本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 驗證堆疊部署
透過部署前驗證,您可以在執行 CloudFormation 變更集之前識別和解決潛在的部署問題。此功能會根據常見的失敗案例驗證您的範本,協助您在開發週期的早期發現問題。
**Topics**
+ [部署前驗證的運作方式](#validate-stack-deployments-how-it-works)
+ [考量事項](#validate-stack-deployments-considerations)
+ [先決條件](#validate-stack-deployments-prerequisites)
+ [驗證堆疊部署 (主控台)](#validate-stack-deployments-console)
+ [驗證堆疊部署 (AWS CLI)](#validate-stack-deployments-cli)
+ [驗證類型](#validate-stack-deployments-validation-types)
+ [資源限制](#validate-stack-deployments-resource-limitations)
## 部署前驗證的運作方式
部署前驗證涉及下列階段:
1. **建立變更集** – 像平常一樣產生 CloudFormation 堆疊更新的變更集。建立變更集時,預設會啟用部署前驗證。
1. **驗證執行** – CloudFormation 會針對您的範本和目標環境執行多個驗證檢查。目前支援 3 種類型的驗證:針對資源結構描述的屬性語法驗證、與現有資源的資源名稱衝突偵測,以及用於刪除操作的 S3 儲存貯體清空驗證。
1. **檢閱驗證結果** – CloudFormation 會針對發現的任何問題提供詳細意見回饋,包括精確找出範本中問題位置的路徑、消除手動範本偵錯。
1. **解決問題 – 在**繼續部署之前,透過更新您的範本或解決衝突來解決已識別的問題。
1. **自信地執行** - 在知道常見失敗案例已預先驗證的情況下部署您的變更集。
## 考量事項
當您使用部署前驗證時,請記住下列事項:
+ 部署前驗證著重於三種常見的部署失敗案例。它不保證您的部署會成功,但可以降低常見故障的可能性。
+ 驗證模式的行為不同:
+ **當驗證偵測到錯誤時,失敗模式**可防止變更集執行,確保有問題的範本無法繼續部署。這適用於屬性語法錯誤和資源命名衝突。
+ **WARN 模式**允許在驗證失敗時成功建立變更集,提供警告,讓開發人員可以在執行之前檢閱和解決此問題。這適用於限制條件違規,例如可透過手動介入解決的 S3 儲存貯體清空。
+ 驗證結果會繫結至特定變更集。如果您修改範本,則需要建立新的變更集,以取得更新的驗證結果。
+ S3 儲存貯體驗證只會檢查物件是否存在,而不是儲存貯體政策或其他可能防止刪除的限制。
## 先決條件
若要使用部署前驗證,您必須具有:
+ 在帳戶中建立變更集和讀取資源所需的 IAM 許可。對於 S3 儲存貯體清空檢查,您需要 `s3:ListBucket` 許可。
+ 存取 AWS 區域 部署堆疊的 。
+ 您要在部署之前驗證的 CloudFormation 範本。
## 驗證堆疊部署 (主控台)
使用下列程序,使用 主控台驗證您的堆疊部署。
**在部署之前驗證範本**
1. 登入 AWS 管理主控台 ,並在 https://[https://console.aws.amazon.com/cloudformation](https://console.aws.amazon.com/cloudformation/) 開啟 CloudFormation 主控台。
1. 在畫面頂端的導覽列上,選擇 AWS 區域 堆疊所在的 。
1. 在**堆疊**頁面上,選擇您要建立變更集的執行中堆疊。
1. 在堆疊詳細資訊窗格中,選擇**更新堆疊**,然後選擇**建立變更集**。
1. 在**建立*堆疊名稱*的變更集**頁面上,上傳已更新的範本或指定範本來源。
1. 選擇**下一步**,繼續進行剩餘的變更集組態步驟。
1. 如果範本包括 IAM 資源,請在**功能**中選擇**我確認 CloudFormation 可能會建立 IAM 資源**。IAM 資源可修改 AWS 帳戶中的許可;請檢閱這些資源,確保系統僅能執行所需的動作。如需詳細資訊,請參閱 [ CloudFormation 範本中的確認 IAM 資源](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/control-access-with-iam.html#using-iam-capabilities)。
1. 在**檢閱**頁面上,選擇**建立變更集**。
1. CloudFormation 將建立變更集並執行驗證檢查。在**部署驗證索引標籤中檢閱驗證**結果。
1. 如果驗證通過或您對警告感到滿意,請選擇**執行變更集**來部署變更。
1. 如果驗證失敗,請修正問題並建立新的變更集,以重新驗證您的部署。
## 驗證堆疊部署 (AWS CLI)
部署前驗證的 AWS CLI 命令包括:
+ [create-change-set](https://docs.aws.amazon.com/cli/latest/reference/cloudformation/create-change-set.html) 會在建立變更集期間自動驗證。
+ [describe-change-set](https://docs.aws.amazon.com/cli/latest/reference/cloudformation/describe-change-set.html) 以驗證變更集狀態
