CloudFormation Best Practices

Writing CloudFormation templates that work is one thing — writing templates that are secure, maintainable, and production-ready is another. In this final lesson, we will cover the best practices that experienced cloud engineers follow when working with CloudFormation. These practices will help you avoid common pitfalls, reduce risk, and build infrastructure that stands the test of time.

---

1. Use Version Control for All Templates

Every CloudFormation template should be stored in a Git repository. This provides:

• History — you can see exactly what changed, when, and why
• Code review — pull requests ensure someone else reviews infrastructure changes before they are applied
• Branching — experiment on a branch without affecting the main template
• Rollback — revert to a known-good version at any time

Never store templates only in S3 or on a local machine. Git is your single source of truth.

---

2. Always Use Change Sets in Production

Direct stack updates (update-stack) skip the review step. In production, always use change sets:

# Create the change set
aws cloudformation create-change-set \
  --stack-name prod-stack \
  --change-set-name release-v2 \
  --template-body file://template.yaml