CloudFormation

Get started with Cloudformation on LocalStack

Introduction

CloudFormation is a service provided by Amazon Web Services (AWS) that allows you to define and provision infrastructure as code. It enables you to create, update, and manage resources in a repeatable and automated manner using declarative templates. With CloudFormation, you can use JSON or YAML templates to define your desired infrastructure state. You can specify resources, their configurations, dependencies, and relationships in these templates.

LocalStack supports CloudFormation, allowing you to use the CloudFormation APIs in your local environment to declaratively define your architecture on the AWS, including resources such as S3 Buckets, Lambda Functions, and much more. The API coverage page and feature coverage provides information on the extent of CloudFormation’s integration with LocalStack.

Getting started

This guide is designed for users new to CloudFormation and assumes basic knowledge of the AWS CLI and our awslocal wrapper script.

Start your LocalStack container using your preferred method. We will demonstrate how to deploy a simple CloudFormation stack consisting of a single S3 Bucket with the AWS CLI.

Create a CloudFormation Stack

CloudFormation stack is a collection of AWS resources that you can create, update, or delete as a single unit. Stacks are defined using JSON or YAML templates. Use the following code snippet and save the content in either cfn-quickstart-stack.yaml or cfn-quickstart-stack.json, depending on your preferred format.

Resources:
  LocalBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: cfn-quickstart-bucket
{
  "Resources": {
    "LocalBucket": {
      "Type": "AWS::S3::Bucket",
      "Properties": {
        "BucketName": "cfn-quickstart-bucket"
      }
    }
  }
}

Deploy the CloudFormation Stack

You can deploy the CloudFormation stack using the AWS CLI with the deploy command. The deploy command creates and updates CloudFormation stacks. Run the following command to deploy the stack:

$ awslocal cloudformation deploy \
    --stack-name cfn-quickstart-stack \
    --template-file "./cfn-quickstart-stack.yaml"

You can verify that the stack was created successfully by listing the S3 buckets in your LocalStack container using the ListBucket API. Run the following command to list the buckets:

$ awslocal s3api list-buckets

Delete the CloudFormation Stack

You can delete the CloudFormation stack using the delete-stack command. Run the following command to delete the stack along with all the resources created by the stack:

$ awslocal cloudformation delete-stack \
    --stack-name cfn-quickstart-stack

Local User-Interface

You can also utilize LocalStack’s local CloudFormation user-interface to deploy and manage your CloudFormation stacks using public templates. You can access the user-interface at localhost:4566/_localstack/cloudformation/deploy.

Local CloudFormation UI in LocalStack

You can utilize the CloudFormation user interface to provide an existing CloudFormation template URL, input the necessary parameters, and initiate the deployment directly from your browser. Let’s proceed with an example template to deploy a CloudFormation stack.

To begin, employ the public CloudFormation template URL: s3.eu-central-1.amazonaws.com/cloudformation-templates-eu-central-1/DynamoDB_Secondary_Indexes.template.

Following this, download the template URL and extract the stack parameters (default values will be automatically applied). Upon submission, the stack deployment will be triggered, and a result message will be displayed.

Resource Browser

The LocalStack Web Application provides a Resource Browser for managing CloudFormation stacks to manage your AWS resources locally. You can access the Resource Browser by opening the LocalStack Web Application in your browser, navigating to the Resources section, and then clicking on CloudFormation under the Management/Governance section.

CloudFormation Resource Browser

The Resource Browser allows you to perform the following actions:

  • Create Stack: Create a new CloudFormation stack by clicking on Create Stack and provide a template file or URL, including the stack name and parameters.
  • Edit Stack: Edit an existing CloudFormation stack by clicking on Edit Stack and editing the stack name and parameters and clicking on Submit.
  • View Stack: View an existing CloudFormation stack by clicking on the Stack Name and viewing the stack details, including the stack name, status, and resources.
  • Delete Stack: Delete an existing CloudFormation stack by clicking on the Stack Name and clicking on Actions and then Remove Selected.

