{"id":"c82280d2-f073-4c9c-9931-3d3b84436c3f","shortId":"3br3E3","kind":"skill","title":"cloudformation","tagline":"AWS CloudFormation infrastructure as code for stack management. Use when writing templates, deploying stacks, managing drift, troubleshooting deployments, or organizing infrastructure with nested stacks.","description":"# AWS CloudFormation\n\nAWS CloudFormation provisions and manages AWS resources using templates. Define infrastructure as code, version control it, and deploy consistently across environments.\n\n## Table of Contents\n\n- [Core Concepts](#core-concepts)\n- [Common Patterns](#common-patterns)\n- [CLI Reference](#cli-reference)\n- [Best Practices](#best-practices)\n- [Troubleshooting](#troubleshooting)\n- [References](#references)\n\n## Core Concepts\n\n### Templates\n\nJSON or YAML files defining AWS resources. Key sections:\n- **Parameters**: Input values\n- **Mappings**: Static lookup tables\n- **Conditions**: Conditional resource creation\n- **Resources**: AWS resources (required)\n- **Outputs**: Return values\n\n### Stacks\n\nCollection of resources managed as a single unit. Created from templates.\n\n### Change Sets\n\nPreview changes before executing updates.\n\n### Stack Sets\n\nDeploy stacks across multiple accounts and regions.\n\n## Common Patterns\n\n### Basic Template Structure\n\n```yaml\nAWSTemplateFormatVersion: '2010-09-09'\nDescription: My infrastructure template\n\nParameters:\n  Environment:\n    Type: String\n    AllowedValues: [dev, staging, prod]\n    Default: dev\n\nMappings:\n  EnvironmentConfig:\n    dev:\n      InstanceType: t3.micro\n    prod:\n      InstanceType: t3.large\n\nConditions:\n  IsProd: !Equals [!Ref Environment, prod]\n\nResources:\n  MyBucket:\n    Type: AWS::S3::Bucket\n    Properties:\n      BucketName: !Sub 'my-app-${Environment}-${AWS::AccountId}'\n      VersioningConfiguration:\n        Status: !If [IsProd, Enabled, Suspended]\n\nOutputs:\n  BucketName:\n    Description: S3 bucket name\n    Value: !Ref MyBucket\n    Export:\n      Name: !Sub '${AWS::StackName}-BucketName'\n```\n\n### Deploy a Stack\n\n**AWS CLI:**\n\n```bash\n# Create stack\naws cloudformation create-stack \\\n  --stack-name my-stack \\\n  --template-body file://template.yaml \\\n  --parameters ParameterKey=Environment,ParameterValue=prod \\\n  --capabilities CAPABILITY_IAM\n\n# Wait for completion\naws cloudformation wait stack-create-complete --stack-name my-stack\n\n# Update stack\naws cloudformation update-stack \\\n  --stack-name my-stack \\\n  --template-body file://template.yaml \\\n  --parameters ParameterKey=Environment,ParameterValue=prod\n\n# Delete stack\naws cloudformation delete-stack --stack-name my-stack\n```\n\n### Use Change Sets\n\n```bash\n# Create change set\naws cloudformation create-change-set \\\n  --stack-name my-stack \\\n  --change-set-name my-changes \\\n  --template-body file://template.yaml \\\n  --parameters ParameterKey=Environment,ParameterValue=prod\n\n# Describe changes\naws cloudformation describe-change-set \\\n  --stack-name my-stack \\\n  --change-set-name my-changes\n\n# Execute change set\naws cloudformation execute-change-set \\\n  --stack-name my-stack \\\n  --change-set-name my-changes\n```\n\n### Lambda Function\n\n```yaml\nResources:\n  LambdaFunction:\n    Type: AWS::Lambda::Function\n    Properties:\n      FunctionName: !Sub '${AWS::StackName}-function'\n      Runtime: python3.12\n      Handler: index.handler\n      Role: !GetAtt LambdaRole.Arn\n      Code:\n        ZipFile: |\n          def handler(event, context):\n              return {'statusCode': 200, 'body': 'Hello'}\n      Environment:\n        Variables:\n          ENVIRONMENT: !Ref Environment\n\n  LambdaRole:\n    Type: AWS::IAM::Role\n    Properties:\n      AssumeRolePolicyDocument:\n        Version: '2012-10-17'\n        Statement:\n          - Effect: Allow\n            Principal:\n              Service: lambda.amazonaws.com\n            Action: sts:AssumeRole\n      ManagedPolicyArns:\n        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole\n```\n\n### VPC with Subnets\n\n```yaml\nResources:\n  VPC:\n    Type: AWS::EC2::VPC\n    Properties:\n      CidrBlock: 10.0.0.0/16\n      EnableDnsHostnames: true\n      Tags:\n        - Key: Name\n          Value: !Sub '${AWS::StackName}-vpc'\n\n  PublicSubnet1:\n    Type: AWS::EC2::Subnet\n    Properties:\n      VpcId: !Ref VPC\n      AvailabilityZone: !Select [0, !GetAZs '']\n      CidrBlock: 10.0.1.0/24\n      MapPublicIpOnLaunch: true\n\n  PrivateSubnet1:\n    Type: AWS::EC2::Subnet\n    Properties:\n      VpcId: !Ref VPC\n      AvailabilityZone: !Select [0, !GetAZs '']\n      CidrBlock: 10.0.10.0/24\n\n  InternetGateway:\n    Type: AWS::EC2::InternetGateway\n\n  AttachGateway:\n    Type: AWS::EC2::VPCGatewayAttachment\n    Properties:\n      VpcId: !Ref VPC\n      InternetGatewayId: !Ref InternetGateway\n\n  PublicRouteTable:\n    Type: AWS::EC2::RouteTable\n    Properties:\n      VpcId: !Ref VPC\n\n  PublicRoute:\n    Type: AWS::EC2::Route\n    DependsOn: AttachGateway\n    Properties:\n      RouteTableId: !Ref PublicRouteTable\n      DestinationCidrBlock: 0.0.0.0/0\n      GatewayId: !Ref InternetGateway\n\n  PublicSubnet1RouteTableAssociation:\n    Type: AWS::EC2::SubnetRouteTableAssociation\n    Properties:\n      SubnetId: !Ref PublicSubnet1\n      RouteTableId: !Ref PublicRouteTable\n```\n\n### DynamoDB Table\n\n```yaml\nResources:\n  OrdersTable:\n    Type: AWS::DynamoDB::Table\n    Properties:\n      TableName: !Sub '${AWS::StackName}-orders'\n      AttributeDefinitions:\n        - AttributeName: PK\n          AttributeType: S\n        - AttributeName: SK\n          AttributeType: S\n        - AttributeName: GSI1PK\n          AttributeType: S\n        - AttributeName: GSI1SK\n          AttributeType: S\n      KeySchema:\n        - AttributeName: PK\n          KeyType: HASH\n        - AttributeName: SK\n          KeyType: RANGE\n      GlobalSecondaryIndexes:\n        - IndexName: GSI1\n          KeySchema:\n            - AttributeName: GSI1PK\n              KeyType: HASH\n            - AttributeName: GSI1SK\n              KeyType: RANGE\n          Projection:\n            ProjectionType: ALL\n      BillingMode: PAY_PER_REQUEST\n      PointInTimeRecoverySpecification:\n        PointInTimeRecoveryEnabled: true\n```\n\n## CLI Reference\n\n### Stack Operations\n\n| Command | Description |\n|---------|-------------|\n| `aws cloudformation create-stack` | Create stack |\n| `aws cloudformation update-stack` | Update stack |\n| `aws cloudformation delete-stack` | Delete stack |\n| `aws cloudformation describe-stacks` | Get stack info |\n| `aws cloudformation list-stacks` | List stacks |\n| `aws cloudformation describe-stack-events` | Get events |\n| `aws cloudformation describe-stack-resources` | Get resources |\n\n### Change Sets\n\n| Command | Description |\n|---------|-------------|\n| `aws cloudformation create-change-set` | Create change set |\n| `aws cloudformation describe-change-set` | View changes |\n| `aws cloudformation execute-change-set` | Apply changes |\n| `aws cloudformation delete-change-set` | Delete change set |\n\n### Template\n\n| Command | Description |\n|---------|-------------|\n| `aws cloudformation validate-template` | Validate template |\n| `aws cloudformation get-template` | Get stack template |\n| `aws cloudformation get-template-summary` | Get template info |\n\n## Best Practices\n\n### Template Design\n\n- **Use parameters** for environment-specific values\n- **Use mappings** for static lookup tables\n- **Use conditions** for optional resources\n- **Export outputs** for cross-stack references\n- **Add descriptions** to parameters and outputs\n\n### Security\n\n- **Use IAM roles** instead of access keys\n- **Enable termination protection** for production\n- **Use stack policies** to protect resources\n- **Never hardcode secrets** — use Secrets Manager\n\n```bash\n# Enable termination protection\naws cloudformation update-termination-protection \\\n  --stack-name my-stack \\\n  --enable-termination-protection\n```\n\n### Organization\n\n- **Use nested stacks** for complex infrastructure\n- **Create reusable modules**\n- **Version control templates**\n- **Use consistent naming conventions**\n\n### Reliability\n\n- **Use DependsOn** for explicit dependencies\n- **Configure creation policies** for instances\n- **Use update policies** for Auto Scaling groups\n- **Implement rollback triggers**\n\n## Troubleshooting\n\n### Stack Creation Failed\n\n```bash\n# Get failure reason\naws cloudformation describe-stack-events \\\n  --stack-name my-stack \\\n  --query 'StackEvents[?ResourceStatus==`CREATE_FAILED`]'\n\n# Common causes:\n# - IAM permissions\n# - Resource limits\n# - Invalid property values\n# - Dependency failures\n```\n\n### Stack Stuck in DELETE_FAILED\n\n```bash\n# Identify resources that couldn't be deleted\naws cloudformation describe-stack-resources \\\n  --stack-name my-stack \\\n  --query 'StackResources[?ResourceStatus==`DELETE_FAILED`]'\n\n# Retry with resources to skip\naws cloudformation delete-stack \\\n  --stack-name my-stack \\\n  --retain-resources ResourceLogicalId1 ResourceLogicalId2\n```\n\n### Drift Detection\n\n```bash\n# Detect drift\naws cloudformation detect-stack-drift --stack-name my-stack\n\n# Check drift status\naws cloudformation describe-stack-drift-detection-status \\\n  --stack-drift-detection-id abc123\n\n# View drifted resources\naws cloudformation describe-stack-resource-drifts \\\n  --stack-name my-stack\n```\n\n### Rollback Failed\n\n```bash\n# Continue update rollback\naws cloudformation continue-update-rollback \\\n  --stack-name my-stack \\\n  --resources-to-skip ResourceLogicalId1\n```\n\n## References\n\n- [CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/)\n- [CloudFormation API Reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/)\n- [CloudFormation CLI Reference](https://docs.aws.amazon.com/cli/latest/reference/cloudformation/)\n- [Resource and Property Reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html)","tags":["cloudformation","aws","agent","skills","itsmostafa","agent-skills","agentic-ai","claude-code","claude-skills","codex","coding-agents"],"capabilities":["skill","source-itsmostafa","skill-cloudformation","topic-agent-skills","topic-agentic-ai","topic-aws","topic-claude-code","topic-claude-skills","topic-codex","topic-coding-agents"],"categories":["aws-agent-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/itsmostafa/aws-agent-skills/cloudformation","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add