Skip to Content
Insightcloudsec- AWS CloudFormation Support

AWS CloudFormation - IaC Supported Resources

IaC Security supports AWS CloudFormation, which only supports AWS resources. Review the list below for specifications.

Amazon Web Services (AWS) Supported Resources

Amazon Cognito
Amazon EMR
AWS Backup (Vault)
AWS Certificate Manager (ACM) 
API Gateway
CloudFront (Distributions, SSM Parameter)
CloudTrail
Database Migration Service (Replication Instance)
DynamoDB
EBS Volume
EC2 Instance
EFS/FSx
EKS/ECS/Fargate Cluster
Elastic IP
Elastic Network Interface (ENI)
ElastiCache (including replication groups)
Elasticsearch
Flow Log (VPC)
IAM Group
IAM Policy (Customer Managed)
IAM Role
IAM User
Internet Gateway
Kinesis
KMS
Lambda
Load Balancer (ELB/ALB/NLB/Gateway)
MQ
MSK Instance
NACL/Security Group
NACL/Security Group Rules
NAT Gateway (VPC)
RDS Aurora, Neptune, DocumentDB
RDS Database, Neptune, DocumentDB
Redshift
Route53 DNS Zone
Route Table
S3 Bucket
Sagemaker Notebook
SFTP Server
Simple Queue Service (SQS)
SNS Subscription
SNS Topic
VPC
VPC Peer
VPC Subnet

CFT Intrinsic Function Support

The following intrinsic functions are supported in AWS CloudFormation Templates (CFT):

  • Ref
  • Fn::GetAtt
  • Fn::FindInMap
  • Fn::Join
  • Fn::Split
  • Fn::Base64
  • Fn::GetAZs
  • Fn::Select
  • Fn::Equals
  • Fn::If
  • Fn::And
  • Fn::Not
  • Fn::Or
  • Fn::Cidr
  • Fn::Sub
  • Fn::Condition

The following intrinsic functions are not supported:

  • Fn::Transform
  • Fn::ImportValue