CloudFormation

Cloud

AWS

Glossary

Check

Glossary

A Stack is the name for the definition of a collection of Stack Resources that will be managed as a logical group.
A Stack Instance is the name for a running collection of Stack Resources as defined by a Stack
A Stack Set is a collection of Stacks
A CloudFormation Template is a JSON or YAML formatted file which defines the AWS Resources that make up a Stack
A Changet is a user proposed set of changes to the running resources in a Cloudformation stack.

Check

aws cloudformation list-stacks --output yaml

You can output as table but the table tends to be very wide and therefore difficult to read

aws cloudformation describe-stacks --output yaml

You can output as table but the table tends to be very wide and therefore difficult to read

If you have forgotten the name of your stack, use this command to help find it...

aws cloudformation describe-stacks --output yaml | grep StackName

For further stack information use...

aws cloudformation describe-stacks --stack-name ${mystack}

aws cloudformation describe-stack-resources --stack-name ${mystack} --output table

Template

Stack Template Components

Template Version (Optional)
Description (Optional)
Metadata (Optional)
Parameters (Optional)
Mappings (Optional)
Conditions (Optional)
Transform (Optional)
Resources (Required)
Outputs (Optional)

Stack Template Notes

AllowedPattern

The idea is to validate correct formatting of parameters using regular expressions. Some examples include...

Basic email address structure...

^[^\\s@]+@[^\\s@]+\\.[^\\s@]+$

A valid IPv4 IP Address structure...

^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$

Valid CIDR Block for use with AWS VPC and associated resources...

^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\/([1-2][6-9]|3[0-2]))?$

Passphrase Complexity Check (must start with a letter and minimum length of 12 alphanumeric characters including special characters)...

^[A-Za-z][a-zA-Z0-9@%$_-]{12,}$

Valid cron schedule...

^\s*($|#|\w+\s*=|(\?|\*|(?:[0-5]?\d)(?:(?:-|\/|\,)(?:[0-5]?\d))?(?:,(?:[0-5]?\d)(?:(?:-|\/|\,)(?:[0-5]?\d))?)*)\s+(\?|\*|(?:[0-5]?\d)(?:(?:-|\/|\,)(?:[0-5]?\d))?(?:,(?:[0-5]?\d)(?:(?:-|\/|\,)(?:[0-5]?\d))?)*)\s+(\?|\*|(?:[01]?\d|2[0-3])(?:(?:-|\/|\,)(?:[01]?\d|2[0-3]))?(?:,(?:[01]?\d|2[0-3])(?:(?:-|\/|\,)(?:[01]?\d|2[0-3]))?)*)\s+(\?|\*|(?:0?[1-9]|[12]\d|3[01])(?:(?:-|\/|\,)(?:0?[1-9]|[12]\d|3[01]))?(?:,(?:0?[1-9]|[12]\d|3[01])(?:(?:-|\/|\,)(?:0?[1-9]|[12]\d|3[01]))?)*)\s+(\?|\*|(?:[1-9]|1[012])(?:(?:-|\/|\,)(?:[1-9]|1[012]))?(?:L|W)?(?:,(?:[1-9]|1[012])(?:(?:-|\/|\,)(?:[1-9]|1[012]))?(?:L|W)?)*|\?|\*|(?:JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC)(?:(?:-)(?:JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))?(?:,(?:JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC)(?:(?:-)(?:JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))?)*)\s+(\?|\*|(?:[0-6])(?:(?:-|\/|\,|#)(?:[0-6]))?(?:L)?(?:,(?:[0-6])(?:(?:-|\/|\,|#)(?:[0-6]))?(?:L)?)*|\?|\*|(?:MON|TUE|WED|THU|FRI|SAT|SUN)(?:(?:-)(?:MON|TUE|WED|THU|FRI|SAT|SUN))?(?:,(?:MON|TUE|WED|THU|FRI|SAT|SUN)(?:(?:-)(?:MON|TUE|WED|THU|FRI|SAT|SUN))?)*)(|\s)+(\?|\*|(?:|\d{4})(?:(?:-|\/|\,)(?:|\d{4}))?(?:,(?:|\d{4})(?:(?:-|\/|\,)(?:|\d{4}))?)*))$

Note also that for cron scheduling in AWS You cannot use * in both the Day-of-month and Day-of-week fields. If you use it in one, you must use ? in the other.

Regular Expressions

Troubleshooting Stack Updates

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html

Check the Status reason column in the Events tab of your Stack

Example: Incorrectly formatted cron schedule...

Status reason shows...

Parameter ScheduleExpression is not valid. (Service: AmazonCloudWatchEvents; Status Code: 400; Error Code: ValidationException; Request ID: 21d36604-8adb-4773-a0b2-d69b59cae404)

Entered string matched template AllowedPattern (validated at regex101).

Google search revealed that "You cannot use * in both the Day-of-month and Day-of-week fields. If you use it in one, you must use ? in the other." In fact one or the other must always be ?. Initial setting was 5 9 * * 4 * working setting is 5 9 ? * 4 *

https://stackoverflow.com/questions/39482314/parameter-scheduleexpression-is-not-valid https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html

Delete Stack

From the Cloudformation console...

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-delete-stack.html

From the AWS CLI...

aws cloudformation delete-stack --stack-name mystack

To delete a stack with dependencies that can't be deleted...

From the Cloudformation console...

From the AWS CLI...

aws cloudformation delete-stack --stack-name my-stack --retain-resources myresource1 myresource2

Drift Detection

aws cloudformation detect-stack-drift --stack-name mystack

Bibliography

CloudFormation

Glossary

Check

See Also

Template

Stack Template Components

Stack Template Notes

AllowedPattern

Troubleshooting Stack Updates

Example: Incorrectly formatted cron schedule...

Delete Stack

To delete a stack with dependencies that can't be deleted...

Drift Detection

Bibliography