本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
驗證堆疊部署
透過部署前驗證,您可以在執行 CloudFormation 變更集之前識別和解決潛在的部署問題。此功能會根據常見的失敗案例驗證您的範本,協助您在開發週期的早期發現問題。
部署前驗證的運作方式
部署前驗證涉及下列階段:
-
建立變更集 – 像平常一樣產生 CloudFormation 堆疊更新的變更集。建立變更集時,預設會啟用部署前驗證。
-
驗證執行 – CloudFormation 會針對您的範本和目標環境執行多個驗證檢查。目前支援 3 種類型的驗證:針對資源結構描述的屬性語法驗證、與現有資源的資源名稱衝突偵測,以及用於刪除操作的 S3 儲存貯體清空驗證。
-
檢閱驗證結果 – CloudFormation 會針對發現的任何問題提供詳細意見回饋,包括精確找出範本中問題位置的路徑、消除手動範本偵錯。
-
解決問題 – 在繼續部署之前,透過更新您的範本或解決衝突來解決已識別的問題。
-
自信地執行 - 在知道常見失敗案例已預先驗證的情況下部署您的變更集。
考量事項
當您使用部署前驗證時,請記住下列事項:
-
部署前驗證著重於三種常見的部署失敗案例。它不保證您的部署會成功,但可降低常見故障的可能性。
-
驗證模式的行為不同:
-
當驗證偵測到錯誤時,失敗模式可防止變更集執行,確保有問題的範本無法繼續部署。這適用於屬性語法錯誤和資源命名衝突。
-
WARN 模式允許在驗證失敗時成功建立變更集,提供警告,讓開發人員可以在執行之前檢閱和處理。這適用於限制條件違規,例如可透過手動介入解決的 S3 儲存貯體清空。
-
-
驗證結果會繫結至特定變更集。如果您修改範本,則需要建立新的變更集,以取得更新的驗證結果。
-
S3 儲存貯體驗證只會檢查物件是否存在,而不是儲存貯體政策或其他可能防止刪除的限制。
先決條件
若要使用部署前驗證,您必須具有:
-
在帳戶中建立變更集和讀取資源所需的 IAM 許可。對於 S3 儲存貯體清空檢查,您需要
s3:ListBucket許可。 -
存取 AWS 區域 部署堆疊的 。
-
您要在部署之前驗證的 CloudFormation 範本。
驗證堆疊部署 (主控台)
使用下列程序,使用 主控台驗證您的堆疊部署。
在部署之前驗證範本
登入 AWS 管理主控台 ,並在 https://https://console.aws.amazon.com/cloudformation
開啟 CloudFormation 主控台。 -
在畫面頂端的導覽列上,選擇 AWS 區域 堆疊所在的 。
-
在堆疊頁面上,選擇您要建立變更集的執行中堆疊。
-
在堆疊詳細資訊窗格中,選擇更新堆疊,然後選擇建立變更集。
-
在建立
堆疊名稱的變更集頁面上,上傳已更新的範本或指定範本來源。 -
選擇下一步,繼續進行剩餘的變更集組態步驟。
-
如果範本包括 IAM 資源,請在功能中選擇我確認 CloudFormation 可能會建立 IAM 資源。IAM 資源可修改 AWS 帳戶中的許可;請檢閱這些資源,確保系統僅能執行所需的動作。如需詳細資訊,請參閱 CloudFormation 範本中的確認 IAM 資源。
-
在檢閱頁面上,選擇建立變更集。
-
CloudFormation 將建立變更集並執行驗證檢查。在部署驗證索引標籤中檢閱驗證結果。
-
如果驗證通過或您對警告感到滿意,請選擇執行變更集以部署變更。
-
如果驗證失敗,請修正問題並建立新的變更集,以重新驗證您的部署。
驗證堆疊部署 (AWS CLI)
部署前驗證的 AWS CLI 命令包括:
-
create-change-set 會在建立變更集期間自動驗證。
-
describe-change-set 以驗證變更集狀態
-
describe-events 來檢閱驗證結果。
使用下列程序來驗證使用 的堆疊部署 AWS CLI。
在部署之前驗證範本
-
使用 create-change-set 命令:
aws cloudformation create-change-set \ --stack-nameMyStack\ --change-set-nameMyChangeSet\ --change-set-type "CREATE" \ --template-bodyfile://updated-template.yaml命令會同時傳回變更集 ARN 和堆疊 ARN。
-
使用 describe-events 命令搭配變更集 ARN 或變更集名稱,以檢閱驗證狀態和結果。
aws cloudformation describe-events \ --change-set-name "arn:aws:cloudformation:us-east-1:123456789012:changeSet/MyChangeSet/94498df5-1afb-43b1-9869-9f82b2d877ac"驗證錯誤的範例輸出:
{ "OperationEvents":[ { "EventId":"9b5c9a29-4704-4ad0-8082-afb49418d55b", "StackId":"arn:aws:cloudformation:us-east-1:123456789012:stack/MyStack/c3908380-b357-11f0-a97f-0ad08f35df65", "OperationId":"f558b823-e1e3-4de3-a222-e6b930ddcad4", "OperationType":"CREATE_CHANGESET", "OperationStatus":"FAILED", "EventType":"STACK_EVENT", "Timestamp":"2025-10-27T17:10:02.923Z", "StartTime":"2025-10-27T17:09:57.537Z", "EndTime":"2