itsmostafa/aws-agent-skills","source_repo":"https://github.com/itsmostafa/aws-agent-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 1085 github stars · SKILL.md body (9,466 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-03T00:52:58.174Z","embedding":null,"createdAt":"2026-04-18T21:55:37.077Z","updatedAt":"2026-05-03T00:52:58.174Z","lastSeenAt":"2026-05-03T00:52:58.174Z","tsv":"'-09':142,143 '-10':415 '-17':416 '/0':529 '/16':445 '/24':471,489 '/awscloudformation/latest/apireference/)':1021 '/awscloudformation/latest/userguide/)':1015 '/awscloudformation/latest/userguide/aws-template-resource-type-ref.html)':1034 '/cli/latest/reference/cloudformation/)':1027 '0':467,485 '0.0.0.0':528 '10.0.0.0':444 '10.0.1.0':470 '10.0.10.0':488 '200':398 '2010':141 '2012':414 'abc123':969 'access':772 'account':131 'accountid':186 'across':47,129 'action':423 'add':760 'allow':419 'allowedvalu':152 'api':1017 'app':183 'appli':693 'arn':427 'assumerol':425 'assumerolepolicydocu':412 'attachgateway':495,522 'attributedefinit':560 'attributenam':561,565,569,573,578,582,590,594 'attributetyp':563,567,571,575 'auto':843 'availabilityzon':465,483 'aw':2,26,28,33,84,100,175,185,205,211,216,242,257,279,297,327,349,374,380,408,428,430,439,453,458,476,492,497,509,518,535,551,557,614,621,628,635,643,650,658,670,679,687,695,707,714,722,795,857,898,920,941,956,973,992 'awstemplateformatvers':140 'bash':213,293,791,853,890,938,988 'basic':136 'best':67,70,731 'best-practic':69 'billingmod':601 'bodi':229,270,318,399 'bucket':177,197 'bucketnam':179,194,207 'capabl':236,237 'caus':875 'chang':118,121,291,295,301,310,315,326,331,340,345,347,353,362,367,666,674,677,683,686,691,694,699,702 'change-set-nam':309,339,361 'check':953 'cidrblock':443,469,487 'cli':62,65,212,608,1023 'cli-refer':64 'cloudform':1,3,27,29,217,243,258,280,298,328,350,615,622,629,636,644,651,659,671,680,688,696,708,715,723,796,858,899,921,942,957,974,993,1010,1016,1022 'code':6,40,390 'collect':107 'command':612,668,705 'common':57,60,134,874 'common-pattern':59 'complet':241,248 'complex':816 'concept':53,56,77 'condit':95,96,166,749 'configur':834 'consist':46,825 'content':51 'context':395 'continu':989,995 'continue-update-rollback':994 'control':42,822 'convent':827 'core':52,55,76 'core-concept':54 'couldn':894 'creat':115,214,219,247,294,300,617,619,673,676,818,872 'create-change-set':299,672 'create-stack':218,616 'creation':98,835,851 'cross':757 'cross-stack':756 'def':392 'default':156 'defin':37,83 'delet':277,282,631,633,698,701,888,897,913,923 'delete-change-set':697 'delete-stack':281,630,922 'depend':833,883 'dependson':521,830 'deploy':14,19,45,127,208 'describ':325,330,638,653,661,682,860,901,959,976 'describe-change-set':329,681 'describe-stack':637 'describe-stack-drift-detection-status':958 'describe-stack-ev':652,859 'describe-stack-resourc':660,900 'describe-stack-resource-drift':975 'descript':144,195,613,669,706,761 'design':734 'destinationcidrblock':527 'detect':937,939,944,962,967 'detect-stack-drift':943 'dev':153,157,160 'docs.aws.amazon.com':1014,1020,1026,1033 'docs.aws.amazon.com/awscloudformation/latest/apireference/)':1019 