All news with #cloudformation tag

AWS Tag Policies: Validate and Enforce Required Tags

🔒 AWS Organizations Tag Policies introduces Reporting for Required Tags, a validation check that ensures IaC deployments include mandatory tags. You define a tag policy specifying required keys and enable validation for CloudFormation, Terraform, or Pulumi workflows. Validation is implemented by activating the AWS::TagPolicies::TaggingComplianceValidator Hook in CloudFormation, adding plan-time checks in Terraform, or enabling the aws-organizations-tag-policies policy pack in Pulumi. The feature is available via the AWS Management Console, AWS CLI, and AWS SDK in supported Regions.

AWS CloudFormation Language Server Brings IDE Intelligence

🛠️ The new AWS CloudFormation Language Server brings context-aware authoring, validation, and drift-aware deployment views into supported IDEs through the AWS Toolkit. It provides auto-complete, schema validation, policy checks via CloudFormation Guard, and deployment validation directly within the editor. The Language Server flags invalid resource properties, missing IAM permission requirements, and configuration drift so developers can detect syntax, permission, and configuration issues before deployment and move safely from design to production.

AWS CloudFormation Hooks Add Granular Invocation Details

🔍 AWS CloudFormation Hooks now supports granular invocation details, allowing hook authors to attach per-control findings, severity levels, and remediation guidance to their evaluation responses. The Hooks console displays these details at the individual control level within each invocation so developers can drill down from the summary to see which controls passed, failed, or were skipped. Available in all commercial and GovCloud (US) regions, this follow-up to the September 2025 Hooks Invocation Summary accelerates troubleshooting and streamlines compliance reporting with actionable, control-level insights.

EC2 Image Builder: Pipeline Auto-Disable and Custom Logs

⚙️ EC2 Image Builder pipelines can now be automatically disabled after a configurable number of consecutive failures, and you can assign custom log groups with retention and encryption settings to meet organizational policies. This prevents unnecessary resource creation and repeated failed builds, reducing costs and operational noise. These capabilities are available at no extra charge across all AWS commercial regions and are usable via Console, CLI, API, CloudFormation, or CDK.

AWS End User Messaging: CloudFormation Support for SMS

📩 AWS End User Messaging SMS now supports AWS CloudFormation, enabling customers to deploy and manage SMS resources using templates. Phone numbers, sender IDs, configuration sets, protection configurations, opt-out lists, resource policies, and phone pools can be provisioned and managed declaratively alongside other AWS resources. This support is available in all Regions where End User Messaging is offered, simplifying deployments and delivery pipelines.

Automating OIDC Client Secret Rotation for ALB on AWS

🔁 This AWS blog demonstrates how to automate OIDC client secret rotation for Application Load Balancer authentication using AWS Secrets Manager, AWS Lambda, and Amazon EventBridge. The solution securely stores IdP credentials (Auth0 in the example), schedules a Lambda handler to fetch and compare tokens, and updates Secrets Manager and ALB listener rules when changes occur. It reduces manual effort, limits plaintext credential exposure, and adds monitoring via CloudWatch alarms.

AWS CloudFormation Hooks Adds Managed Proactive Controls

🔔 AWS CloudFormation Hooks now supports managed proactive controls, allowing teams to validate resource configurations against AWS best practices without writing custom Hook logic. Customers can select controls from the AWS Control Tower Controls Catalog and apply them during CloudFormation operations, and run them in warn mode for nonblocking evaluation before enforcing policies. A new Hooks Invocation Summary page provides a centralized historical view of control executions and outcomes to simplify compliance reporting and troubleshooting.