🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
Infrastructure as Code Free

CloudFormation Advanced

The CloudFormation Advanced course teaches practitioners how to build modular, reusable templates using nested stacks, cross‑stack references, custom resources, macros, StackSets, and import/delete policies, enabling robust, multi‑account deployments.

Who Should Take This

DevOps engineers, cloud architects, and senior AWS developers who have routinely written CloudFormation templates and now need to scale their infrastructure as code across multiple accounts will benefit. They seek to master modular design, custom extensions, and production‑grade safeguards for reliable, automated deployments.

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

50 learning goals
1 Nested Stacks and Cross-Stack References
2 topics

Nested Stacks

  • Describe nested stacks using AWS::CloudFormation::Stack and explain how they enable template modularity by decomposing large templates into reusable child stack components
  • Implement a parent-child nested stack architecture with parameter passing from parent to child stacks and output retrieval using Fn::GetAtt on the nested stack resource
  • Implement multi-level nested stack hierarchies for complex architectures such as networking, compute, and database tiers each defined as separate reusable child templates
  • Analyze the update behavior of nested stacks including cascading updates, rollback propagation, and the implications of changing a child template URL during parent stack updates
  • Implement nested stack dependency management where child stacks consume outputs from sibling child stacks through the parent stack's parameter passing mechanism

Cross-Stack References

  • Describe the Export/ImportValue mechanism for cross-stack references and explain how exported output names must be unique within an AWS account and region
  • Implement cross-stack references using Export in a shared infrastructure stack and Fn::ImportValue in consuming application stacks for VPC IDs, subnet lists, and security group references
  • Analyze the coupling and lifecycle constraints of cross-stack references including the inability to delete or modify exported values consumed by other stacks and evaluate SSM Parameter Store as an alternative
  • Evaluate the trade-offs between nested stacks and cross-stack references for template modularity and analyze which approach is appropriate for tightly coupled versus loosely coupled infrastructure layers
2 Custom Resources
1 topic

Lambda-Backed Custom Resources

  • Describe the custom resource model including the request/response lifecycle (Create, Update, Delete), the cfn-response module, and how CloudFormation interacts with Lambda functions via pre-signed S3 URLs
  • Implement a Lambda-backed custom resource that performs operations not natively supported by CloudFormation such as emptying an S3 bucket before deletion or configuring a third-party service
  • Implement custom resource response handling including sending SUCCESS and FAILED responses with Data attributes, handling timeout scenarios, and implementing idempotent Create and Update handlers
  • Implement custom resources using the cfn-custom-resource or custom-resources CDK construct library patterns for reusable custom resource Lambda functions with proper error handling
  • Analyze the failure modes of custom resources including Lambda timeout, missing response, and physical resource ID management and evaluate debugging strategies using CloudWatch Logs
3 Macros and Transforms
2 topics

CloudFormation Macros

  • Describe how CloudFormation macros use Lambda functions to transform template content at deploy time and explain the difference between template-level and snippet-level macro invocation
  • Implement a CloudFormation macro that processes template fragments to add standard tags, inject monitoring resources, or expand shorthand notation into full resource definitions
  • Implement the Fn::Transform intrinsic function to invoke snippet-level macros within specific template sections and the Transform section for template-level processing
  • Analyze the debugging challenges of CloudFormation macros and evaluate strategies for testing macro Lambda functions including processed template inspection and staged rollout

SAM Transform

  • Describe how the AWS::Serverless transform expands SAM resource types (AWS::Serverless::Function, API, SimpleTable, HttpApi, LayerVersion) into standard CloudFormation resources
  • Implement a SAM template that defines serverless functions with event sources (API Gateway, S3, SQS, Schedule), environment variables, and IAM policy templates
  • Implement SAM CLI commands (sam build, sam local invoke, sam deploy) for local testing and deployment of serverless applications defined with SAM templates
  • Evaluate when to use SAM templates versus raw CloudFormation for serverless deployments and analyze the trade-offs between SAM's convenience abstractions and CloudFormation's full resource control
4 StackSets and Multi-Account Deployment
1 topic

StackSets

  • Describe StackSets architecture including administrator and target accounts, deployment targets (accounts, OUs), and the difference between self-managed and service-managed permissions
  • Implement a StackSet that deploys security baseline resources (CloudTrail, Config rules, GuardDuty) across multiple AWS accounts and regions with appropriate IAM roles
  • Implement StackSet deployment configuration including maximum concurrent accounts, failure tolerance, and region ordering to control the rollout behavior across large organizations
  • Implement service-managed StackSets with AWS Organizations integration for automatic deployment to new accounts and organizational unit targeting
  • Analyze the operational challenges of StackSets including drift across accounts, failed instance remediation, and the impact of account-specific resource limits on multi-account deployments
  • Implement StackSet drift detection across multiple accounts and regions and describe the remediation workflow for bringing drifted stack instances back into compliance
5 Resource Import and Deletion Policies
2 topics