+ [describe-events](https://docs.aws.amazon.com/cli/latest/reference/cloudformation/describe-events.html) 來檢閱驗證結果。
使用下列程序來驗證使用 的堆疊部署 AWS CLI。
**在部署之前驗證範本**
1. 使用 [create-change-set](https://docs.aws.amazon.com/cli/latest/reference/cloudformation/create-change-set.html) 命令:
```
aws cloudformation create-change-set \
--stack-name MyStack \
--change-set-name MyChangeSet \
--change-set-type "CREATE" \
--template-body file://updated-template.yaml
```
命令會同時傳回變更集 ARN 和堆疊 ARN。
1. 使用 [describe-events](https://docs.aws.amazon.com/cli/latest/reference/cloudformation/describe-events.html) 命令搭配變更集 ARN 或變更集名稱,以檢閱驗證狀態和結果。
```
aws cloudformation describe-events \
--change-set-name "arn:aws:cloudformation:us-east-1:123456789012:changeSet/MyChangeSet/94498df5-1afb-43b1-9869-9f82b2d877ac"
```
驗證錯誤的範例輸出:
```
{
"OperationEvents":[
{
"EventId":"9b5c9a29-4704-4ad0-8082-afb49418d55b",
"StackId":"arn:aws:cloudformation:us-east-1:123456789012:stack/MyStack/c3908380-b357-11f0-a97f-0ad08f35df65",
"OperationId":"f558b823-e1e3-4de3-a222-e6b930ddcad4",
"OperationType":"CREATE_CHANGESET",
"OperationStatus":"FAILED",
"EventType":"STACK_EVENT",
"Timestamp":"2025-10-27T17:10:02.923Z",
"StartTime":"2025-10-27T17:09:57.537Z",
"EndTime":"2025-10-27T17:10:02.923Z"
},
{
"EventId":"2d8c3262-3468-4283-82fb-6e780e9e4f1d",
"StackId":"arn:aws:cloudformation:us-east-1:123456789012:stack/MyStack/c3908380-b357-11f0-a97f-0ad08f35df65",
"OperationId":"f558b823-e1e3-4de3-a222-e6b930ddcad4",
"OperationType":"CREATE_CHANGESET",
"EventType":"VALIDATION_ERROR",
"LogicalResourceId":"NotificationBucket",
"PhysicalResourceId":"",
"ResourceType":"AWS::S3::Bucket",
"Timestamp":"2025-10-27T17:10:02.461Z",
"ValidationFailureMode":"FAIL",
"ValidationName":"PROPERTY_VALIDATION",
"ValidationStatus":"FAILED",
"ValidationStatusReason":"#/NotificationConfiguration/QueueConfigurations/0: required key [Event] not found",
"ValidationPath":"/Resources/NotificationBucket/Properties/NotificationConfiguration/QueueConfigurations/0"
}
]
}
```
1. 更新範本以解決任何驗證錯誤,然後建立新的變更集。
1. 驗證通過後,請執行變更集:
```
aws cloudformation execute-change-set \
--change-set-name MyChangeSet \
--stack-name MyStack
```
## 驗證類型
部署前驗證包括下列類型的檢查:
+ **屬性語法驗證** – 根據資源結構描述驗證 AWS 資源屬性。它會檢查所需的屬性和有效的屬性值,並識別已棄用或不支援的屬性組合。
+ **資源名稱衝突偵測** – 檢查命名是否與現有 AWS 資源衝突。它會驗證資源名稱是否符合 AWS 命名要求,並在部署嘗試之前識別潛在的衝突。
+ **S3 儲存貯體清空驗證** – 嘗試刪除包含物件的 S3 儲存貯體時發出警告。它提供物件計數,以協助評估刪除影響,並協助防止常見的 S3 刪除失敗。
每個驗證類型都會在範本中提供特定的錯誤訊息和錯誤位置,以協助您快速解決問題。
