{"slug":"iam-aws-cloudformation","cloud":"aws","service":"cloudformation","title":"AWS CloudFormation (IAM)","description":"AWS CloudFormation is an infrastructure as code (IaC) service for modeling and provisioning AWS resources using templates.","category":"devops","common_permissions":["cloudformation:ListStacks","cloudformation:DescribeStacks","cloudformation:CreateStack","cloudformation:UpdateStack","cloudformation:GetTemplate","cloudformation:ListChangeSets","cloudformation:DescribeChangeSet","cloudformation:TagResource"],"least_privilege_example":"{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"cloudformation:ListStacks\",\n        \"cloudformation:DescribeStacks\",\n        \"cloudformation:CreateStack\",\n        \"cloudformation:UpdateStack\",\n        \"cloudformation:GetTemplate\",\n        \"cloudformation:ListChangeSets\",\n        \"cloudformation:DescribeChangeSet\",\n        \"cloudformation:TagResource\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}","warnings":["Avoid cloudformation:* — grants full control including stack deletion and resource modification","Avoid cloudformation:DeleteStack unless needed — can delete entire stacks and all resources"],"docs":"https://servicereference.us-east-1.amazonaws.com/v1/cloudformation/cloudformation.json","tags":["iam","aws"],"last_verified":"2026-06-14T00:00:00.000Z","next_check":"2026-12-11T00:00:00.000Z","created_at":"2026-06-14T04:48:55.212Z","updated_at":"2026-06-14T04:48:55.212Z"}