025-10-27T17:10:02.923Z" }, { "EventId":"2d8c3262-3468-4283-82fb-6e780e9e4f1d", "StackId":"arn:aws:cloudformation:us-east-1:123456789012:stack/MyStack/c3908380-b357-11f0-a97f-0ad08f35df65", "OperationId":"f558b823-e1e3-4de3-a222-e6b930ddcad4", "OperationType":"CREATE_CHANGESET", "EventType":"VALIDATION_ERROR", "LogicalResourceId":"NotificationBucket", "PhysicalResourceId":"", "ResourceType":"AWS::S3::Bucket", "Timestamp":"2025-10-27T17:10:02.461Z", "ValidationFailureMode":"FAIL", "ValidationName":"PROPERTY_VALIDATION", "ValidationStatus":"FAILED", "ValidationStatusReason":"#/NotificationConfiguration/QueueConfigurations/0: required key [Event] not found", "ValidationPath":"/Resources/NotificationBucket/Properties/NotificationConfiguration/QueueConfigurations/0" } ] } -
更新範本以解決任何驗證錯誤,然後建立新的變更集。
-
驗證通過後,請執行變更集:
aws cloudformation execute-change-set \ --change-set-nameMyChangeSet\ --stack-nameMyStack
驗證類型
部署前驗證包括以下類型的檢查:
-
屬性語法驗證 – 根據資源結構描述驗證 AWS 資源屬性。它會檢查所需的屬性和有效的屬性值,並識別已棄用或不支援的屬性組合。
-
資源名稱衝突偵測 – 檢查命名是否與現有 AWS 資源衝突。它會驗證資源名稱是否符合 AWS 命名要求,並在部署嘗試之前識別潛在的衝突。
-
S3 儲存貯體清空驗證 – 嘗試刪除包含物件的 S3 儲存貯體時發出警告。它提供物件計數,以協助評估刪除影響,並協助防止常見的 S3 刪除失敗。
每個驗證類型都會在範本中提供特定的錯誤訊息和錯誤位置,以協助您快速解決問題。
資源限制
部署前驗證不支援下列資源類型:
-
AWS::ApiGatewayV2::ApiGatewayManagedOverrides -
AWS::ApiGatewayV2::Stage -
AWS::AppMesh::GatewayRoute -
AWS::AppMesh::Mesh -
AWS::AppMesh::Route -
AWS::AppMesh::VirtualGateway -
AWS::AppMesh::VirtualNode -
AWS::AppMesh::VirtualRouter -
AWS::AppMesh::VirtualService -
AWS::AppStream::Fleet -
AWS::AppStream::Stack -
AWS::AppStream::StackFleetAssociation -
AWS::AppStream::StackUserAssociation -
AWS::AppStream::User -
AWS::AppSync::ApiCache -
AWS::AppSync::ApiKey -
AWS::AppSync::GraphQLSchema -
AWS::AutoScalingPlans::ScalingPlan -
AWS::Budgets::Budget -
AWS::CertificateManager::Certificate -
AWS::Cloud9::EnvironmentEC2 -
AWS::CloudFormation::CustomResource -
AWS::CloudFormation::Macro -
AWS::CloudFormation::WaitCondition -
AWS::CloudFormation::WaitConditionHandle -
AWS::CloudFront::StreamingDistribution -
AWS::CloudWatch::AnomalyDetector -
AWS::CloudWatch::InsightRule -
AWS::CodeBuild::Project -
AWS::CodeBuild::ReportGroup -
AWS::CodeBuild::SourceCredential -
AWS::CodeCommit::Repository -
AWS::CodeDeploy::DeploymentGroup -
AWS::CodeStar::GitHubRepository -
AWS::Config::ConfigurationRecorder -
AWS::Config::DeliveryChannel -
AWS::Config::OrganizationConfigRule -
AWS::Config::RemediationConfiguration -
AWS::DAX::Cluster -
AWS::DAX::ParameterGroup -
AWS::DAX::SubnetGroup -
AWS::DirectoryService::MicrosoftAD -
