How CloudFormation works
AWS services such as CloudFormation are great at reducing the cognitive load of the end user. A lot of internal details are abstracted, exposing only the functionalities that the users need. However, in certain situations, it’s important to understand what the service is internally doing. This not only helps debug problems faster but also gives you a good thinking ground when discussing topics such as security, compliance, and day-to-day operations for your organization.
Permissions delegation for resource management
By default, AWS CloudFormation uses the permissions of the user that invokes the CLI commands or uses the service directly in the web console. So, in a way, the end user delegates authority to the service for temporary use. If you face any permission denial issues, then this is the first thing you should be checking.
For all stack operations, CloudFormation generates temporary security tokens that match the user’s IAM permissions...
