Whenever I happen to work on Amazon Cloudformation, I use the following command line tools to increase my productivity. Maybe these tools will give you some motivation to use them for your own use-cases :)

  • cfn-flip : Tool for converting AWS CloudFormation templates between JSON and YAML formats.

  • cfn-skeleton : Generates skeleton AWS CloudFormation templates for different AWS resources.

-> cfn-skeleton AWS::IAM::Role
AWSTemplateFormatVersion: "2010-09-09"

Description: Template generated by cfn-skeleton

Resources:
  MyRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument: "{\"JSON\": \"CHANGEME\"}"
      ManagedPolicyArns:  # Optional
        - CHANGEME
      MaxSessionDuration: 0  # Optional
      Path: CHANGEME  # Optional
      PermissionsBoundary: CHANGEME  # Optional
      Policies:  # Optional
        - PolicyName: CHANGEME
          PolicyDocument: "{\"JSON\": \"CHANGEME\"}"
      RoleName: CHANGEME  # Optional
  • cfn-lint : A more friendly CloudFormation JSON and YAML template Validator.

You can use this alias with the cfn-lint. alias cfn-validate='cfn-lint validate'

-> cfn-validate create_s3_bucket.yaml
0 infos
0 warn
0 crit
Template valid!
  • cfn_nag, cfn_nag_rules, cfn_nag_scan : Linting tool for CloudFormation templates. The cfn-nag tool also looks for patterns in CloudFormation templates that may indicate insecure infrastructure. You can easily discover security problems in early stages of CF template development.
-> cfn_nag create_s3_bucket.yaml
------------------------------------------------------------
create_s3_bucket.yaml
------------------------------------------------------------------------------------------------------------------------
| WARN W51
|
| Resources: ["SampleBucket"]
| Line Numbers: [11]
|
| S3 bucket should likely have a bucket policy
------------------------------------------------------------
| WARN W35
|
| Resources: ["SampleBucket"]
| Line Numbers: [11]
|
| S3 Bucket should have access logging configured
------------------------------------------------------------
| WARN W41
|
| Resources: ["SampleBucket"]
| Line Numbers: [11]
|
| S3 Bucket should have encryption option set

Failures count: 0
Warnings count: 3
  • cwtail : CloudWatch log-group tail directly from your terminal.

  • cw : The best way to tail AWS CloudWatch Logs from your terminal.


Let me know, what tools you use when working with CloudFormation!