改集和读取资源所必需的 IAM 权限。要进行 S3 存储桶空置性检查，您需要 s3:ListBucket 权限。

• 访问您部署堆栈所在的 AWS 区域。

• 您要在部署之前验证的 CloudFormation 模板。

验证堆栈部署（控制台）

使用以下过程通过控制台验证您的堆栈部署。

要在部署之前验证模板

1. 登录到 AWS 管理控制台 并打开 CloudFormation 控制台 https://console.aws.amazon.com/cloudformation。

2. 在屏幕顶部的导航栏中，选择您的堆栈所在的 AWS 区域。

3. 在堆栈页面上，选择您要为其创建更改集的正在运行的堆栈。

4. 在堆栈详细信息窗格中，选择更新堆栈，然后选择创建更改集。

5. 在为 stack-name 创建更改集页面上，上传更新后的模板或指定模板来源。

6. 选择下一步以继续完成其余的更改集配置步骤。

7. 如果模板包含 IAM 资源，则对于功能，请选择我确认 CloudFormation 可能会创建 IAM 资源。IAM 资源可以修改您 AWS 账户中的权限；查看这些资源以确保只允许您打算执行的操作。有关更多信息，请参阅确认 CloudFormation 模板中的 IAM 资源。

8. 在审核页面上，选择创建更改集。

9. CloudFormation 将创建更改集并运行验证检查。在部署验证选项卡中审核验证结果。

10. 如果验证通过或者您对警告感到满意，请选择执行更改集来部署您的更改。

11. 如果验证失败，请修复问题并创建新的更改集以重新验证您的部署。

验证堆栈部署（AWS CLI）

部署前验证的 AWS CLI 命令包括：

• create-change-set，在创建更改集时会自动进行验证。

• describe-change-set，用于验证更改集的状态

• describe-events：用于查看验证结果。

使用以下过程通过 AWS CLI 验证您的堆栈部署。

要在部署之前验证模板

1. 使用 create-change-set 命令：

   aws cloudformation create-change-set \
     --stack-name MyStack \
     --change-set-name MyChangeSet \
     --change-set-type "CREATE" \
     --template-body file://updated-template.yaml

   该命令将同时返回更改集 ARN 和堆栈 ARN。

2. 使用带有更改集 ARN 或更改集名称的 describe-events 命令来查看验证状态和结果。

   aws cloudformation describe-events \
     --change-set-name "arn:aws:cloudformation:us-east-1:123456789012:changeSet/MyChangeSet/94498df5-1afb-43b1-9869-9f82b2d877ac"

   验证错误的输出示例：

   {
      "OperationEvents":[
         {
            "EventId":"9b5c9a29-4704-4ad0-8082-afb49418d55b",
            "StackId":"arn:aws:cloudformation:us-east-1:123456789012:stack/MyStack/c3908380-b357-11f0-a97f-0ad08f35df65",
            "OperationId":"f558b823-e1e3-4de3-a222-e6b930ddcad4",
            "OperationType":"CREATE_CHANGESET",
            "OperationStatus":"FAILED",
            "EventType":"STACK_EVENT",
            "Timestamp":"2025-10-27T17:10:02.923Z",
            "StartTime":"2025-10-27T17:09:57.537Z",
            "EndTime":"2025-10-27T17:10:02.923Z"
         },
         {
            "EventId":"2d8c3262-3468-4283-82fb-6e780e9e4f1d",
            "StackId":"arn:aws:cloudformation:us-east-1:123456789012:stack/MyStack/c3908380-b357-11f0-a97f-0ad08f35df65",
            "OperationId":"f558b823-e1e3-4de3-a222-e6b930ddcad4",
            "OperationType":"CREATE_CHANGESET",
            "EventType":"VALIDATION_ERROR",
            "LogicalResourceId":"NotificationBucket",
            "PhysicalResourceId":"",
            "ResourceType":"AWS::S3::Bucket",
            "Timestamp":"2025-10-27T17:10:02.461Z",
            "ValidationFailureMode":"FAIL",
            "ValidationName":"PROPERTY_VALIDATION",
            "ValidationStatus":"FAILED",
            "ValidationStatusReason":"#/NotificationConfiguration/QueueConfigurations/0: required key [Event] not found",
            "ValidationPath":"/Resources/NotificationBucket/Properties/NotificationConfiguration/QueueConfigurations/0"
         }
      ]
   }

