Posted On: Apr 24, 2024

Amazon CloudFormation enhances ChangeSets to provide a richer preview of the actions that CloudFormation will take in a deployment. This launch improves your ability to assess whether a deployment will cause unintended changes to running resources, including changes that trigger outages. Additionally, this launch makes it easier to manage references to Amazon Secrets Manager and Amazon Systems Manager Parameter Store (SSM) within templates.

Today, ChangeSets preview the resources that CloudFormation will create, update, replace, or delete in a deployment. You can review ChangeSets before deployments to detect unintended resource-level changes, such as replacement of a database. Now, ChangeSets will preview the before-and-after values of resource properties and attributes, such as tags. You can detect unintended property-level changes, such as removal of S3 bucket encryption, during ChangeSet reviews. 

You can reference resource properties within templates using intrinsic functions such as Ref and GetAtt. Today, ChangeSets do not resolve references during preview calculations and can mark resources for “conditional replacement”. Now, ChangeSets will resolve references and hence predict replacements with additional precision. 

You can dynamically reference Secrets Manager and SSM values within templates. Today, ChangeSets cannot detect changes to Secrets Manager and SSM values until you specify version numbers for the references. Now, you can reference Secrets Manager and SSM values without version numbers and ChangeSets will automatically fetch the latest values. 

To get started with improved ChangeSets, use the --include-property-values parameter during calls to the DescribeChangeSet API. This parameter is available in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD.