Change Sets and Stack Updates

Updating production infrastructure is inherently risky. A single misconfigured property can cause downtime, data loss, or unexpected resource replacement. CloudFormation change sets address this risk by letting you preview exactly what will change before you apply an update. In this lesson, we will learn how to create, review, and execute change sets, and we will explore advanced update strategies.

---

What is a Change Set?

A change set is a summary of the proposed changes to a stack. When you create a change set, CloudFormation compares your updated template with the current stack and generates a list of changes — without actually making any modifications.

Think of a change set as a "dry run" for your stack update.

---

The Change Set Workflow

The workflow has three steps:

1. Create — submit your updated template and CloudFormation generates the change set
2. Review — examine the proposed changes to verify they are correct
3. Execute — apply the changes to the stack (or discard the change set)

---

Creating a Change Set

Via the CLI

aws cloudformation create-change-set \
  --stack-name my-app-stack \
  --change-set-name add-cache-layer \
  --template-body file://updated-template.yaml \
  --parameters ParameterKey=Environment,ParameterValue=production \
               ParameterKey=DBPassword,UsePreviousValue=true

Via the Console

1. Navigate to your stack in the CloudFormation console
2. Click Update
3. Choose Create change set for current stack
4. Upload the updated template
5. Review and name the change set

---

Reviewing a Change Set

Once created, you can inspect the change set to see what will happen:

aws cloudformation describe-change-set \
  --stack-name my-app-stack \
  --change-set-name add-cache-layer

The output shows each change with these fields:

Field	Description
Action	Add, Modify, or Remove
LogicalResourceId	The resource name in your template
ResourceType	The AWS resource type (e.g., AWS::EC2::Instance)
Replacement	True, False, or Conditional — indicates if the resource will be replaced
Details	Specific property changes and their causes

Example Change Set Output

{
  "Changes": [
    {
      "ResourceChange": {
        "Action": "Add",
        "LogicalResourceId": "CacheCluster",
        "ResourceType": "AWS::ElastiCache::CacheCluster"
      }
    },
    {
      "ResourceChange": {
        "Action": "Modify",
        "LogicalResourceId": "WebServer",
        "ResourceType": "AWS::EC2::Instance",
        "Replacement": "False",
        "Details": [
          {
            "Target": {
              "Attribute": "Properties",
              "Name": "InstanceType"
            },
            "ChangeSource": "DirectModification"
          }
        ]
      }
    }
  ]
}

This change set shows that a new cache cluster will be added, and the web server's instance type will be modified in place (no replacement).

---

Executing a Change Set

Once you are satisfied with the proposed changes, execute the change set:

aws cloudformation execute-change-set \
  --stack-name my-app-stack \
  --change-set-name add-cache-layer

CloudFormation then applies the changes just like a regular stack update, with all the same rollback protections.

Discarding a Change Set

If the changes are not what you expected, you can delete the change set without affecting the stack:

aws cloudformation delete-change-set \
  --stack-name my-app-stack \
  --change-set-name add-cache-layer

---

Multiple Change Sets

You can create multiple change sets for the same stack to compare different update strategies. Only one can be executed — executing one automatically deletes the others.

---

Understanding Resource Replacement