3. 通过更新模板来解决任何验证错误，然后创建新的更改集。

4. 验证通过后，立即执行更改集：

   aws cloudformation execute-change-set \
     --change-set-name MyChangeSet \
     --stack-name MyStack

验证类型

部署前验证包括以下类型的检查：

• 属性语法验证：根据 AWS 资源架构验证资源属性。它会检查必需的属性和有效的属性值，并识别已弃用或不受支持的属性组合。

• 资源名称冲突检测：检查与现有 AWS 资源的命名是否存在冲突。它会验证资源名称是否符合 AWS 命名要求，并在尝试部署之前识别出潜在的冲突。

• S3 存储桶空置性验证：尝试删除包含对象的 S3 存储桶时发出警告。它提供对象计数以帮助评测删除影响，并帮助防止常见的 S3 删除失败。

每种验证类型都提供了特定的错误信息以及错误在模板中的具体位置，以帮助您迅速解决问题。

资源限制

部署前验证不支持以下资源类型：

• AWS::ApiGatewayV2::ApiGatewayManagedOverrides

• AWS::ApiGatewayV2::Stage

• AWS::AppMesh::GatewayRoute

• AWS::AppMesh::Mesh

• AWS::AppMesh::Route

• AWS::AppMesh::VirtualGateway

• AWS::AppMesh::VirtualNode

• AWS::AppMesh::VirtualRouter

• AWS::AppMesh::VirtualService

• AWS::AppStream::Fleet

• AWS::AppStream::Stack

• AWS::AppStream::StackFleetAssociation

• AWS::AppStream::StackUserAssociation

• AWS::AppStream::User

• AWS::AppSync::ApiCache

• AWS::AppSync::ApiKey

• AWS::AppSync::GraphQLSchema

• AWS::AutoScalingPlans::ScalingPlan

• AWS::Budgets::Budget

• AWS::CertificateManager::Certificate

• AWS::Cloud9::EnvironmentEC2

• AWS::CloudFormation::CustomResource

• AWS::CloudFormation::Macro

• AWS::CloudFormation::WaitCondition

• AWS::CloudFormation::WaitConditionHandle

• AWS::CloudFront::StreamingDistribution

• AWS::CloudWatch::AnomalyDetector

• AWS::CloudWatch::InsightRule

• AWS::CodeBuild::Project

• AWS::CodeBuild::ReportGroup

• AWS::CodeBuild::SourceCredential

• AWS::CodeCommit::Repository

• AWS::CodeDeploy::DeploymentGroup

• AWS::CodeStar::GitHubRepository

• AWS::Config::ConfigurationRecorder

• AWS::Config::DeliveryChannel

• AWS::Config::OrganizationConfigRule

• AWS::Config::RemediationConfiguration

• AWS::DAX::Cluster

• AWS::DAX::ParameterGroup

• AWS::DAX::SubnetGroup

• AWS::DirectoryService::MicrosoftAD

• AWS::DLM::LifecyclePolicy

• AWS::DMS::Certificate

• AWS::DMS::Endpoint

• AWS::DMS::EventSubscription

• AWS::DMS::ReplicationInstance

• AWS::DMS::ReplicationSubnetGroup

• AWS::DMS::ReplicationTask

• AWS::DocDB::DBCluster

• AWS::DocDB::DBClusterParameterGroup

• AWS::DocDB::DBInstance

• AWS::DocDB::DBSubnetGroup

• AWS::DocDB::EventSubscription

• AWS::EC2::ClientVpnAuthorizationRule

• AWS::EC2::ClientVpnEndpoint

• AWS::EC2::ClientVpnRoute

• AWS::EC2::ClientVpnTargetNetworkAssociation

• AWS::EC2::NetworkInterfacePermission

• AWS::ElastiCache::CacheCluster

• AWS::ElastiCache::ReplicationGroup

• AWS::ElastiCache::SecurityGroup

• AWS::ElastiCache::SecurityGroupIngress

• AWS::ElasticLoadBalancing::LoadBalancer

• AWS::ElasticLoadBalancingV2::ListenerCertificate

• AWS::Elasticsearch::Domain

• AWS::EMR::Cluster

• AWS::EMR::InstanceFleetConfig

• AWS::EMR::InstanceGroupConfig

• AWS::FSx::FileSystem

• AWS::FSx::Snapshot

• AWS::FSx::StorageVirtualMachine

• AWS::FSx::Volume

• AWS::Glue::Classifier

• AWS::Glue::Connection

• AWS::Glue::CustomEntityType

• AWS::Glue::DataCatalogEncryptionSettings

• AWS::Glue::DataQualityRuleset

