AWS CloudFormation create-stack vs deploy
create-stack
can only be used when you know you want to create a new stack. If you want to update a stack, you have to use a different command, etc. If you're writing (ug) batch files to help run your cloudformation, this can be a real pain.
The deploy
is functionality to better take advantage of change sets - rather than having to know if a stack exists, you can simply run deploy and the tool will figure out what it needs to do. With the --no-execute-changeset
, it will actually provide you the command needed if you decide you want to review the changes before applying them.
It looks like this was introduced in Nov. 2016, probably around the time change sets were released.
Beware of a strange behavior of deploy
command when you change parameter default value (LatestAmi
in my case).
$ cat ec2.yaml
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
LatestAmi:
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
Default: /aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id
Resources:
MyInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref LatestAmi
InstanceType: t2.micro
Tags:
- Key: Name
Value: cfn-deploy
$ aws cloudformation deploy --template-file ec2.yaml --stack-name cfn-deploy
Waiting for changeset to be created..
Waiting for stack create/update to complete
Successfully created/updated stack - cfn-deploy
$ cat ec2.yaml
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
LatestAmi:
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
Resources:
MyInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref LatestAmi
InstanceType: t2.micro
Tags:
- Key: Name
Value: cfn-deploy
$ aws cloudformation deploy --template-file ec2.yaml --stack-name cfn-deploy
Waiting for changeset to be created..
No changes to deploy. Stack cfn-deploy is up to date
$ aws --version
aws-cli/2.5.2 Python/3.9.11 Linux/5.15.0-23-generic exe/x86_64.ubuntu.22 prompt/off
If you use update-stack
command, the instance is replaced with requested AMI.
I assume that deploy
is just 'syntactic sugar' around the CreateChangeSet
, CreateStack
, and UpdateStack
api methods.
Note that although deploy
is in the CLI, it is not in the API reference.
I assume that deploy
is preferred outside of any need to explicitly review a change set. Without using deploy
you would potentially need to create-change-set
then decide whether to create or update a stack. In this case, deploy is like a stack "upsert".
I stopped being lazy and checked the code, and yes - deploy
is ultimately a nicer way of using cloudformation from the CLI. The implementation is here and here. Note that as of today the ability to control rollback behaviour doesn't existing for deploy
per this issue.