Resource Import

  • Describe the resource import workflow including adding the resource to the template with a DeletionPolicy, creating an import change set, and executing the import to adopt existing resources
  • Implement resource import to bring existing AWS resources under CloudFormation management by specifying the resource identifier and matching template configuration to the actual resource state
  • Analyze the limitations of resource import including supported resource types, single-resource-at-a-time constraints, and the need for template configuration to exactly match existing resource properties
  • Implement resource import for multiple resources in a single change set to efficiently adopt an entire environment of manually created resources under CloudFormation management

Deletion Policies

  • Describe the three DeletionPolicy options (Delete, Retain, Snapshot) and explain how each affects resource behavior when the resource is removed from the template or the stack is deleted
  • Implement DeletionPolicy: Retain for stateful resources such as RDS instances, DynamoDB tables, and S3 buckets to preserve data when stacks are torn down
  • Implement DeletionPolicy: Snapshot for RDS instances and EBS volumes to create a final backup before resource deletion during stack teardown operations
  • Analyze the operational implications of retained resources including orphan resource tracking, cost accumulation, and strategies for managing resources that outlive their parent stacks
6 Stack Policies and Update Safeguards
2 topics

Stack Policies

  • Describe stack policies as JSON documents that control which resources can be updated during stack update operations and explain the default deny-all behavior once a policy is applied
  • Implement stack policies that protect critical resources such as production databases and networking infrastructure from accidental modification or replacement during stack updates
  • Implement temporary stack policy overrides using --stack-policy-during-update-body to allow one-time updates to protected resources without permanently modifying the stack policy
  • Analyze the interaction between stack policies and IAM permissions and evaluate how to implement defense-in-depth update protection using both mechanisms in production environments

CreationPolicy and UpdatePolicy

  • Describe CreationPolicy for EC2 instances and Auto Scaling Groups and explain how cfn-signal communicates successful bootstrapping to CloudFormation before marking resource creation complete
  • Implement CreationPolicy with ResourceSignal to wait for instance bootstrapping completion including timeout configuration and minimum successful signal count for Auto Scaling Groups
  • Implement UpdatePolicy for Auto Scaling Groups with AutoScalingRollingUpdate to configure batch sizes, pause times, minimum instances in service, and suspend processes during rolling updates
  • Implement cfn-init metadata with AWS::CloudFormation::Init for declarative instance bootstrapping including packages, files, commands, services, and configSets for ordered execution
  • Analyze the failure scenarios during rolling updates including insufficient healthy instances, signal timeout, and rollback triggers and evaluate how UpdatePolicy settings affect deployment safety
7 Policy Validation and Best Practices
1 topic

CloudFormation Guard and Validation

  • Describe CloudFormation Guard as a policy-as-code evaluation tool and explain how it validates CloudFormation templates against organizational rules before deployment
  • Implement CloudFormation Guard rules to enforce security policies such as requiring encryption on S3 buckets, blocking public access, and mandating tagging standards
  • Implement cfn-guard validate in CI/CD pipelines to automatically reject non-compliant templates before they reach CloudFormation for deployment
  • Evaluate the landscape of CloudFormation validation tools (cfn-lint, cfn-guard, checkov, cfn-nag) and analyze how each contributes to a defense-in-depth template validation strategy
  • Implement cfn-lint custom rules to enforce organization-specific template standards beyond built-in checks such as required tags, naming conventions, and resource type restrictions

Hands-On Labs

15 labs ~465 min total Console Simulator

Practice in a simulated cloud console or Python code sandbox — no account needed. Each lab runs entirely in your browser.

Scope

Included Topics

  • Nested stacks for template modularity and reuse, cross-stack references using Exports and Fn::ImportValue, custom resources (Lambda-backed) for extending CloudFormation capabilities, CloudFormation macros and transforms for template preprocessing, StackSets for multi-account and multi-region deployments, resource import for adopting existing resources, deletion policies (Retain, Snapshot, Delete), stack policies for update protection, CreationPolicy and UpdatePolicy for Auto Scaling Groups and EC2 instances, cfn-init and cfn-signal for instance bootstrapping, SAM (Serverless Application Model) transform basics, CloudFormation Guard for policy validation

Not Covered

  • AWS CDK (Cloud Development Kit) as a separate tool
  • Third-party CloudFormation resource providers
  • Basic CloudFormation template syntax and intrinsic functions
  • Basic stack operations covered in Fundamentals
  • CloudFormation Designer visual editor
  • Rain CLI tool beyond basic usage
  • Terraform or Pulumi comparisons

Ready to master CloudFormation Advanced?

Adaptive learning that maps your knowledge and closes your gaps.

Subscribe to Access