Examples

The following code snippets and sample applications provide practical examples of how to use CloudFormation in LocalStack for various use cases:

Feature coverage

Features

FeatureSupport
ParametersPartial
Dynamic ReferencesFull
Rules-
MappingsFull
ConditionsFull
TransformFull
OutputsFull
Custom resourcesPartial
Drift detection-
Importing Resources-
Change setsFull
Nested stacksPartial
StackSetsPartial
Intrinsic FunctionsPartial

Intrinsic Functions

Intrinsic FunctionSupportedExplanation
Fn::AndYesPerforms a logical AND operation on two or more expressions.
Fn::OrYesPerforms a logical OR operation on two or more expressions.
Fn::Base64YesConverts a binary string to a Base64-encoded string.
Fn::SubYesPerforms a string substitution operation.
Fn::SplitYesSplits a string into an array of strings.
Fn::LengthYesReturns the length of a string.
Fn::JoinYesJoins an array of strings into a single string.
Fn::FindInMapYesFinds a value in a map.
Fn::RefYesReferences a resource in the template.
Fn::GetAttYesGets an attribute from a resource.
Fn::IfYesPerforms a conditional evaluation.
Fn::ImportYesImports a value from another template.
Fn::ToJsonStringNoConverts an object or map into a json string.
Fn::CidrNoGenerates a CIDR block from the inputs.
Fn::GetAZsNoReturns a list of the Availability Zones of a region.

Resources

Community Edition

ResourceCreateDeleteUpdate
AWS::Amplify::Branch-
AWS::ApiGateway::Account-
AWS::ApiGateway::ApiKey-
AWS::ApiGateway::BasePathMapping-
AWS::ApiGateway::Deployment-
AWS::ApiGateway::DomainName-
AWS::ApiGateway::GatewayResponse-
AWS::ApiGateway::Method
AWS::ApiGateway::Model-
AWS::ApiGateway::RequestValidator-
AWS::ApiGateway::Resource-
AWS::ApiGateway::RestApi-
AWS::ApiGateway::Stage-
AWS::ApiGateway::UsagePlan
AWS::ApiGateway::UsagePlanKey-
AWS::AutoScaling::AutoScalingGroup-
AWS::AutoScaling::LaunchConfiguration-
AWS::CDK::Metadata
AWS::CertificateManager::Certificate-
AWS::CloudFormation::Macro-
AWS::CloudFormation::Stack-
AWS::CloudFormation::WaitCondition-
AWS::CloudFormation::WaitConditionHandle-
AWS::CloudWatch::Alarm-
