All news with #aws cloudformation tag

CloudFormation adds pre-deploy validation and operation IDs

🔎 AWS CloudFormation now validates change sets for three common template errors—invalid property syntax, resource name conflicts with existing account resources, and S3 bucket emptiness constraints on delete—before provisioning begins. If validation fails, the change set status is marked 'FAILED' and includes detailed failure messages and property paths to pinpoint issues. Runtime failures can still occur during execution, so CloudFormation also groups stack events by a unique operation ID that you can view in the Console or via the describe-operation API to filter and diagnose failures quickly. Together these capabilities are intended to shorten deployment cycles and cut troubleshooting time from minutes to seconds.

CloudFormation introduces drift-aware change sets for IaC

🔁 AWS CloudFormation now offers drift-aware change sets to detect and reconcile configuration drift by comparing a new template, the last-deployed template, and the live infrastructure state. The feature lets you preview deployment impacts on drifted resources, avoid unintended overwrites, and revert out-of-band changes. Create a change set in the console as “Drift-aware” or call CreateChangeSet with --deployment-mode REVERT_DRIFT. Available in Regions where CloudFormation is offered.

AWS Research and Engineering Studio 2025.09 Update

🧪 Research and Engineering Studio (RES) 2025.09 on AWS delivers fractional GPU support, simplified AMI handling, and greater deployment flexibility for research and engineering teams. The update adds support for Amazon EC2 g6f instances to enable GPU fractionalization, Systems Manager Parameter Alias support for AMI IDs to streamline image management, and optional integration with existing Amazon Cognito user pools to simplify authentication during deployment. Administrators can now customize CIDR ranges in the CloudFormation external resources template, and regional availability expands to Asia Pacific (Osaka), Asia Pacific (Jakarta), Middle East (UAE), and South America (São Paulo).

Defense-in-Depth: Building an AWS Control Framework

🔒 This post outlines a practical, layered approach to reduce risk in AWS by moving beyond detective-only controls to a comprehensive defense‑in‑depth control framework. It recommends combining preventative, proactive, detective, and responsive controls across the resource lifecycle and illustrates how AWS services such as AWS Control Tower, AWS Organizations, Security Hub, and AWS Config enable that strategy. The guidance covers concrete patterns—from SCPs, RCPs and policy‑as‑code in CI/CD to automated remediation via Lambda and Systems Manager—to scale governance, reduce findings, and shorten remediation time.

AWS CDK Refactor (Preview) Enables Safe Infra Reorg

🔁 The AWS Cloud Development Kit (CDK) CLI introduces cdk refactor (Preview), a new command that enables safe renaming, moving, and reorganization of constructs while preserving the state of deployed resources. It leverages CloudFormation refactor capabilities and automated mapping computation to prevent unintended resource replacement during code changes. Typical use cases include breaking up monolithic stacks, moving resources between stacks, and upgrading to higher-level constructs. The feature is available in all regions where AWS CDK is supported.

Amazon SageMaker Unified Studio Adds Custom Blueprints

🔧 AWS announced general availability of Custom Blueprints in Amazon SageMaker Unified Studio, enabling customers to supply their own managed IAM policies when creating project roles. Teams can replace or augment the default service-managed policies and use custom AWS CloudFormation templates to define infrastructure and parameters for resources such as Amazon EMR on EC2, AWS Glue Data Catalog, and Amazon Redshift. Sample templates are available in the SageMaker documentation, and the capability is offered in all AWS Commercial Regions where the next-generation SageMaker is available.

Amazon S3 Adds CloudFormation and CDK Support for Tables

🛠️ AWS now supports creating Amazon S3 Tables and namespaces with AWS CloudFormation and the AWS CDK, extending existing support for table buckets. This enables developers and teams to provision, update, and manage S3 Tables resources using infrastructure-as-code workflows, improving repeatability and version control across multiple AWS accounts. The CloudFormation and CDK integrations are available in all Regions where S3 Tables are offered, and AWS points users to the CloudFormation, CDK, and S3 Tables documentation to get started.