AWS::DLM::LifecyclePolicy -
AWS::DMS::Certificate -
AWS::DMS::Endpoint -
AWS::DMS::EventSubscription -
AWS::DMS::ReplicationInstance -
AWS::DMS::ReplicationSubnetGroup -
AWS::DMS::ReplicationTask -
AWS::DocDB::DBCluster -
AWS::DocDB::DBClusterParameterGroup -
AWS::DocDB::DBInstance -
AWS::DocDB::DBSubnetGroup -
AWS::DocDB::EventSubscription -
AWS::EC2::ClientVpnAuthorizationRule -
AWS::EC2::ClientVpnEndpoint -
AWS::EC2::ClientVpnRoute -
AWS::EC2::ClientVpnTargetNetworkAssociation -
AWS::EC2::NetworkInterfacePermission -
AWS::ElastiCache::CacheCluster -
AWS::ElastiCache::ReplicationGroup -
AWS::ElastiCache::SecurityGroup -
AWS::ElastiCache::SecurityGroupIngress -
AWS::ElasticLoadBalancing::LoadBalancer -
AWS::ElasticLoadBalancingV2::ListenerCertificate -
AWS::Elasticsearch::Domain -
AWS::EMR::Cluster -
AWS::EMR::InstanceFleetConfig -
AWS::EMR::InstanceGroupConfig -
AWS::FSx::FileSystem -
AWS::FSx::Snapshot -
AWS::FSx::StorageVirtualMachine -
AWS::FSx::Volume -
AWS::Glue::Classifier -
AWS::Glue::Connection -
AWS::Glue::CustomEntityType -
AWS::Glue::DataCatalogEncryptionSettings -
AWS::Glue::DataQualityRuleset -
AWS::Glue::DevEndpoint -
AWS::Glue::MLTransform -
AWS::Glue::Partition -
AWS::Glue::SecurityConfiguration -
AWS::Glue::Table -
AWS::Glue::TableOptimizer -
AWS::Glue::Workflow -
AWS::Greengrass::ConnectorDefinition -
AWS::Greengrass::ConnectorDefinitionVersion -
AWS::Greengrass::CoreDefinition -
AWS::Greengrass::CoreDefinitionVersion -
AWS::Greengrass::DeviceDefinition -
AWS::Greengrass::DeviceDefinitionVersion -
AWS::Greengrass::FunctionDefinition -
AWS::Greengrass::FunctionDefinitionVersion -
AWS::Greengrass::Group -
AWS::Greengrass::GroupVersion -
AWS::Greengrass::LoggerDefinition -
AWS::Greengrass::LoggerDefinitionVersion -
AWS::Greengrass::ResourceDefinition -
AWS::Greengrass::ResourceDefinitionVersion -
AWS::Greengrass::SubscriptionDefinition -
AWS::Greengrass::SubscriptionDefinitionVersion -
AWS::IAM::AccessKey -
AWS::IAM::UserToGroupAddition -
AWS::IoT::PolicyPrincipalAttachment -
AWS::IoT::ThingPrincipalAttachment -
AWS::IoTThingsGraph::FlowTemplate -
AWS::KinesisAnalytics::Application -
AWS::KinesisAnalytics::ApplicationOutput -
AWS::KinesisAnalytics::ApplicationReferenceDataSource -
AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption -
AWS::KinesisAnalyticsV2::ApplicationOutput -
AWS::KinesisAnalyticsV2::ApplicationReferenceDataSource -
AWS::LakeFormation::DataLakeSettings -
AWS::LakeFormation::Permissions -
AWS::LakeFormation::Resource -
AWS::ManagedBlockchain::Member -