• AWS::Glue::DevEndpoint

• AWS::Glue::MLTransform

• AWS::Glue::Partition

• AWS::Glue::SecurityConfiguration

• AWS::Glue::Table

• AWS::Glue::TableOptimizer

• AWS::Glue::Workflow

• AWS::Greengrass::ConnectorDefinition

• AWS::Greengrass::ConnectorDefinitionVersion

• AWS::Greengrass::CoreDefinition

• AWS::Greengrass::CoreDefinitionVersion

• AWS::Greengrass::DeviceDefinition

• AWS::Greengrass::DeviceDefinitionVersion

• AWS::Greengrass::FunctionDefinition

• AWS::Greengrass::FunctionDefinitionVersion

• AWS::Greengrass::Group

• AWS::Greengrass::GroupVersion

• AWS::Greengrass::LoggerDefinition

• AWS::Greengrass::LoggerDefinitionVersion

• AWS::Greengrass::ResourceDefinition

• AWS::Greengrass::ResourceDefinitionVersion

• AWS::Greengrass::SubscriptionDefinition

• AWS::Greengrass::SubscriptionDefinitionVersion

• AWS::IAM::AccessKey

• AWS::IAM::UserToGroupAddition

• AWS::IoT::PolicyPrincipalAttachment

• AWS::IoT::ThingPrincipalAttachment

• AWS::IoTThingsGraph::FlowTemplate

• AWS::KinesisAnalytics::Application

• AWS::KinesisAnalytics::ApplicationOutput

• AWS::KinesisAnalytics::ApplicationReferenceDataSource

• AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption

• AWS::KinesisAnalyticsV2::ApplicationOutput

• AWS::KinesisAnalyticsV2::ApplicationReferenceDataSource

• AWS::LakeFormation::DataLakeSettings

• AWS::LakeFormation::Permissions

• AWS::LakeFormation::Resource

• AWS::ManagedBlockchain::Member

• AWS::ManagedBlockchain::Node

• AWS::MediaConvert::JobTemplate

• AWS::MediaConvert::Preset

• AWS::MediaConvert::Queue

• AWS::MediaLive::Channel

• AWS::MediaLive::Input

• AWS::MediaLive::InputSecurityGroup

• AWS::MediaStore::Container

• AWS::OpsWorks::App

• AWS::OpsWorks::ElasticLoadBalancerAttachment

• AWS::OpsWorks::Instance

• AWS::OpsWorks::Layer

• AWS::OpsWorks::Stack

• AWS::OpsWorks::UserProfile

• AWS::OpsWorks::Volume

• AWS::Pinpoint::ADMChannel

• AWS::Pinpoint::APNSChannel

• AWS::Pinpoint::APNSSandboxChannel

• AWS::Pinpoint::APNSVoipChannel

• AWS::Pinpoint::APNSVoipSandboxChannel

• AWS::Pinpoint::App

• AWS::Pinpoint::ApplicationSettings

• AWS::Pinpoint::BaiduChannel

• AWS::Pinpoint::Campaign

• AWS::Pinpoint::EmailChannel

• AWS::Pinpoint::EmailTemplate

• AWS::Pinpoint::EventStream

• AWS::Pinpoint::GCMChannel

• AWS::Pinpoint::PushTemplate

• AWS::Pinpoint::Segment

• AWS::Pinpoint::SMSChannel

• AWS::Pinpoint::SmsTemplate

• AWS::Pinpoint::VoiceChannel

• AWS::PinpointEmail::ConfigurationSet

• AWS::PinpointEmail::ConfigurationSetEventDestination

• AWS::PinpointEmail::DedicatedIpPool

• AWS::PinpointEmail::Identity

• AWS::QLDB::Ledger

• AWS::RDS::DBSecurityGroup

• AWS::RDS::DBSecurityGroupIngress

• AWS::Redshift::ClusterSecurityGroup

• AWS::Redshift::ClusterSecurityGroupIngress

• AWS::Route53::RecordSet

• AWS::Route53::RecordSetGroup

• AWS::SageMaker::CodeRepository

• AWS::SageMaker::EndpointConfig

• AWS::SageMaker::Model

• AWS::SageMaker::NotebookInstance