AWS::CloudWatch::CompositeAlarm-
AWS::DynamoDB::GlobalTable-
AWS::DynamoDB::Table-
AWS::EC2::DHCPOptions-
AWS::EC2::Instance
AWS::EC2::InternetGateway-
AWS::EC2::KeyPair-
AWS::EC2::NatGateway-
AWS::EC2::NetworkAcl-
AWS::EC2::Route-
AWS::EC2::RouteTable-
AWS::EC2::SecurityGroup-
AWS::EC2::Subnet-
AWS::EC2::SubnetRouteTableAssociation-
AWS::EC2::TransitGateway-
AWS::EC2::TransitGatewayAttachment-
AWS::EC2::VPC-
AWS::EC2::VPCGatewayAttachment-
AWS::ECR::Repository-
AWS::Elasticsearch::Domain-
AWS::Events::Connection-
AWS::Events::EventBus-
AWS::Events::EventBusPolicy-
AWS::Events::Rule-
AWS::IAM::AccessKey
AWS::IAM::Group-
AWS::IAM::InstanceProfile-
AWS::IAM::ManagedPolicy-
AWS::IAM::Policy
AWS::IAM::Role
AWS::IAM::ServiceLinkedRole-
AWS::IAM::User-
AWS::KMS::Alias-
AWS::KMS::Key-
AWS::Kinesis::Stream-
AWS::Kinesis::StreamConsumer-
AWS::KinesisFirehose::DeliveryStream-
AWS::Lambda::Alias-
AWS::Lambda::CodeSigningConfig-
AWS::Lambda::EventInvokeConfig-
AWS::Lambda::EventSourceMapping-
AWS::Lambda::Function
AWS::Lambda::LayerVersion-
AWS::Lambda::LayerVersionPermission-
AWS::Lambda::Permission
AWS::Lambda::Url-
AWS::Lambda::Version-
AWS::Logs::LogGroup-
AWS::Logs::LogStream-
AWS::Logs::SubscriptionFilter-
AWS::OpenSearchService::Domain-
AWS::Redshift::Cluster-
AWS::ResourceGroups::Group-
AWS::Route53::HealthCheck-
AWS::Route53::RecordSet-
AWS::S3::Bucket-
AWS::S3::BucketPolicy-
AWS::SNS::Subscription-
AWS::SNS::Topic-
AWS::SNS::TopicPolicy-
AWS::SQS::Queue
AWS::SQS::QueuePolicy-
AWS::SSM::MaintenanceWindow-
AWS::SSM::MaintenanceWindowTarget-
AWS::SSM::MaintenanceWindowTask-
AWS::SSM::Parameter
AWS::SSM::PatchBaseline-
AWS::Scheduler::Schedule-
AWS::Scheduler::ScheduleGroup-
AWS::SecretsManager::ResourcePolicy-
AWS::SecretsManager::RotationSchedule-
AWS::SecretsManager::Secret-
AWS::SecretsManager::SecretTargetAttachment-
AWS::ServiceDiscovery::HttpNamespace-
AWS::ServiceDiscovery::PrivateDnsNamespace-
AWS::ServiceDiscovery::PublicDnsNamespace-
AWS::ServiceDiscovery::Service-
AWS::StepFunctions::Activity-
AWS::StepFunctions::StateMachine
AWS::Timestream::Database-
AWS::Timestream::Table-