AWS::ManagedBlockchain::Node -
AWS::MediaConvert::JobTemplate -
AWS::MediaConvert::Preset -
AWS::MediaConvert::Queue -
AWS::MediaLive::Channel -
AWS::MediaLive::Input -
AWS::MediaLive::InputSecurityGroup -
AWS::MediaStore::Container -
AWS::OpsWorks::App -
AWS::OpsWorks::ElasticLoadBalancerAttachment -
AWS::OpsWorks::Instance -
AWS::OpsWorks::Layer -
AWS::OpsWorks::Stack -
AWS::OpsWorks::UserProfile -
AWS::OpsWorks::Volume -
AWS::Pinpoint::ADMChannel -
AWS::Pinpoint::APNSChannel -
AWS::Pinpoint::APNSSandboxChannel -
AWS::Pinpoint::APNSVoipChannel -
AWS::Pinpoint::APNSVoipSandboxChannel -
AWS::Pinpoint::App -
AWS::Pinpoint::ApplicationSettings -
AWS::Pinpoint::BaiduChannel -
AWS::Pinpoint::Campaign -
AWS::Pinpoint::EmailChannel -
AWS::Pinpoint::EmailTemplate -
AWS::Pinpoint::EventStream -
AWS::Pinpoint::GCMChannel -
AWS::Pinpoint::PushTemplate -
AWS::Pinpoint::Segment -
AWS::Pinpoint::SMSChannel -
AWS::Pinpoint::SmsTemplate -
AWS::Pinpoint::VoiceChannel -
AWS::PinpointEmail::ConfigurationSet -
AWS::PinpointEmail::ConfigurationSetEventDestination -
AWS::PinpointEmail::DedicatedIpPool -
AWS::PinpointEmail::Identity -
AWS::QLDB::Ledger -
AWS::RDS::DBSecurityGroup -
AWS::RDS::DBSecurityGroupIngress -
AWS::Redshift::ClusterSecurityGroup -
AWS::Redshift::ClusterSecurityGroupIngress -
AWS::Route53::RecordSet -
AWS::Route53::RecordSetGroup -
AWS::SageMaker::CodeRepository -
AWS::SageMaker::EndpointConfig -
AWS::SageMaker::Model -
AWS::SageMaker::NotebookInstance -
AWS::SageMaker::NotebookInstanceLifecycleConfig -
AWS::SageMaker::Workteam -
AWS::SDB::Domain -
AWS::ServiceCatalog::AcceptedPortfolioShare -
AWS::ServiceCatalog::LaunchRoleConstraint -
AWS::ServiceCatalog::Portfolio -
AWS::ServiceCatalog::StackSetConstraint -
AWS::ServiceDiscovery::HttpNamespace -
AWS::ServiceDiscovery::Instance -
AWS::ServiceDiscovery::PrivateDnsNamespace -
AWS::ServiceDiscovery::PublicDnsNamespace -
AWS::ServiceDiscovery::Service -
AWS::SES::ReceiptFilter -
AWS::SES::ReceiptRule -
AWS::SES::ReceiptRuleSet -
AWS::SSM::MaintenanceWindow -
AWS::SSM::MaintenanceWindowTarget -
AWS::SSM::MaintenanceWindowTask -
AWS::WAF::ByteMatchSet -
AWS::WAF::IPSet -
AWS::WAF::Rule -
AWS::WAF::SizeConstraintSet -
AWS::WAF::SqlInjectionMatchSet -
AWS::WAF::WebACL -
AWS::WAF::XssMatchSet -
AWS::WAFRegional::ByteMatchSet -
AWS::WAFRegional::GeoMatchSet -
AWS::WAFRegional::IPSet -
AWS::WAFRegional::RateBasedRule -
AWS::WAFRegional::RegexPatternSet -
AWS::WAFRegional::Rule -
AWS::WAFRegional::SizeConstraintSet -
AWS::WAFRegional::SqlInjectionMatchSet -