• AWS::SageMaker::NotebookInstanceLifecycleConfig

• AWS::SageMaker::Workteam

• AWS::SDB::Domain

• AWS::ServiceCatalog::AcceptedPortfolioShare

• AWS::ServiceCatalog::LaunchRoleConstraint

• AWS::ServiceCatalog::Portfolio

• AWS::ServiceCatalog::StackSetConstraint

• AWS::ServiceDiscovery::HttpNamespace

• AWS::ServiceDiscovery::Instance

• AWS::ServiceDiscovery::PrivateDnsNamespace

• AWS::ServiceDiscovery::PublicDnsNamespace

• AWS::ServiceDiscovery::Service

• AWS::SES::ReceiptFilter

• AWS::SES::ReceiptRule

• AWS::SES::ReceiptRuleSet

• AWS::SSM::MaintenanceWindow

• AWS::SSM::MaintenanceWindowTarget

• AWS::SSM::MaintenanceWindowTask

• AWS::WAF::ByteMatchSet

• AWS::WAF::IPSet

• AWS::WAF::Rule

• AWS::WAF::SizeConstraintSet

• AWS::WAF::SqlInjectionMatchSet

• AWS::WAF::WebACL

• AWS::WAF::XssMatchSet

• AWS::WAFRegional::ByteMatchSet

• AWS::WAFRegional::GeoMatchSet

• AWS::WAFRegional::IPSet

• AWS::WAFRegional::RateBasedRule

• AWS::WAFRegional::RegexPatternSet

• AWS::WAFRegional::Rule

• AWS::WAFRegional::SizeConstraintSet

• AWS::WAFRegional::SqlInjectionMatchSet

• AWS::WAFRegional::WebACL

• AWS::WAFRegional::WebACLAssociation

• AWS::WAFRegional::XssMatchSet

• AWS::WorkSpaces::Workspace

• AWS::AmazonMQ::ConfigurationAssociation

• AWS::ApiGateway::DomainNameAccessAssociation

• AWS::AppConfig::ExtensionAssociation

• AWS::AppStream::ApplicationEntitlementAssociation

• AWS::AppStream::ApplicationFleetAssociation

• AWS::AppSync::DomainNameApiAssociation

• AWS::AppSync::SourceApiAssociation

• AWS::CleanRooms::ConfiguredTableAssociation

• AWS::CleanRooms::IdNamespaceAssociation

• AWS::CodeGuruReviewer::RepositoryAssociation

• AWS::Cognito::IdentityPoolRoleAttachment

• AWS::Cognito::UserPoolRiskConfigurationAttachment

• AWS::Cognito::UserPoolUICustomizationAttachment

• AWS::Cognito::UserPoolUserToGroupAttachment

• AWS::Connect::IntegrationAssociation

• AWS::Deadline::QueueFleetAssociation

• AWS::Deadline::QueueLimitAssociation

• AWS::EC2::EIPAssociation

• AWS::EC2::EnclaveCertificateIamRoleAssociation

• AWS::EC2::GatewayRouteTableAssociation

• AWS::EC2::IPAMResourceDiscoveryAssociation

• AWS::EC2::IpPoolRouteTableAssociation

• AWS::EC2::LocalGatewayRouteTableVPCAssociation

• AWS::EC2::LocalGatewayRouteTableVirtualInterfaceGroupAssociation

• AWS::EC2::NetworkInterfaceAttachment

• AWS::EC2::RouteServerAssociation

• AWS::EC2::SecurityGroupVpcAssociation

• AWS::EC2::SubnetNetworkAclAssociation

• AWS::EC2::SubnetRouteTableAssociation

• AWS::EC2::TransitGatewayAttachment

• AWS::EC2::TransitGatewayMulticastDomainAssociation

• AWS::EC2::TransitGatewayPeeringAttachment

• AWS::EC2::TransitGatewayRouteTableAssociation

• AWS::EC2::TransitGatewayVpcAttachment

• AWS::EC2::VPCDHCPOptionsAssociation

• AWS::EC2::VPCGatewayAttachment

• AWS::EC2::VolumeAttachment

• AWS::ECS::ClusterCapacityProviderAssociations

• AWS::EKS::PodIdentityAssociation

• AWS::FSx::DataRepositoryAssociation

