AWS CloudFormation Custom Resource Type

examples for creating CloudFormation extensions and specifically CloudFormation Custom Resource Type

An extension is an artifact, registered in the CloudFormation Registry, which augments the functionality of CloudFormation in a native manner

You can use the CloudFormation CLI to register extensions—both those you create yourself, as well as ones shared with you—with the CloudFormation registry. This enables you to use CloudFormation capabilities to create, provision, and manage these custom types in a safe and repeatable manner, just as you would any AWS resource

There are the following four types of CloudFormation extension mechanisms:

Example Custom Resource Types



  • Org::Service::WAFCDN -> CDK app containing
  • API Gateway (custom auth token | or cloudformation security context identity) -> Step Fn -> create stack -> wait stack -> loop
  • custom resource lambda handler is just a pass through to APIG provisioning the resources.
  • store API Key in secrets manager and reference from cfn custom resource type property
- Sid: DeleteAppRoles
  Effect: Allow
    - wafcdn:*
  Resource: !Sub "arn:aws:cloudformation:${AWS::Region}:${AWS::AccountId}:type/resource/MyOrg-MyService-MyResource/*"