# CloudFormation
AWS Systems Manager Automation provides predefined runbooks for AWS CloudFormation. For more information about runbooks, see [Working with runbooks](https://docs.aws.amazon.com/systems-manager/latest/userguide/automation-documents.html). For information about how to view runbook content, see [View runbook content](automation-runbook-reference.md#view-automation-json).
**Topics**
+ [`AWS-DeleteCloudFormationStack`](automation-aws-deletecloudformationstack.md)
+ [`AWS-EnableCloudFormationSNSNotification`](AWS-EnableCloudFormationStackSNSNotification.md)
+ [`AWS-RunCfnLint`](automation-aws-runcfnlint.md)
+ [`AWSSupport-TroubleshootCFNCustomResource`](automation-awssupport-TroubleshootCFNCustomResource.md)
+ [`AWS-UpdateCloudFormationStack`](automation-aws-updatecloudformationstack.md)
# `AWS-DeleteCloudFormationStack`
**Description**
Delete an CloudFormation stack.
[Run this Automation (console)](https://console.aws.amazon.com/systems-manager/automation/execute/AWS-DeleteCloudFormationStack)
**Document type**
Automation
**Owner**
Amazon
**Platforms**
Linux, macOS, Windows
**Parameters**
+ AutomationAssumeRole
Type: String
Description: (Optional) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses the permissions of the user that starts this runbook.
+ StackNameOrId
Type: String
Description: (Required) Name or Unique ID of the CloudFormation stack to be deleted
# `AWS-EnableCloudFormationSNSNotification`
**Description**
The `AWS-EnableCloudFormationSNSNotification` runbook enables Amazon Simple Notification Service (Amazon SNS) notifications for the AWS CloudFormation (CloudFormation) stack you specify.
[Run this Automation (console)](https://console.aws.amazon.com/systems-manager/automation/execute/AWS-EnableCloudFormationStackSNSNotification)
**Document type**
Automation
**Owner**
Amazon
**Platforms**
Linux, macOS, Windows
**Parameters**
+ AutomationAssumeRole
Type: String
Description: (Optional) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses the permissions of the user that starts this runbook.
+ StackArn
Type: String
Description: (Required) The ARN or name of the CloudFormation stack you want to enable Amazon SNS notifications for.
+ NotificationArn
Type: String
Description: (Required) The ARN of the Amazon SNS topic you want to associate with the CloudFormation stack.
**Required IAM permissions**
The `AutomationAssumeRole` parameter requires the following actions to use the runbook successfully.
+ ssm:GetAutomationExecution
+ ssm:StartAutomationExecution
+ cloudformation:DescribeStacks
+ cloudformation:UpdateStack
+ kms:Decrypt
+ kms:GenerateDataKey
+ sns:Publish
+ sqs:GetQueueAttributes
**Document Steps**
+ CheckCfnSnsLimits (`aws:executeScript`) - Verifies the maximum number of Amazon SNS topics haven't already been associated with the CloudFormation stack you specify.
+ EnableCfnSnsNotification (`aws:executeAwsApi`) - Enables Amazon SNS notifications for the CloudFormation stack.
+ VerificationCfnSnsNotification (`aws:executeScript`) - Verifies that Amazon SNS notifications have been enabled for the CloudFormation stack.
**Outputs**
CheckCfnSnsLimits.NotificationArnList - A list of ARNs that receive Amazon SNS notifications for the CloudFormation stack.
VerificationCfnSnsNotification.VerifySnsTopicsResponse - Response from the API operation confirming Amazon SNS notifications have been enabled for the CloudFormation stack.
# `AWS-RunCfnLint`
**Description**
This runbook uses an [AWS CloudFormation Linter](https://github.com/aws-cloudformation/cfn-python-lint) ( `cfn-python-lint` ) to validate YAML and JSON templates against the CloudFormation resource specification. The `AWS-RunCfnLint` runbook performs additional checks, such as ensuring that valid values have been entered for resource properties. If validation is not successful, the `RunCfnLintAgainstTemplate` step fails and the linter tool's output is provided in an error message. This runbook is using cfn-lint v0.24.4.
[Run this Automation (console)](https://console.aws.amazon.com/systems-manager/automation/execute/AWS-RunCfnLint)
**Document type**
Automation
**Owner**
Amazon
**Platforms**
Linux, macOS, Windows
**Parameters**
+ AutomationAssumeRole
Type: String
Description: (Optional) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses the permissions of the user that starts this runbook.
