Skip to Content
Insightcloudsec- AWS CloudFormation Support

AWS CloudFormation - IaC Supported Resources

IaC Security supports AWS CloudFormation, which only supports AWS resources. Review the list below for specifications.

Amazon Web Services (AWS) Supported Resources

Amazon Cognito Amazon EMR AWS Backup (Vault) AWS Certificate Manager (ACM) API Gateway CloudFront (Distributions, SSM Parameter) CloudTrail Database Migration Service (Replication Instance) DynamoDB EBS Volume EC2 Instance EFS/FSx EKS/ECS/Fargate Cluster Elastic IP Elastic Network Interface (ENI) ElastiCache (including replication groups) Elasticsearch Flow Log (VPC) IAM Group IAM Policy (Customer Managed) IAM Role IAM User Internet Gateway Kinesis KMS Lambda Load Balancer (ELB/ALB/NLB/Gateway) MQ MSK Instance NACL/Security Group NACL/Security Group Rules NAT Gateway (VPC) RDS Aurora, Neptune, DocumentDB RDS Database, Neptune, DocumentDB Redshift Route53 DNS Zone Route Table S3 Bucket Sagemaker Notebook SFTP Server Simple Queue Service (SQS) SNS Subscription SNS Topic VPC VPC Peer VPC Subnet

CFT Intrinsic Function Support

The following intrinsic functions are supported in AWS CloudFormation Templates (CFT):

  • Ref
  • Fn::GetAtt
  • Fn::FindInMap
  • Fn::Join
  • Fn::Split
  • Fn::Base64
  • Fn::GetAZs
  • Fn::Select
  • Fn::Equals
  • Fn::If
  • Fn::And
  • Fn::Not
  • Fn::Or
  • Fn::Cidr
  • Fn::Sub
  • Fn::Condition

The following intrinsic functions are not supported:

  • Fn::Transform
  • Fn::ImportValue