What is Amazon CloudFormation Hooks? - Amazon CloudFormation Hooks
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

What is Amazon CloudFormation Hooks?

Amazon CloudFormation Hooks is a feature that you can use to ensure that your CloudFormation resources are compliant with your organization's security, operational, and cost optimization best practices. With CloudFormation Hooks, you can provide code that proactively inspects the configuration of your Amazon resources before provisioning. If non-compliant resources are found, Amazon CloudFormation either fails the operation and prevents the resources from being provisioned, or emits a warning and allows the provisioning operation to continue.

You can use Hooks to enforce a variety of requirements and guidelines. For example, a security-related Hook can verify security groups for the appropriate inbound and outbound traffic rules for your Amazon Virtual Private Cloud (Amazon VPC). A cost-related Hook can restrict development environments to only use smaller Amazon Elastic Compute Cloud (Amazon EC2) instance types. A Hook designed for data availability can enforce automatic backups for Amazon Relational Database Service (Amazon RDS) .

CloudFormation Hooks is a supported extension type in the Amazon CloudFormation registry. The registry makes it easy to distribute and activate Hooks both publicly and privately. Versioning, and resource and module extension types are also supported by the registry. You can use pre-built Hooks, or build your own Hooks using the CloudFormation CLI.

This guide provides an overview of the structure of Amazon CloudFormation Hooks, and guides for developing, registering, testing, managing, and publishing your own Hooks.

Topics