AWS::WAFRegional::WebACL -
AWS::WAFRegional::WebACLAssociation -
AWS::WAFRegional::XssMatchSet -
AWS::WorkSpaces::Workspace -
AWS::AmazonMQ::ConfigurationAssociation -
AWS::ApiGateway::DomainNameAccessAssociation -
AWS::AppConfig::ExtensionAssociation -
AWS::AppStream::ApplicationEntitlementAssociation -
AWS::AppStream::ApplicationFleetAssociation -
AWS::AppSync::DomainNameApiAssociation -
AWS::AppSync::SourceApiAssociation -
AWS::CleanRooms::ConfiguredTableAssociation -
AWS::CleanRooms::IdNamespaceAssociation -
AWS::CodeGuruReviewer::RepositoryAssociation -
AWS::Cognito::IdentityPoolRoleAttachment -
AWS::Cognito::UserPoolRiskConfigurationAttachment -
AWS::Cognito::UserPoolUICustomizationAttachment -
AWS::Cognito::UserPoolUserToGroupAttachment -
AWS::Connect::IntegrationAssociation -
AWS::Deadline::QueueFleetAssociation -
AWS::Deadline::QueueLimitAssociation -
AWS::EC2::EIPAssociation -
AWS::EC2::EnclaveCertificateIamRoleAssociation -
AWS::EC2::GatewayRouteTableAssociation -
AWS::EC2::IPAMResourceDiscoveryAssociation -
AWS::EC2::IpPoolRouteTableAssociation -
AWS::EC2::LocalGatewayRouteTableVPCAssociation -
AWS::EC2::LocalGatewayRouteTableVirtualInterfaceGroupAssociation -
AWS::EC2::NetworkInterfaceAttachment -
AWS::EC2::RouteServerAssociation -
AWS::EC2::SecurityGroupVpcAssociation -
AWS::EC2::SubnetNetworkAclAssociation -
AWS::EC2::SubnetRouteTableAssociation -
AWS::EC2::TransitGatewayAttachment -
AWS::EC2::TransitGatewayMulticastDomainAssociation -
AWS::EC2::TransitGatewayPeeringAttachment -
AWS::EC2::TransitGatewayRouteTableAssociation -
AWS::EC2::TransitGatewayVpcAttachment -
AWS::EC2::VPCDHCPOptionsAssociation -
AWS::EC2::VPCGatewayAttachment -
AWS::EC2::VolumeAttachment -
AWS::ECS::ClusterCapacityProviderAssociations -
AWS::EKS::PodIdentityAssociation -
AWS::FSx::DataRepositoryAssociation -
AWS::FSx::S3AccessPointAttachment -
AWS::GlobalAccelerator::CrossAccountAttachment -
AWS::LakeFormation::TagAssociation -
AWS::NetworkFirewall::VpcEndpointAssociation -
AWS::NetworkManager::ConnectAttachment -
AWS::NetworkManager::CustomerGatewayAssociation -
AWS::NetworkManager::DirectConnectGatewayAttachment -
AWS::NetworkManager::LinkAssociation -
AWS::NetworkManager::SiteToSiteVpnAttachment -
AWS::NetworkManager::TransitGatewayRouteTableAttachment -
AWS::NetworkManager::VpcAttachment -
AWS::Notifications::ChannelAssociation -
AWS::Notifications::ManagedNotificationAccountContactAssociation -
AWS::Notifications::ManagedNotificationAdditionalChannelAssociation -
AWS::Notifications::OrganizationalUnitAssociation -