'docs.aws.amazon.com/awscloudformation/latest/userguide/)':1013 'docs.aws.amazon.com/awscloudformation/latest/userguide/aws-template-resource-type-ref.html)':1032 'docs.aws.amazon.com/cli/latest/reference/cloudformation/)':1025 'drift':17,936,940,946,954,961,966,971,979 'dynamodb':545,552 'ec2':440,459,477,493,498,510,519,536 'effect':418 'enabl':191,774,792,808 'enable-termination-protect':807 'enablednshostnam':446 'environ':48,149,170,184,233,274,322,401,403,405,739 'environment-specif':738 'environmentconfig':159 'equal':168 'event':394,655,657,862 'execut':123,346,352,690 'execute-change-set':351,689 'explicit':832 'export':202,753 'fail':852,873,889,914,987 'failur':855,884 'file':82 'function':369,376,382 'functionnam':378 'gatewayid':530 'get':640,656,664,717,719,725,728,854 'get-templ':716 'get-template-summari':724 'getatt':388 'getaz':468,486 'globalsecondaryindex':586 'group':845 'gsi1':588 'gsi1pk':570,591 'gsi1sk':574,595 'guid':1012 'handler':385,393 'hardcod':786 'hash':581,593 'hello':400 'iam':238,409,429,768,876 'id':968 'identifi':891 'implement':846 'index.handler':386 'indexnam':587 'info':642,730 'infrastructur':4,22,38,146,817 'input':89 'instanc':838 'instancetyp':161,164 'instead':770 'internetgateway':490,494,506,532 'internetgatewayid':504 'invalid':880 'isprod':167,190 'json':79 'key':86,449,773 'keyschema':577,589 'keytyp':580,584,592,596 'lambda':368,375 'lambda.amazonaws.com':422 'lambdafunct':372 'lambdarol':406 'lambdarole.arn':389 'limit':879 'list':646,648 'list-stack':645 'lookup':93,746 'manag':9,16,32,110,790 'managedpolicyarn':426 'map':91,158,743 'mappubliciponlaunch':472 'modul':820 'multipl':130 'my-app':181 'my-chang':313,343,365 'my-stack':224,252,265,287,306,336,358,804,866,907,928,950,983,1001 'mybucket':173,201 'name':198,203,223,251,264,286,305,312,335,342,357,364,450,803,826,865,906,927,949,982,1000 'nest':24,813 'never':785 'oper':611 'option':751 'order':559 'orderst':549 'organ':21,811 'output':103,193,754,765 'paramet':88,148,231,272,320,736,763 'parameterkey':232,273,321 'parametervalu':234,275,323 'pattern':58,61,135 'pay':602 'per':603 'permiss':877 'pk':562,579 'pointintimerecoveryen':606 'pointintimerecoveryspecif':605 'polici':781,836,841 'policy/service-role/awslambdabasicexecutionrole':431 'practic':68,71,732 'preview':120 'princip':420 'privatesubnet1':474 'prod':155,163,171,235,276,324 'product':778 'project':598 'projectiontyp':599 'properti':178,377,411,442,461,479,500,512,523,538,554,881,1030 'protect':776,783,794,800,810 'provis':30 'publicrout':516 'publicroutet':507,526,544 'publicsubnet1':456,541 'publicsubnet1routetableassociation':533 'python3.12':384 'queri':869,910 'rang':585,597 'reason':856 'ref':169,200,404,463,481,502,505,514,525,531,540,543 'refer':63,66,74,75,609,759,1009,1018,1024,1031 'region':133 'reliabl':828 'request':604 'requir':102 'resourc':34,85,97,99,101,109,172,371,436,548,663,665,752,784,878,892,903,917,933,972,978,1005,1028 'resourcelogicalid1':934,1008 'resourcelogicalid2':935 'resources-to-skip':1004 'resourcestatus':871,912 'retain':932 'retain-resourc':931 'retri':915 'return':104,396 'reusabl':819 'role':387,410,769 'rollback':847,986,991,997 'rout':520 'routet':511 'routetableid':524,542 'runtim':383 's3':176,196 'scale':844 'secret':787,789 'section':87 'secur':766 'select':466,484 'servic':421 'set':119,126,292,296,302,311,332,341,348,354,363,667,675,678,684,692,700,703 'singl':113 'sk':566,583 'skill' 