+ ConfigureRuleFlag
Type: String
Description: (Optional) Configuration options for a rule to pass to the `--configure-rule` parameter.
Example: E2001:strict=false,E3012:strict=false.
+ FormatFlag
Type: String
Description: (Optional) Value to pass to the `--format` parameter to specify the output format.
Valid values: Default \$1 quiet \$1 parseable \$1 json
Default: Default
+ IgnoreChecksFlag
Type: String
Description: (Optional) IDs of rules to pass to the --ignore-checks parameter. These rules are not checked.
Example: E1001,E1003,W7001
+ IncludeChecksFlag
Type: String
Description: (Optional) IDs of rules to pass to the `--include-checks` parameter. These rules are checked.
Example: E1001,E1003,W7001
+ InfoFlag
Type: String
Description: (Optional) Option for the `--info` parameter. Include the option to enable additional logging information about the template processing.
Default: false
+ TemplateFileName
Type: String
Description: The name, or key, of the template file in the S3 bucket.
+ TemplateS3BucketName
Type: String
Description: The name of the S3 bucket containing the packer template.
+ RegionsFlag
Type: String
Description: (Optional) Values to pass to the for `--regions` parameter to test the template against specified AWS Regions.
Example: us-east-1,us-west-1
**Document Steps**
RunCfnLintAgainstTemplate – Runs the `cfn-python-lint` tool against the specified CloudFormation template.
**Outputs**
RunCfnLintAgainstTemplate.output – The stdout from the `cfn-python-lint` tool.
# `AWSSupport-TroubleshootCFNCustomResource`
**Description**
The `AWSSupport-TroubleshootCFNCustomResource` runbook helps diagnose why an AWS CloudFormation stack failed in creating, updating, or deleting a custom resource. The runbook checks the service token used for the custom resource and the error message that was returned. After reviewing the details for the custom resource, the runbook output provides an explanation of the stack behavior and troubleshooting steps for the custom resource.
[Run this Automation (console)](https://console.aws.amazon.com/systems-manager/automation/execute/AWSSupport-TroubleshootCFNCustomResource)
**Document type**
Automation
**Owner**
Amazon
**Platforms**
Linux, macOS, Windows
**Parameters**
+ AutomationAssumeRole
Type: String
Description: (Optional) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses the permissions of the user that starts this runbook.
+ StackName
Type: String
Description: (Required) The name of the CloudFormation stack where the custom resource failed.
**Required IAM permissions**
The `AutomationAssumeRole` parameter requires the following actions to use the runbook successfully.
+ `cloudformation:DescribeStacks`
+ `cloudformation:DescribeStackEvents`
+ `cloudformation:ListStackResources`
+ `ec2:DescribeRouteTables`
+ `ec2:DescribeNatGateways`
+ `ec2:DescribeSecurityGroups`
+ `ec2:DescribeVpcs`
+ `ec2:DescribeVpcEndpoints`
+ `ec2:DescribeSubnets`
+ `logs:FilterLogEvents`
**Document Steps**
+ `validateCloudFormationStack` - Verifies that the CloudFormation stack exists in the same AWS account and AWS Region.
+ `checkCustomResource` - Analyzes the CloudFormation stack, checks the failed custom resource, and outputs information about how to troubleshoot the failed custom resource.
# `AWS-UpdateCloudFormationStack`
**Description**
Update an AWS CloudFormation stack by using an CloudFormation template stored in an Amazon S3 bucket.
[Run this Automation (console)](https://console.aws.amazon.com/systems-manager/automation/execute/AWS-UpdateCloudFormationStack)
**Document type**
Automation
**Owner**
Amazon
**Platforms**
Linux, macOS, Windows
**Parameters**
+ AutomationAssumeRole
Type: String
Description: (Optional) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses the permissions of the user that starts this runbook.
+ LambdaAssumeRole
Type: String
Description: (Required) The ARN of the role assumed by Lambda
+ StackNameOrId
Type: String
Description: (Required) Name or Unique ID of the CloudFormation stack to be updated
+ TemplateUrl
Type: String
Description: (Required) S3 bucket location that contains the updated CloudFormation template (e.g. `https://s3.amazonaws.com/amzn-s3-demo-bucket2/updated.template)`