AWS::ResourceExplorer2::DefaultViewAssociation -
AWS::Route53Profiles::ProfileAssociation -
AWS::Route53Profiles::ProfileResourceAssociation -
AWS::Route53Resolver::FirewallRuleGroupAssociation -
AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation -
AWS::Route53Resolver::ResolverRuleAssociation -
AWS::SSM::Association -
AWS::SecretsManager::SecretTargetAttachment -
AWS::SecurityHub::PolicyAssociation -
AWS::ServiceCatalog::PortfolioPrincipalAssociation -
AWS::ServiceCatalog::PortfolioProductAssociation -
AWS::ServiceCatalog::ServiceActionAssociation -
AWS::ServiceCatalog::TagOptionAssociation -
AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation -
AWS::ServiceCatalogAppRegistry::ResourceAssociation -
AWS::VpcLattice::ServiceNetworkResourceAssociation -
AWS::VpcLattice::ServiceNetworkServiceAssociation -
AWS::VpcLattice::ServiceNetworkVpcAssociation -
AWS::WAFv2::WebACLAssociation -
AWS::Wisdom::AssistantAssociation -
AWS::WorkspacesInstances::VolumeAssociation -
AWS::IAM::Policy -
AWS::SNS::TopicPolicy -
AWS::SQS::QueuePolicy -
AWS::EC2::NetworkAclEntry -
AWS::EC2::VPNGatewayRoutePropagation -
AWS::CloudFormation::Stack -
AWS::CloudWatch::MetricStream -
AWS::WorkSpaces::ConnectionAlias -
AWS::IoT::ProvisioningTemplate -
AWS::MediaPackage::Channel -
AWS::CloudFront::OriginRequestPolicy -
AWS::Route53Resolver::ResolverQueryLoggingConfig -
AWS::NetworkManager::TransitGatewayRegistration -
AWS::ImageBuilder::Image -
AWS::Config::ConformancePack -
AWS::S3::AccessPoint -
AWS::CodeStarConnections::Connection -
AWS::CloudFront::CachePolicy -
AWS::FMS::NotificationChannel -
AWS::ImageBuilder::InfrastructureConfiguration -
AWS::Detective::Graph -
AWS::EC2::CarrierGateway -
AWS::CloudWatch::CompositeAlarm -
AWS::CodeArtifact::Repository -
AWS::GroundStation::DataflowEndpointGroup -
AWS::ElasticLoadBalancingV2::Listener -
AWS::ImageBuilder::ImageRecipe -
AWS::NetworkManager::Device -
AWS::Kendra::DataSource -
AWS::Timestream::Database -
AWS::CodeGuruProfiler::ProfilingGroup -
AWS::Lambda::EventSourceMapping -
AWS::ECR::Repository -
AWS::WAFv2::IPSet -
AWS::GameLift::Alias -
AWS::IoTSiteWise::Asset -
AWS::OpsWorksCM::Server -
AWS::IoT::Authorizer -
AWS::WAFv2::RuleGroup -
AWS::NetworkManager::Site -
AWS::ResourceGroups::Group -
AWS::MediaPackage::PackagingConfiguration -
AWS::ImageBuilder::ImagePipeline -
AWS::ECS::TaskDefinition -
AWS::Macie::CustomDataIdentifier -
AWS::MediaPackage::OriginEndpoint -
AWS::Logs::LogGroup -
AWS::CodeArtifact::Domain -
AWS::Kendra::Faq -
AWS::ECS::TaskSet -
