Open menu
-->

AWS CloudFormation Best Practices

AWS CloudFormation gives you the ability to easily manage a collection of AWS resources by automating the creation and termination of your infrastructure, services, and applications.



AWS CloudFormation gives you the ability to easily manage a collection of AWS resources by automating the creation and termination of your infrastructure, services, and applications.

CloudFormation is broken down into two parts, templates and stacks. A template is file that defines what resources are required to run your application. For example, the template may dictate that your application requires 3 Elastic Cloud Compute (EC2) servers and a specific Identify and Access Management (IAM) Policy. Once the template is uploaded, CloudFormation automatically launches the required resources and builds a running instance (stack) that matches the template.

Cloud Conformity checks AWS CloudFormation service according to the following rules:

AWS CloudFormation In Use
Ensure CloudFormation service is in use for defining your cloud architectures on Amazon Web Services

AWS CloudFormation Deletion Policy in Use
Ensure a deletion policy is used for your Amazon CloudFormation stacks.

AWS CloudFormation Stack Failed Status
Ensure AWS CloudFormation stacks are not in Failed mode for more than 6 hours

Enable AWS CloudFormation Stack Notifications
Ensure your AWS CloudFormation stacks are integrated with Simple Notification Service (SNS).

AWS CloudFormation Stack Policy
Ensure CloudFormation stack policies are set to prevent accidental updates to stack resources.

Enable AWS CloudFormation Stack Termination Protection
Ensure Termination Protection feature is enabled for your AWS CloudFormation stacks.

CloudFormation Stack with IAM Role
Ensure that the IAM role associated with your AWS CloudFormation stack grants least privilege.