3.4.3 Update Existing IaC Templates

Update Existing IaC Templates

CloudFormation Change Sets

# Create change set (preview)
aws cloudformation create-change-set \
  --stack-name my-stack \
  --template-body file://template.yaml \
  --change-set-name update-v2

# Review changes
aws cloudformation describe-change-set \
  --change-set-name update-v2 --stack-name my-stack

# Execute
aws cloudformation execute-change-set \
  --change-set-name update-v2 --stack-name my-stack

Stack Policies (Protect Resources)

{
  "Statement": [{
    "Effect": "Deny",
    "Action": "Update:Replace",
    "Principal": "*",
    "Resource": "LogicalResourceId/ProductionDB"
  }]
}

SAM Update

sam build
sam deploy  # Automatically creates change set

CDK Update

cdk diff    # Preview changes
cdk deploy  # Apply changes

Nested Stacks

Resources:
  VPCStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: https://s3.amazonaws.com/bucket/vpc.yaml

Exam Tip: Change Sets = preview before update. Stack Policies protect critical resources. cdk diff = preview CDK changes.