'skill-cloudformation' 'skip':919,1007 'source-itsmostafa' 'specif':740 'stack':8,15,25,106,125,128,210,215,220,222,226,246,250,254,256,261,263,267,278,283,285,289,304,308,334,338,356,360,610,618,620,625,627,632,634,639,641,647,649,654,662,720,758,780,802,806,814,850,861,864,868,885,902,905,909,924,926,930,945,948,952,960,965,977,981,985,999,1003 'stack-create-complet':245 'stack-drift-detection-id':964 'stack-nam':221,249,262,284,303,333,355,801,863,904,925,947,980,998 'stackev':870 'stacknam':206,381,454,558 'stackresourc':911 'stage':154 'statement':417 'static':92,745 'status':188,955,963 'statuscod':397 'string':151 'structur':138 'sts':424 'stuck':886 'sub':180,204,379,452,556 'subnet':434,460,478 'subnetid':539 'subnetroutetableassoci':537 'summari':727 'suspend':192 't3.large':165 't3.micro':162 'tabl':49,94,546,553,747 'tablenam':555 'tag':448 'templat':13,36,78,117,137,147,228,269,317,704,711,713,718,721,726,729,733,823 'template-bodi':227,268,316 'template.yaml':230,271,319 'termin':775,793,799,809 'topic-agent-skills' 'topic-agentic-ai' 'topic-aws' 'topic-claude-code' 'topic-claude-skills' 'topic-codex' 'topic-coding-agents' 'trigger':848 'troubleshoot':18,72,73,849 'true':447,473,607 'type':150,174,373,407,438,457,475,491,496,508,517,534,550 'unit':114 'updat':124,255,260,624,626,798,840,990,996 'update-stack':259,623 'update-termination-protect':797 'use':10,35,290,735,742,748,767,779,788,812,824,829,839 'user':1011 'valid':710,712 'validate-templ':709 'valu':90,105,199,451,741,882 'variabl':402 'version':41,413,821 'versioningconfigur':187 'view':685,970 'vpc':432,437,441,455,464,482,503,515 'vpcgatewayattach':499 'vpcid':462,480,501,513 'wait':239,244 'write':12 'yaml':81,139,370,435,547 'zipfil':391","prices":[{"id":"3325a9c4-f26b-4efe-b284-6ea4a9de26f2","listingId":"c82280d2-f073-4c9c-9931-3d3b84436c3f","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"itsmostafa","category":"aws-agent-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:55:37.077Z"}],"sources":[{"listingId":"c82280d2-f073-4c9c-9931-3d3b84436c3f","source":"github","sourceId":"itsmostafa/aws-agent-skills/cloudformation","sourceUrl":"https://github.com/itsmostafa/aws-agent-skills/tree/main/skills/cloudformation","isPrimary":false,"firstSeenAt":"2026-04-18T21:55:37.077Z","lastSeenAt":"2026-05-03T00:52:58.174Z"}],"details":{"listingId":"c82280d2-f073-4c9c-9931-3d3b84436c3f","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"itsmostafa","slug":"cloudformation","github":{"repo":"itsmostafa/aws-agent-skills","stars":1085,"topics":["agent-skills","agentic-ai","aws","claude-code","claude-skills","codex","coding-agents"],"license":"mit","html_url":"https://github.com/itsmostafa/aws-agent-skills","pushed_at":"2026-04-27T09:45:24Z","description":"AWS Skills for Agents","skill_md_sha":"4b8c66c58e206bf100316719d2bfb250303ea6f1","skill_md_path":"skills/cloudformation/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/itsmostafa/aws-agent-skills/tree/main/skills/cloudformation"},"layout":"multi","source":"github","category":"aws-agent-skills","frontmatter":{"name":"cloudformation","description":"AWS CloudFormation infrastructure as code for stack management. Use when writing templates, deploying stacks, managing drift, troubleshooting deployments, or organizing infrastructure with nested stacks."},"skills_sh_url":"https://skills.sh/itsmostafa/aws-agent-skills/cloudformation"},"updatedAt":"2026-05-03T00:52:58.174Z"}}