cfn: CloudFormation CLI. aws-cloudformation/aws-cloudformation-cli

cfn-flip: converts CloudFormation templates between JSON and YAML formats. awslabs/aws-cfn-template-flip

cfn-format: reads in an existing CloudFormation template and outputs a cleanly-formatted, easy-to-read copy of the same template adhering to standards as used in AWS documentation. awslabs/aws-cloudformation-template-formatter

cfn-guard: provides developers a general purpose domain-specific language (DSL) to express policy-as-code and then validate their JSON- and YAML-formatted data against that code. aws-cloudformation/cloudformation-guard

cfn-lint: validates CloudFormation yaml/json templates against the CloudFormation spec and additional checks. aws-cloudformation/cfn-python-lint

• Blog post - CloudFormation Linter (cfn-lint) v1, AWS, 2024-06-19

cfn_nag: looks for patterns in CloudFormation templates that may indicate insecure infrastructure. stelligent/cfn_nag

cfn-policy-validator: A command line tool that takes a CloudFormation template, parses the IAM policies attached to IAM roles, users, groups, and resources then runs them through IAM Access Analyzer validation checks. aws-cloudformation-iam-policy-validator

cfn-skeleton: consumes the published CloudFormation specification and generates skeleton CloudFormation templates with mandatory and optional parameters of chosen resource types pre-filled with placeholder values. cfn-skeleton

rain: a CLI tool for working with CloudFormation templates and stacks. aws-cloudformation/rain

sceptre: manages the creation, update and deletion of stacks while providing meta commands which allow users to retrieve information about their stacks. sceptre

taskcat: tests CloudFormation templates. It deploys your CloudFormation template in multiple AWS Regions and generates a report with a pass/fail grade for each region. taskcat is implemented as a Python class that you import, instantiate, and run. aws-quickstart/taskcat

CloudFormer (beta): creates CloudFormation templates from existing AWS resources.

CloudMapper: analyzes AWS environments, supports auditing for security issues. duo-labs/cloudmapper

Former2: generates CloudFormation / Terraform / Troposphere templates from existing AWS resources. iann0036/former2

CloudFormation Region parity: handles Region parity with IaC. aws-samples/aws-cloudformation-region-parity

AWS predefined CloudWatch metric filters and alarms (CloudWatch_Alarms_for_CloudTrail_API_Activity.zip). See also User Guide.

CloudFormation Resources and Projects: aws-cloudformation/awesome-cloudformation

• You may want to keep track of source account IDs, environment levels for data tracking, labelling, alarm severities and retention purposes etc.

CloudFormation Resource Provider Python Plugin - aws-cloudformation/cloudformation-cli-python-plugin

AWSUtility::CloudFormation::CommandRunner: this resource allows users to run Bash commands in any CloudFormation stack. aws-cloudformation/aws-cloudformation-resource-providers-awsutilities-commandrunner

Understanding CloudFormation !Sub Syntax

How do I use the Fn::Sub function in AWS CloudFormation with Fn::FindInMap, Fn::ImportValue, or other supported functions?

Passing value to UserData to set EC2 env variable https://stackoverflow.com/questions/54858072/aws-cloudformation-userdata-ec2-environment-variable

UserData:
  Fn::Base64: !Sub |
    #!/bin/bash
    sudo yum install -y https://s3.${AWS::Region}.amazonaws.com/amazon-ssm-${AWS::Region}/latest/linux_amd64/amazon-ssm-agent.rpm

Example: optional item in a list

Parameters:
  TargetRole:
    Type: String
  TargetRole2:
    Type: String
    Default: ""

Conditions:
  HasTargetRole2: !Not [!Equals [!Ref TargetRole2, ""]]

Resources:
  CIDeployRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Action: sts:AssumeRole
            Effect: Allow
            Principal:
              AWS:
                - !Ref TargetRole
                - !If
                  - HasTargetRole2
                  - !Ref TargetRole2
                  - !Ref AWS::NoValue