AWS CloudFormation create-stack vs deploy

create-stack can only be used when you know you want to create a new stack. If you want to update a stack, you have to use a different command, etc. If you're writing (ug) batch files to help run your cloudformation, this can be a real pain.

The deploy is functionality to better take advantage of change sets - rather than having to know if a stack exists, you can simply run deploy and the tool will figure out what it needs to do. With the --no-execute-changeset, it will actually provide you the command needed if you decide you want to review the changes before applying them.

It looks like this was introduced in Nov. 2016, probably around the time change sets were released.


Beware of a strange behavior of deploy command when you change parameter default value (LatestAmi in my case).

$ cat ec2.yaml 
AWSTemplateFormatVersion: "2010-09-09"

Parameters:
  LatestAmi: 
    Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
    Default: /aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id
    
Resources:
  MyInstance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: !Ref LatestAmi
      InstanceType: t2.micro
      Tags:
        - Key: Name
          Value: cfn-deploy
$ aws cloudformation deploy --template-file ec2.yaml --stack-name cfn-deploy

Waiting for changeset to be created..
Waiting for stack create/update to complete
Successfully created/updated stack - cfn-deploy
$ cat ec2.yaml 
AWSTemplateFormatVersion: "2010-09-09"

Parameters:
  LatestAmi: 
    Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
    Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2

Resources:
  MyInstance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: !Ref LatestAmi
      InstanceType: t2.micro
      Tags:
        - Key: Name
          Value: cfn-deploy
$ aws cloudformation deploy --template-file ec2.yaml --stack-name cfn-deploy

Waiting for changeset to be created..

No changes to deploy. Stack cfn-deploy is up to date
$ aws --version
aws-cli/2.5.2 Python/3.9.11 Linux/5.15.0-23-generic exe/x86_64.ubuntu.22 prompt/off

If you use update-stack command, the instance is replaced with requested AMI.


I assume that deploy is just 'syntactic sugar' around the CreateChangeSet, CreateStack, and UpdateStack api methods.

Note that although deploy is in the CLI, it is not in the API reference.

I assume that deploy is preferred outside of any need to explicitly review a change set. Without using deploy you would potentially need to create-change-set then decide whether to create or update a stack. In this case, deploy is like a stack "upsert".


I stopped being lazy and checked the code, and yes - deploy is ultimately a nicer way of using cloudformation from the CLI. The implementation is here and here. Note that as of today the ability to control rollback behaviour doesn't existing for deploy per this issue.