AWS CloudFormation is an AWS tool that lets you create and manage cloud resources using code instead of clicking around the console. You describe everything you want - like EC2 instances, S3 buckets, IAM roles, VPCs — in a template file (YAML or JSON), and CloudFormation reads that template and automatically provisions, updates, or deletes those resources for you as a single stack. This makes your infrastructure repeatable, version-controlled, and easier to manage, because you can deploy the same setup to multiple environments (dev, test, prod) with minimal changes, roll back if something fails, and track all infrastructure changes just like you do with application code.
Recently, there has been number of improvements in CloudFormation making it much easier to manage infrastructure resources. In this post, I will talk about the improvements and how can you can take advantage of these.
Stack refactoring
With stack refactoring, you can rearrange the resources in your CloudFormation stacks without losing their existing configurations or data. This lets you move resources between stacks, break a large stack into several smaller ones, or merge multiple stacks into a single stack. This is helpful, because, you might have created a stack previously which has grown over time and has too many resources. Now, with stack refactoring, you can rearrange the resources into multiple stacks.
Stack refactoring in CloudFormation is a multi-step process: first you assess your existing stacks to find refactoring opportunities, then plan how to reorganize resources and decide which destination stacks (2–5, including nested stacks) they should move to. Next, you update templates (including moving resource definitions and optionally renaming logical IDs) and create the refactor by supplying stack names and templates. CloudFormation then validates dependencies and IDs, shows a preview if validation passes, or reports issues you must fix (such as providing logical ID mappings for conflicts). Finally, you execute the refactor and monitor the operation to ensure it completes successfully.
Refer Stack refactoring for details.
Validate stack deployments
With pre-deployment validation, you can spot and fix potential deployment problems before running your CloudFormation change sets. This capability checks your templates against common failure scenarios, allowing you to catch and address issues earlier in the development cycle.
Pre-deployment validation automatically checks your CloudFormation change sets before deployment by running syntax, name conflict, and S3 bucket emptiness validations, then highlighting exact issues in your template so you can fix them first and deploy with greater confidence.
When you create a changeset, if all is well, the Deployments validation will be a green light. You can also bake this into a CICD pipeline by using the cli commands for CloudFormation.
### describe events
aws cloudformation describe-events \
--change-set-id "arn:aws:cloudformation:us-east-1:123456789012:changeSet/MyChangeSet/123456ab-cd12-98ab-6521-987qwe654asd"
You can then inspect the OperationEvents[i].OperationStatus to see if event contains FAILED or SUCCEEDED.
Drift-Aware ChangeSets
Drift-aware change sets are an improved type of CloudFormation change set that help you safely detect and handle stack drift. Stack drift happens when resources are modified outside of CloudFormation - for example, directly through the AWS console, CLI, or service SDKs—so they no longer match the template. Drift-aware change sets compare your templates with the real, current state of stack resources and help you align any drifted resources back with their template definitions. If you update a template so that a resource's definition matches its actual state, drift-aware change sets will clear the resource's drift status without making any changes to that resource.
Note that, all resources are not supported for drift-aware changesets. Refer AWS documentation to find the list of supported resources.
Top comments (0)