Pro Edition

ResourceCreateDeleteUpdate
AWS::Amplify::App-
AWS::ApiGateway::Authorizer-
AWS::ApiGateway::VpcLink-
AWS::ApiGatewayV2::Api-
AWS::ApiGatewayV2::ApiMapping-
AWS::ApiGatewayV2::Authorizer-
AWS::ApiGatewayV2::Deployment-
AWS::ApiGatewayV2::DomainName-
AWS::ApiGatewayV2::Integration-
AWS::ApiGatewayV2::IntegrationResponse-
AWS::ApiGatewayV2::Route-
AWS::ApiGatewayV2::RouteResponse-
AWS::ApiGatewayV2::Stage-
AWS::ApiGatewayV2::VpcLink-
AWS::AppConfig::Application-
AWS::AppConfig::ConfigurationProfile-
AWS::AppConfig::Deployment-
AWS::AppConfig::DeploymentStrategy-
AWS::AppConfig::Environment-
AWS::AppConfig::HostedConfigurationVersion-
AWS::AppSync::ApiKey-
AWS::AppSync::DataSource-
AWS::AppSync::FunctionConfiguration-
AWS::AppSync::GraphQLApi-
AWS::AppSync::GraphQLSchema-
AWS::AppSync::Resolver
AWS::ApplicationAutoScaling::ScalableTarget-
AWS::ApplicationAutoScaling::ScalingPolicy-
AWS::Athena::DataCatalog-
AWS::Athena::NamedQuery-
AWS::Athena::WorkGroup-
AWS::Backup::BackupPlan-
AWS::CloudFormation::CustomResource--
AWS::CloudFront::CachePolicy-
AWS::CloudFront::CloudFrontOriginAccessIdentity-
AWS::CloudFront::Distribution-
AWS::CloudFront::Function-
AWS::CloudFront::OriginAccessControl-
AWS::CloudFront::OriginRequestPolicy-
AWS::CloudTrail::Trail-
AWS::Cognito::IdentityPool-
AWS::Cognito::IdentityPoolRoleAttachment-
AWS::Cognito::UserPool-
AWS::Cognito::UserPoolClient-
AWS::Cognito::UserPoolDomain-
AWS::Cognito::UserPoolGroup-
AWS::Cognito::UserPoolIdentityProvider-
AWS::Cognito::UserPoolResourceServer-
AWS::DocDB::DBCluster-
AWS::DocDB::DBClusterParameterGroup-
AWS::DocDB::DBInstance-
AWS::DocDB::DBSubnetGroup-
AWS::EC2::EIP-
AWS::EC2::LaunchTemplate-
AWS::EC2::SecurityGroupEgress-
AWS::EC2::SecurityGroupIngress-
AWS::EC2::SubnetRouteTableAssociation-
AWS::EC2::VPCCidrBlock-
AWS::EC2::VPCEndpoint-
AWS::EC2::VPCEndpointService-
AWS::ECS::CapacityProvider-
AWS::ECS::Cluster-
AWS::ECS::ClusterCapacityProviderAssociations-
AWS::ECS::Service-
AWS::ECS::TaskDefinition-
AWS::EFS::FileSystem-
AWS::EKS::Cluster-
AWS::EKS::FargateProfile-
AWS::EKS::Nodegroup-
AWS::ElastiCache::CacheCluster-
AWS::ElastiCache::ParameterGroup-
AWS::ElastiCache::ReplicationGroup-
AWS::ElastiCache::SecurityGroup-
AWS::ElastiCache::SubnetGroup-
AWS::ElasticBeanstalk::Application-
AWS::ElasticBeanstalk::ApplicationVersion-
AWS::ElasticBeanstalk::ConfigurationTemplate-
AWS::ElasticBeanstalk::Environment-
AWS::ElasticLoadBalancingV2::Listener-
AWS::ElasticLoadBalancingV2::ListenerRule-
AWS::ElasticLoadBalancingV2::LoadBalancer-
AWS::ElasticLoadBalancingV2::TargetGroup-
AWS::Glue::Classifier-
AWS::Glue::Crawler-
AWS::Glue::Database-
AWS::Glue::Job-
AWS::Glue::Table-
AWS::Glue::Trigger-
AWS::Glue::Workflow-
AWS::IoT::Certificate-
AWS::IoT::Policy-
AWS::IoT::RoleAlias-
AWS::IoT::Thing-
AWS::IoT::TopicRule-
AWS::IoTAnalytics::Channel-
AWS::IoTAnalytics::Dataset-
AWS::IoTAnalytics::Datastore-
AWS::IoTAnalytics::Pipeline-
AWS::KinesisAnalytics::Application-
AWS::KinesisAnalytics::ApplicationOutput-
AWS::MSK::Cluster-
AWS::Neptune::DBCluster-
AWS::Neptune::DBClusterParameterGroup-
AWS::Neptune::DBInstance-
AWS::Neptune::DBParameterGroup-
AWS::Neptune::DBSubnetGroup-
AWS::Pipes::Pipe-
AWS::QLDB::Ledger-
AWS::RDS::DBCluster-
AWS::RDS::DBClusterParameterGroup-
AWS::RDS::DBInstance-
AWS::RDS::DBParameterGroup-
AWS::RDS::DBProxy-
AWS::RDS::DBProxyTargetGroup-
AWS::RDS::DBSubnetGroup-
AWS::RDS::GlobalCluster-
AWS::Redshift::ClusterParameterGroup-
AWS::Redshift::ClusterSecurityGroup-
AWS::Redshift::ClusterSubnetGroup-
AWS::Route53::HostedZone-
AWS::SES::ReceiptRule-
AWS::SES::ReceiptRuleSet-
AWS::SES::Template
AWS::SecretsManager::SecretTargetAttachment-