• AWS::FSx::S3AccessPointAttachment

• AWS::GlobalAccelerator::CrossAccountAttachment

• AWS::LakeFormation::TagAssociation

• AWS::NetworkFirewall::VpcEndpointAssociation

• AWS::NetworkManager::ConnectAttachment

• AWS::NetworkManager::CustomerGatewayAssociation

• AWS::NetworkManager::DirectConnectGatewayAttachment

• AWS::NetworkManager::LinkAssociation

• AWS::NetworkManager::SiteToSiteVpnAttachment

• AWS::NetworkManager::TransitGatewayRouteTableAttachment

• AWS::NetworkManager::VpcAttachment

• AWS::Notifications::ChannelAssociation

• AWS::Notifications::ManagedNotificationAccountContactAssociation

• AWS::Notifications::ManagedNotificationAdditionalChannelAssociation

• AWS::Notifications::OrganizationalUnitAssociation

• AWS::ResourceExplorer2::DefaultViewAssociation

• AWS::Route53Profiles::ProfileAssociation

• AWS::Route53Profiles::ProfileResourceAssociation

• AWS::Route53Resolver::FirewallRuleGroupAssociation

• AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation

• AWS::Route53Resolver::ResolverRuleAssociation

• AWS::SSM::Association

• AWS::SecretsManager::SecretTargetAttachment

• AWS::SecurityHub::PolicyAssociation

• AWS::ServiceCatalog::PortfolioPrincipalAssociation

• AWS::ServiceCatalog::PortfolioProductAssociation

• AWS::ServiceCatalog::ServiceActionAssociation

• AWS::ServiceCatalog::TagOptionAssociation

• AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation

• AWS::ServiceCatalogAppRegistry::ResourceAssociation

• AWS::VpcLattice::ServiceNetworkResourceAssociation

• AWS::VpcLattice::ServiceNetworkServiceAssociation

• AWS::VpcLattice::ServiceNetworkVpcAssociation

• AWS::WAFv2::WebACLAssociation

• AWS::Wisdom::AssistantAssociation

• AWS::WorkspacesInstances::VolumeAssociation

• AWS::IAM::Policy

• AWS::SNS::TopicPolicy

• AWS::SQS::QueuePolicy

• AWS::EC2::NetworkAclEntry

• AWS::EC2::VPNGatewayRoutePropagation

• AWS::CloudFormation::Stack

• AWS::CloudWatch::MetricStream

• AWS::WorkSpaces::ConnectionAlias

• AWS::IoT::ProvisioningTemplate

• AWS::MediaPackage::Channel

• AWS::CloudFront::OriginRequestPolicy

• AWS::Route53Resolver::ResolverQueryLoggingConfig

• AWS::NetworkManager::TransitGatewayRegistration

• AWS::ImageBuilder::Image

• AWS::Config::ConformancePack

• AWS::S3::AccessPoint

• AWS::CodeStarConnections::Connection

• AWS::CloudFront::CachePolicy

• AWS::FMS::NotificationChannel

• AWS::ImageBuilder::InfrastructureConfiguration

• AWS::Detective::Graph

• AWS::EC2::CarrierGateway

• AWS::CloudWatch::CompositeAlarm

• AWS::CodeArtifact::Repository

• AWS::GroundStation::DataflowEndpointGroup

• AWS::ElasticLoadBalancingV2::Listener

• AWS::ImageBuilder::ImageRecipe

• AWS::NetworkManager::Device

• AWS::Kendra::DataSource

• AWS::Timestream::Database

• AWS::CodeGuruProfiler::ProfilingGroup

• AWS::Lambda::EventSourceMapping

• AWS::ECR::Repository

• AWS::WAFv2::IPSet

• AWS::GameLift::Alias

• AWS::IoTSiteWise::Asset

• AWS::OpsWorksCM::Server

• AWS::IoT::Authorizer

