Table: aws_cloudformation_stack - Query AWS CloudFormation Stack using SQL

The AWS CloudFormation Stack is a service that allows you to manage and provision AWS resources in an orderly and predictable fashion. You can use AWS CloudFormation to leverage AWS products such as Amazon EC2, Amazon Elastic Block Store, Amazon SNS, Elastic Load Balancing, and Auto Scaling to build highly reliable, highly scalable, cost-effective applications without creating or configuring the underlying AWS infrastructure. With CloudFormation, you describe your desired resources in a template, and AWS CloudFormation takes care of provisioning and configuring those resources for you.

Table Usage Guide

The aws_cloudformation_stack table in Steampipe provides you with information about stacks within AWS CloudFormation. This table enables you as a DevOps engineer to query stack-specific details, including stack name, status, creation time, and associated tags. You can utilize this table to gather insights on stacks, such as stack status, stack resources, stack capabilities, and more. The schema outlines the various attributes of the CloudFormation stack for you, including stack ID, stack name, creation time, stack status, and associated tags.

Examples

Find the status of each cloudformation stack

Explore the current status of each AWS CloudFormation stack to monitor the health and progress of your infrastructure deployments. This can help in identifying any potential issues or failures in your stack deployments.

select
  name,
  id,
  status
from
  aws_cloudformation_stack;

select
  name,
  id,
  status
from
  aws_cloudformation_stack;

List of cloudformation stack where rollback is disabled

Discover the segments that have disabled rollback in their AWS CloudFormation stacks. This can be useful for identifying potential risk areas, as these stacks will not automatically revert to a previous state if an error occurs during stack operations.

select
  name,
  disable_rollback
from
  aws_cloudformation_stack
where
  disable_rollback;

select
  name,
  disable_rollback
from
  aws_cloudformation_stack
where
  disable_rollback = 1;

List of stacks where termination protection is not enabled

Discover the segments that have not enabled termination protection in their stacks. This is crucial to identify potential risk areas and ensure the safety of your resources.

select
  name,
  enable_termination_protection
from
  aws_cloudformation_stack
where
  not enable_termination_protection;

select
  name,
  enable_termination_protection
from
  aws_cloudformation_stack
where
  enable_termination_protection = 0;

Rollback configuration info for each cloudformation stack

Explore the settings of your AWS CloudFormation stacks to understand their rollback configurations, including how long they monitor for signs of trouble and what triggers a rollback. This can help optimize your stack management by adjusting these settings based on your operational needs.

select
  name,
  rollback_configuration ->> 'MonitoringTimeInMinutes' as monitoring_time_in_min,
  rollback_configuration ->> 'RollbackTriggers' as rollback_triggers
from
  aws_cloudformation_stack;

select
  name,
  json_extract(
    rollback_configuration,
    '$.MonitoringTimeInMinutes'
  ) as monitoring_time_in_min,
  json_extract(rollback_configuration, '$.RollbackTriggers') as rollback_triggers
from
  aws_cloudformation_stack;

Resource ARNs where notifications about stack actions will be sent

Determine the areas in which notifications related to stack actions will be sent. This is useful for managing and tracking changes in your AWS CloudFormation stacks.

select
  name,
  jsonb_array_elements_text(notification_arns) as resource_arns
from
  aws_cloudformation_stack;

select
  name,
  json_extract(
    json_each.value,
    ') as resource_arns
from
  aws_cloudformation_stack,
  json_each(notification_arns);

Query examples

Control examples

Schema for aws_cloudformation_stack

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
capabilities	jsonb		The capabilities allowed in the stack.
change_set_id	text		The unique ID of the change set.
creation_time	timestamp with time zone		The time at which the stack was created.
deletion_time	timestamp with time zone		The time the stack was deleted.
description	text		A user-defined description associated with the stack.
detailed_status	text		The detailed status of the resource or stack.
disable_rollback	boolean		Boolean to enable or disable rollback on stack creation failures.
enable_termination_protection	boolean		Specifies whether termination protection is enabled for the stack.
id	text		Unique identifier of the stack.
last_updated_time	timestamp with time zone		The time the stack was last updated. This field will only be returned if the stack has been updated at least once.
name	text	=	The name associated with the stack.
notification_arns	jsonb		SNS topic ARNs to which stack related events are published.
outputs	jsonb		A list of output structures.
parameters	jsonb		A list of Parameter structures.
parent_id	text		ID of the direct parent of this stack.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
region	text		The AWS Region in which the resource is located.
resources	jsonb		A list of Stack resource structures.
retain_except_on_create	boolean		When set to true , newly created resources are deleted when the operation rolls back.
role_arn	text		The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that is associated with the stack.
rollback_configuration	jsonb		The rollback triggers for AWS CloudFormation to monitor during stack creation and updating operations, and for the specified monitoring period afterwards.
root_id	text		ID of the top-level stack to which the nested stack ultimately belongs.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
stack_drift_status	text		Status of the stack's actual configuration compared to its expected template configuration.
stack_status_reason	text		Success/failure message associated with the stack status.
status	text		Current status of the stack.
tags	jsonb		A map of tags for the resource.
tags_src	jsonb		A list of tags associated with stack.
template_body	text		Structure containing the template body.
template_body_json	jsonb		Structure containing the template body. Parsed into json object for better readability.
timeout_in_minutes	bigint		The amount of time within which stack creation should complete.
title	text		Title of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_cloudformation_stack