Detailed checklist | AWS Cloudformation | 100% Free!

Monitor and audit Cloudformation to ensure security, availability, reliability is not compromised.

Security

Check CloudFormation Deletion Policy in Use
Ensure that a deletion policy, implemented with the DeletionPolicy attribute, is used for your Amazon CloudFormation stacks in order preserve or backup AWS resources when the stacks are deleted.

Check CloudFormation Stack Policy
Ensure your AWS CloudFormation stacks are using policies as a fail-safe mechanism in order to prevent accidental updates to stack resources.

CloudFormation Stack with IAM Role
Ensure that the IAM service role associated with your Amazon CloudFormation stack adhere to the principle of least privilege in order avoid unwanted privilege escalation.

Enable AWS CloudFormation Stack Notifications
Ensure all your AWS CloudFormation stacks are using Simple Notification Service (AWS SNS) in order to receive notifications when an event occurs.

Enable AWS CloudFormation Stack Termination Protection
Ensure that Amazon CloudFormation stacks have Termination Protection feature enabled in order to protect them from being accidentally deleted.

Operational Excellence

Check CloudFormation Drift Detection
Ensure that your AWS CloudFormation stacks are not drifted from their expected template configuration. A CloudFormation stack is considered to have drifted from its configuration if one or more of its resources have been drifted.

Check if CloudFormation is Used
Ensure that Amazon CloudFormation is used within your AWS account to automate your cloud infrastructure management and deployment.

Check CloudFormation Stack Failed Status
Ensure that none of your Amazon CloudFormation stacks are in "Failed" mode for more than 6 hours.

Sources

https://www.cloudanix.com/recipelist/aws/cloudformationmonitoring

Help Us Improve!

If you have any suggestions to improve this checklist, please let us know by filling out this form.