• AWS::WAFv2::RuleGroup

• AWS::NetworkManager::Site

• AWS::ResourceGroups::Group

• AWS::MediaPackage::PackagingConfiguration

• AWS::ImageBuilder::ImagePipeline

• AWS::ECS::TaskDefinition

• AWS::Macie::CustomDataIdentifier

• AWS::MediaPackage::OriginEndpoint

• AWS::Logs::LogGroup

• AWS::CodeArtifact::Domain

• AWS::Kendra::Faq

• AWS::ECS::TaskSet

• AWS::WAFv2::RegexPatternSet

• AWS::ECS::Cluster

• AWS::SSO::Assignment

• AWS::GlobalAccelerator::Listener

• AWS::ServiceCatalog::CloudFormationProvisionedProduct

• AWS::RDS::DBProxy

• AWS::EC2::FlowLog

• AWS::ImageBuilder::Component

• AWS::CloudFront::RealtimeLogConfig

• AWS::NetworkManager::GlobalNetwork

• AWS::RDS::DBProxyTargetGroup

• AWS::WAFv2::WebACL

• AWS::IVS::StreamKey

• AWS::IVS::PlaybackKeyPair

• AWS::Macie::Session

• AWS::Route53::HealthCheck

• AWS::Synthetics::Canary

• AWS::Lambda::CodeSigningConfig

• AWS::EFS::AccessPoint

• AWS::Timestream::Table

• AWS::MediaPackage::PackagingGroup

• AWS::ECS::PrimaryTaskSet

• AWS::Config::ConfigurationAggregator

• AWS::GroundStation::Config

• AWS::IoTSiteWise::AssetModel

• AWS::SES::ConfigurationSet

• AWS::ImageBuilder::DistributionConfiguration

• AWS::Config::OrganizationConformancePack

• AWS::EC2::LocalGatewayRoute

• AWS::KMS::Key

• AWS::Detective::MemberInvitation

• AWS::EKS::FargateProfile

• AWS::MediaPackage::Asset

• AWS::GlobalAccelerator::EndpointGroup

• AWS::Macie::FindingsFilter

• AWS::IoT::Certificate

• AWS::SageMaker::MonitoringSchedule

• AWS::IVS::Channel

• AWS::Kendra::Index

• AWS::EventSchemas::RegistryPolicy

• AWS::KinesisFirehose::DeliveryStream

• AWS::GlobalAccelerator::Accelerator

• AWS::EC2::PrefixList

• AWS::GameLift::GameServerGroup

• AWS::NetworkManager::Link

• AWS::EFS::FileSystem

• AWS::Route53::HostedZone

• AWS::GroundStation::MissionProfile

• AWS::KMS::Alias

• AWS::FMS::Policy

• AWS::SSO::PermissionSet

• AWS::StepFunctions::StateMachine

• AWS::QLDB::Stream

• AWS::IoTSiteWise::Gateway

• AWS::ECS::Service

• AWS::ECS::CapacityProvider

• AWS::EC2::SecurityGroup

• AWS::EC2::SecurityGroupIngress

• AWS::EC2::SecurityGroupEgress

• AWS::EC2::EC2Fleet

• AWS::IAM::Group

• AWS::IAM::Role

• AWS::IAM::User

• AWS::ApiGateway::GatewayResponse

• AWS::S3::BucketPolicy

• AWS::SNS::Topic

• AWS::SNS::Subscription

• AWS::RDS::DBInstance

• AWS::RDS::DBParameterGroup

• AWS::RDS::DBCluster

• AWS::RDS::DBClusterParameterGroup

• AWS::RDS::DBSubnetGroup

• AWS::RDS::EventSubscription

• AWS::RDS::GlobalCluster

• AWS::RDS::OptionGroup

• AWS::Neptune::DBInstance

• AWS::Neptune::DBParameterGroup

• AWS::Neptune::DBCluster

• AWS::Neptune::DBClusterParameterGroup

• AWS::Neptune::DBSubnetGroup

• AWS::Redshift::Cluster

• AWS::Redshift::ClusterParameterGroup

• AWS::Redshift::ClusterSubnetGroup

• AWS::Redshift::EndpointAccess

• AWS::Redshift::EndpointAuthorization

• AWS::Redshift::EventSubscription

• AWS::Redshift::ScheduledAction

• AWS::ElastiCache::SubnetGroup