When writing your CloudFormation yaml:
- Don't use Default values on Parameter. This is because making a change to just the Default value of a parameter is not considered by CloudFormation in it's difference analysis. Once the value has been set it stays set.
- Use
!Ref parameterName
instead of!Sub '${parameterName}'
- Don't pollute the cloudformation.yaml with notions of non-prod and prod modes. Pass one
application
parameter in with names likemyapp-dev
,myapp-test
and use${application}
to build your resource names. - When you create buckets use a suffix with the lower-case (an S3 constraint) account id. This is so you can deploy your cloudformation.yaml to any account without conflicts.
- Never use that
Fn:Join
nonsense. Use!Sub
instead. For example:
!Sub "arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:${mySecretName}-*