AWS::WAFv2::RegexPatternSet -
AWS::ECS::Cluster -
AWS::SSO::Assignment -
AWS::GlobalAccelerator::Listener -
AWS::ServiceCatalog::CloudFormationProvisionedProduct -
AWS::RDS::DBProxy -
AWS::EC2::FlowLog -
AWS::ImageBuilder::Component -
AWS::CloudFront::RealtimeLogConfig -
AWS::NetworkManager::GlobalNetwork -
AWS::RDS::DBProxyTargetGroup -
AWS::WAFv2::WebACL -
AWS::IVS::StreamKey -
AWS::IVS::PlaybackKeyPair -
AWS::Macie::Session -
AWS::Route53::HealthCheck -
AWS::Synthetics::Canary -
AWS::Lambda::CodeSigningConfig -
AWS::EFS::AccessPoint -
AWS::Timestream::Table -
AWS::MediaPackage::PackagingGroup -
AWS::ECS::PrimaryTaskSet -
AWS::Config::ConfigurationAggregator -
AWS::GroundStation::Config -
AWS::IoTSiteWise::AssetModel -
AWS::SES::ConfigurationSet -
AWS::ImageBuilder::DistributionConfiguration -
AWS::Config::OrganizationConformancePack -
AWS::EC2::LocalGatewayRoute -
AWS::KMS::Key -
AWS::Detective::MemberInvitation -
AWS::EKS::FargateProfile -
AWS::MediaPackage::Asset -
AWS::GlobalAccelerator::EndpointGroup -
AWS::Macie::FindingsFilter -
AWS::IoT::Certificate -
AWS::SageMaker::MonitoringSchedule -
AWS::IVS::Channel -
AWS::Kendra::Index -
AWS::EventSchemas::RegistryPolicy -
AWS::KinesisFirehose::DeliveryStream -
AWS::GlobalAccelerator::Accelerator -
AWS::EC2::PrefixList -
AWS::GameLift::GameServerGroup -
AWS::NetworkManager::Link -
AWS::EFS::FileSystem -
AWS::Route53::HostedZone -
AWS::GroundStation::MissionProfile -
AWS::KMS::Alias -
AWS::FMS::Policy -
AWS::SSO::PermissionSet -
AWS::StepFunctions::StateMachine -
AWS::QLDB::Stream -
AWS::IoTSiteWise::Gateway -
AWS::ECS::Service -
AWS::ECS::CapacityProvider -
AWS::EC2::SecurityGroup -
AWS::EC2::SecurityGroupIngress -
AWS::EC2::SecurityGroupEgress -
AWS::EC2::EC2Fleet -
AWS::IAM::Group -
AWS::IAM::Role -
AWS::IAM::User -
AWS::ApiGateway::GatewayResponse -
AWS::S3::BucketPolicy -
AWS::SNS::Topic -
AWS::SNS::Subscription -
AWS::RDS::DBInstance -
AWS::RDS::DBParameterGroup -
AWS::RDS::DBCluster -
AWS::RDS::DBClusterParameterGroup -
AWS::RDS::DBSubnetGroup -
AWS::RDS::EventSubscription -
AWS::RDS::GlobalCluster -
AWS::RDS::OptionGroup -
AWS::Neptune::DBInstance -
AWS::Neptune::DBParameterGroup -
AWS::Neptune::DBCluster -
AWS::Neptune::DBClusterParameterGroup -
AWS::Neptune::DBSubnetGroup -
AWS::Redshift::Cluster -
AWS::Redshift::ClusterParameterGroup -
AWS::Redshift::ClusterSubnetGroup -
AWS::Redshift::EndpointAccess -
AWS::Redshift::EndpointAuthorization -
AWS::Redshift::EventSubscription -
AWS::Redshift::ScheduledAction -
AWS::ElastiCache::SubnetGroup
