Author AWS CloudFormation Hooks using the CloudFormation Guard domain specific language
AWS CloudFormation Hooks now allows customers to use the AWS CloudFormation Guard domain specific language to author hooks. Customers use AWS CloudFormation Hooks to invoke custom logic to inspect resource configurations prior to a create, update or delete AWS CloudFormation stack operation. If a non-compliant configuration is found, Hooks can block the operation or let the operation continue with a warning. With this launch, you can now author hooks by simply pointing to a Guard rule set stored as an S3 object.
Prior to this launch, customers authored hooks using a programming language and registered the hooks as extensions on the CloudFormation registry using the cfn-cli. This pre-built hook simplifies this authoring process and provides customers the ability to extend their existing Guard rules used for static template validation. Now, you can store your Guard rules, either as individual or compressed files in an S3 bucket, and provide your S3 URI in your hooks configuration.
The Guard hook is available at no additional charge in all AWS Commercial Regions. To get started, you can use the new Hooks console workflow within CloudFormation console, AWS CLI, or CloudFormation.
To learn more about the Guard hook, check out the AWS DevOps Blog or refer to the Guard Hook User Guide. Refer to Guard User Guide to learn more about Guard including how to write Guard rules.