AWS CloudFormation - Deploy AWS S3 Resource Stack with AWS CloudFormation

AWS CloudFormation S3
The following blog entry provides an example for the deployment of a S3 bucket with AWS CloudFormation from the AWS CLI.


IAM Permissions

Create an IAM user, create access keys for the user and add the following managed policies:

  • AWSCloudFormationFullAccess Use the following policy to create, update and delete stacks with AWS CloudFormation:

  • AmazonS3FullAccess S3 full access: Perform any action like creating, deleting, and modifying buckets and objects within them-


# Install AWS CLI version 2
sudo apt install curl zip -y &&
cd /tmp &&
curl "" -o "" &&
unzip &&
sudo ./aws/install
# Verify / check version
aws --version
# Add the IAM user access key, secret access key & define the default region
aws configure

CloudFormation Templates

AWS CloudFormation templates are used to define AWS resources and are written in JSON or YAML.

Create Template

# Create CloudFormation template
vi cloudformation.yml

Block all public access: On

AWSTemplateFormatVersion: '2010-09-09'
    Type: 'AWS::S3::Bucket'
      BucketName: jkw-unique-bucket-name
      PublicAccessBlockConfiguration: # Block all public access
        BlockPublicAcls: true
        IgnorePublicAcls: true
        BlockPublicPolicy: true
        RestrictPublicBuckets: true
        Status: Enabled  # Enable versioning

Block all public access: Off

AWSTemplateFormatVersion: '2010-09-09'
    Type: 'AWS::S3::Bucket'
      BucketName: jkw-unique-bucket-name
        Status: Enabled # Enable versioning

    Type: 'AWS::S3::BucketPolicy'
      Bucket: !Ref MyS3Bucket
          - Effect: Allow
            Principal: '*'
            Action: 's3:GetObject'
            Resource: !Sub 'arn:aws:s3:::${MyS3Bucket}/*'

Deploy Template / Stack

A stack is a collection of AWS resources that are managed as a single unit. If the creation of one resource fails, AWS CloudFormation rolls back the entire stack / it deletes all it’s resources.

# Deploy a stack from the template: Default region
aws cloudformation create-stack --stack-name my-stack --template-body file://cloudformation.yml

# Deploy a stack from the template: Specific region
aws cloudformation create-stack --stack-name my-stack --template-body file://cloudformation.yml --region us-east-1
# Monitor the deployment
aws cloudformation describe-stacks --stack-name my-stack

Update Stack

# Update the stack
aws cloudformation update-stack --stack-name my-stack --template-body file://cloudformation.yml

List Stacks

# List AWS CloudFormation stacks: Default region
aws cloudformation describe-stacks

# List AWS CloudFormation stacks: Specific region
aws cloudformation describe-stacks --region us-east-1

Stack Logs & Events

# List stack events: Default region
aws cloudformation describe-stack-events --stack-name my-stack

# List stack events: Specific region
aws cloudformation describe-stack-events --stack-name my-stack --region us-east-1

Filter key details:

# List stack events: Default region
aws cloudformation describe-stack-events --stack-name my-stack --query "StackEvents[*].[Timestamp, EventId, ResourceType, LogicalResourceId, ResourceStatus, ResourceStatusReason]"

# List stack events: Specific region
aws cloudformation describe-stack-events --stack-name my-stack --region us-east-1 --query "StackEvents[*].[Timestamp, EventId, ResourceType, LogicalResourceId, ResourceStatus, ResourceStatusReason]"

Delete Stack

# Delete the stack: Default region
aws cloudformation delete-stack --stack-name my-stack

# Delete the stack: Specific region
aws cloudformation delete-stack --stack-name my-stack --region us-east-1

Deployment Testing


# List the available S3 buckets: All regions
aws s3 ls

CloudFormation Console

# AWS CloudFormation Console

Note: Select the stack and option the “Events” section to check the logs.

