aws-cloudformation

Create a stack from a template file

$ aws cloudformation create-stack --stack-name [stack-name] --region [region] --template-body [file://path/to/file.yml] --profile [profile]

$ aws cloudformation delete-stack --stack-name [stack-name] --profile [profile]

$ aws cloudformation list-stacks --profile [profile]

$ aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE --profile [profile]

$ aws cloudformation describe-stacks --stack-name [stack-id] --profile [profile]

$ aws cloudformation detect-stack-drift --stack-name [stack-id] --profile [profile]

$ aws cloudformation describe-stack-resource-drifts --stack-name [stack-drift-detection-id] --profile [profile]

aws cloudformation subcommand [options]

create-stack
    Provisions a new CloudFormation stack based on a specified template and parameters. This command initiates the creation of resources defined in the template.

update-stack
    Updates an existing CloudFormation stack. You can provide a new template or new parameter values to modify the stack's resources. This is often used with change sets.

delete-stack
    Deletes a CloudFormation stack and all the resources contained within it. Use with caution as this action is irreversible for the resources.

describe-stacks
    Retrieves detailed information about one or more CloudFormation stacks, including their status, outputs, and parameters. Useful for checking the state of your deployments.

list-stacks
    Provides a summary list of all CloudFormation stacks in the current region, offering a quick overview of your deployed infrastructure.

validate-template
    Checks a CloudFormation template for syntax and semantic errors. This is a valuable command for pre-deployment validation to catch issues early.

create-change-set
    Generates a change set, which is a summary of proposed changes to a stack. It allows you to preview how an update will affect your running resources before applying it.

execute-change-set
    Applies a pending change set to a stack, initiating the actual update of the stack's resources as defined in the change set.

delete-change-set
    Deletes a change set. This is often done after executing a change set or if you decide not to proceed with the proposed changes.

create-stack-set
    Creates a stack set, which allows you to deploy and manage a common CloudFormation template across multiple AWS accounts and regions from a single operation.

The aws cloudformation command is part of the AWS Command Line Interface (CLI), providing a powerful interface to AWS CloudFormation, a service that enables you to model, provision, and manage AWS resources as code. Instead of manually provisioning resources, you define your infrastructure in templates (YAML or JSON) and let CloudFormation create and manage them. This command allows you to interact directly with the CloudFormation service from your terminal, enabling automation of stack creation, updates, and deletions, viewing stack events, and managing stack sets. It is crucial for implementing Infrastructure as Code (IaC) best practices within AWS environments, facilitating version control, repeatability, and consistent deployments across different environments.

Permissions: The AWS IAM user or role executing CloudFormation commands must have sufficient permissions for CloudFormation itself and for all the AWS resources that the stack intends to create, modify, or delete.

Template Syntax: CloudFormation templates must adhere strictly to YAML or JSON syntax. Even minor errors can cause stack creation or update failures.

Rollbacks: CloudFormation automatically attempts to roll back to the last known good state if stack creation or update fails. While helpful, incomplete rollbacks can sometimes leave orphaned resources or a stack in a ROLLBACK_FAILED state.

Resource Limits: Be aware of AWS service quotas and limits for the resources you are provisioning. CloudFormation operations can hit these limits, especially during large deployments.

Drift Detection: CloudFormation stacks can experience 'drift' if resources are manually modified outside of CloudFormation. Regularly use detect-stack-drift to identify these discrepancies.

CloudFormation operations are driven by templates, which are plain-text files written in YAML or JSON. These templates declaratively define the AWS resources (e.g., EC2 instances, S3 buckets, RDS databases) you want to provision, along with their configurations, dependencies, and outputs. They form the blueprint for your AWS infrastructure.

A stack is a single instance of a CloudFormation template deployed in a specific AWS account and region. A stack set, on the other hand, allows you to deploy and manage a common CloudFormation template across multiple AWS accounts and regions from a single operation. Stack sets are ideal for centralized management of compliance, security, or common services across an organization.

Before applying an update to an existing stack, it's highly recommended to create a change set. A change set summarizes the proposed changes that CloudFormation will make to your stack's resources. This 'dry run' capability helps you understand the impact of an update (e.g., which resources will be replaced, modified, or deleted) before executing it, significantly reducing the risk of unintended disruptions.

AWS CloudFormation was launched by Amazon Web Services in 2011, establishing a foundational service for Infrastructure as Code (IaC) on the AWS platform. Its introduction significantly simplified the provisioning and management of complex AWS environments by allowing users to define their infrastructure in declarative templates. Over the years, AWS has continuously enhanced CloudFormation with features like nested stacks for modularity, change sets for safe updates, drift detection for configuration consistency, and stack sets for multi-account/multi-region deployments, solidifying its role as a core AWS management tool. The aws cloudformation CLI commands have evolved alongside the service, providing comprehensive programmatic control.

aws configure(1), aws s3(1), aws cloudwatch(1), aws iam(1), aws logs(1)