AWS CloudFormation - IaC Supported Resources

IaC Security supports AWS CloudFormation, which only supports AWS resources. Review the list below for specifications.

Amazon Web Services (AWS) Supported Resources

text
1
Amazon Cognito
2
Amazon EMR
3
AWS Backup (Vault)
4
AWS Certificate Manager (ACM) 
5
API Gateway
6
CloudFront (Distributions, SSM Parameter)
7
CloudTrail
8
Database Migration Service (Replication Instance)
9
DynamoDB
10
EBS Volume
11
EC2 Instance
12
EFS/FSx
13
EKS/ECS/Fargate Cluster
14
Elastic IP
15
Elastic Network Interface (ENI)
16
ElastiCache (including replication groups)
17
Elasticsearch
18
Flow Log (VPC)
19
IAM Group
20
IAM Policy (Customer Managed)
21
IAM Role
22
IAM User
23
Internet Gateway
24
Kinesis
25
KMS
26
Lambda
27
Load Balancer (ELB/ALB/NLB/Gateway)
28
MQ
29
MSK Instance
30
NACL/Security Group
31
NACL/Security Group Rules
32
NAT Gateway (VPC)
33
RDS Aurora, Neptune, DocumentDB
34
RDS Database, Neptune, DocumentDB
35
Redshift
36
Route53 DNS Zone
37
Route Table
38
S3 Bucket
39
Sagemaker Notebook
40
SFTP Server
41
Simple Queue Service (SQS)
42
SNS Subscription
43
SNS Topic
44
VPC
45
VPC Peer
46
VPC Subnet

CFT Intrinsic Function Support

The following intrinsic functions are supported in AWS CloudFormation Templates (CFT):

  • Ref
  • Fn::GetAtt
  • Fn::FindInMap
  • Fn::Join
  • Fn::Split
  • Fn::Base64
  • Fn::GetAZs
  • Fn::Select
  • Fn::Equals
  • Fn::If
  • Fn::And
  • Fn::Not
  • Fn::Or
  • Fn::Cidr
  • Fn::Sub
  • Fn::Condition

The following intrinsic functions are not supported:

  • Fn::Transform
  • Fn::ImportValue