## 資源限制
部署前驗證不支援下列資源類型:
+ `AWS::ApiGatewayV2::ApiGatewayManagedOverrides`
+ `AWS::ApiGatewayV2::Stage`
+ `AWS::AppMesh::GatewayRoute`
+ `AWS::AppMesh::Mesh`
+ `AWS::AppMesh::Route`
+ `AWS::AppMesh::VirtualGateway`
+ `AWS::AppMesh::VirtualNode`
+ `AWS::AppMesh::VirtualRouter`
+ `AWS::AppMesh::VirtualService`
+ `AWS::AppStream::Fleet`
+ `AWS::AppStream::Stack`
+ `AWS::AppStream::StackFleetAssociation`
+ `AWS::AppStream::StackUserAssociation`
+ `AWS::AppStream::User`
+ `AWS::AppSync::ApiCache`
+ `AWS::AppSync::ApiKey`
+ `AWS::AppSync::GraphQLSchema`
+ `AWS::AutoScalingPlans::ScalingPlan`
+ `AWS::Budgets::Budget`
+ `AWS::CertificateManager::Certificate`
+ `AWS::Cloud9::EnvironmentEC2`
+ `AWS::CloudFormation::CustomResource`
+ `AWS::CloudFormation::Macro`
+ `AWS::CloudFormation::WaitCondition`
+ `AWS::CloudFormation::WaitConditionHandle`
+ `AWS::CloudFront::StreamingDistribution`
+ `AWS::CloudWatch::AnomalyDetector`
+ `AWS::CloudWatch::InsightRule`
+ `AWS::CodeBuild::Project`
+ `AWS::CodeBuild::ReportGroup`
+ `AWS::CodeBuild::SourceCredential`
+ `AWS::CodeCommit::Repository`
+ `AWS::CodeDeploy::DeploymentGroup`
+ `AWS::CodeStar::GitHubRepository`
+ `AWS::Config::ConfigurationRecorder`
+ `AWS::Config::DeliveryChannel`
+ `AWS::Config::OrganizationConfigRule`
+ `AWS::Config::RemediationConfiguration`
+ `AWS::DAX::Cluster`
+ `AWS::DAX::ParameterGroup`
+ `AWS::DAX::SubnetGroup`
+ `AWS::DirectoryService::MicrosoftAD`
+ `AWS::DLM::LifecyclePolicy`
+ `AWS::DMS::Certificate`
+ `AWS::DMS::Endpoint`
+ `AWS::DMS::EventSubscription`
+ `AWS::DMS::ReplicationInstance`
+ `AWS::DMS::ReplicationSubnetGroup`
+ `AWS::DMS::ReplicationTask`
+ `AWS::DocDB::DBCluster`
+ `AWS::DocDB::DBClusterParameterGroup`
+ `AWS::DocDB::DBInstance`
+ `AWS::DocDB::DBSubnetGroup`
+ `AWS::DocDB::EventSubscription`
+ `AWS::EC2::ClientVpnAuthorizationRule`
+ `AWS::EC2::ClientVpnEndpoint`
+ `AWS::EC2::ClientVpnRoute`
+ `AWS::EC2::ClientVpnTargetNetworkAssociation`
+ `AWS::EC2::NetworkInterfacePermission`
+ `AWS::ElastiCache::CacheCluster`
+ `AWS::ElastiCache::ReplicationGroup`
+ `AWS::ElastiCache::SecurityGroup`
+ `AWS::ElastiCache::SecurityGroupIngress`
+ `AWS::ElasticLoadBalancing::LoadBalancer`
+ `AWS::ElasticLoadBalancingV2::ListenerCertificate`
+ `AWS::Elasticsearch::Domain`
+ `AWS::EMR::Cluster`
+ `AWS::EMR::InstanceFleetConfig`
+ `AWS::EMR::InstanceGroupConfig`
+ `AWS::FSx::FileSystem`
+ `AWS::FSx::Snapshot`
+ `AWS::FSx::StorageVirtualMachine`
+ `AWS::FSx::Volume`
+ `AWS::Glue::Classifier`
+ `AWS::Glue::Connection`
+ `AWS::Glue::CustomEntityType`
+ `AWS::Glue::DataCatalogEncryptionSettings`
+ `AWS::Glue::DataQualityRuleset`
+ `AWS::Glue::DevEndpoint`
+ `AWS::Glue::MLTransform`
+ `AWS::Glue::Partition`
+ `AWS::Glue::SecurityConfiguration`
+ `AWS::Glue::Table`
+ `AWS::Glue::TableOptimizer`
+ `AWS::Glue::Workflow`
+ `AWS::Greengrass::ConnectorDefinition`
+ `AWS::Greengrass::ConnectorDefinitionVersion`
+ `AWS::Greengrass::CoreDefinition`
+ `AWS::Greengrass::CoreDefinitionVersion`
+ `AWS::Greengrass::DeviceDefinition`
+ `AWS::Greengrass::DeviceDefinitionVersion`
+ `AWS::Greengrass::FunctionDefinition`
+ `AWS::Greengrass::FunctionDefinitionVersion`
+ `AWS::Greengrass::Group`
+ `AWS::Greengrass::GroupVersion`
+ `AWS::Greengrass::LoggerDefinition`
+ `AWS::Greengrass::LoggerDefinitionVersion`
+ `AWS::Greengrass::ResourceDefinition`
+ `AWS::Greengrass::ResourceDefinitionVersion`
+ `AWS::Greengrass::SubscriptionDefinition`
+ `AWS::Greengrass::SubscriptionDefinitionVersion`
+ `AWS::IAM::AccessKey`
+ `AWS::IAM::UserToGroupAddition`
+ `AWS::IoT::PolicyPrincipalAttachment`
+ `AWS::IoT::ThingPrincipalAttachment`
+ `AWS::IoTThingsGraph::FlowTemplate`
+ `AWS::KinesisAnalytics::Application`
+ `AWS::KinesisAnalytics::ApplicationOutput`
+ `AWS::KinesisAnalytics::ApplicationReferenceDataSource`
+ `AWS::KinesisAnalyticsV2::ApplicationCloudWatchLoggingOption`
+ `AWS::KinesisAnalyticsV2::ApplicationOutput`
+ `AWS::KinesisAnalyticsV2::ApplicationReferenceDataSource`
+ `AWS::LakeFormation::DataLakeSettings`
+ `AWS::LakeFormation::Permissions`
+ `AWS::LakeFormation::Resource`
+ `AWS::ManagedBlockchain::Member`
+ `AWS::ManagedBlockchain::Node`
+ `AWS::MediaConvert::JobTemplate`
+ `AWS::MediaConvert::Preset`
+ `AWS::MediaConvert::Queue`
+ `AWS::MediaLive::Channel`
+ `AWS::MediaLive::Input`
+ `AWS::MediaLive::InputSecurityGroup`
+ `AWS::MediaStore::Container`
+ `AWS::OpsWorks::App`
+ `AWS::OpsWorks::ElasticLoadBalancerAttachment`
+ `AWS::OpsWorks::Instance`
+ `AWS::OpsWorks::Layer`
+ `AWS::OpsWorks::Stack`
+ `AWS::OpsWorks::UserProfile`
+ `AWS::OpsWorks::Volume`
+ `AWS::Pinpoint::ADMChannel`
+ `AWS::Pinpoint::APNSChannel`
+ `AWS::Pinpoint::APNSSandboxChannel`
+ `AWS::Pinpoint::APNSVoipChannel`
+ `AWS::Pinpoint::APNSVoipSandboxChannel`
+ `AWS::Pinpoint::App`
+ `AWS::Pinpoint::ApplicationSettings`
+ `AWS::Pinpoint::BaiduChannel`
+ `AWS::Pinpoint::Campaign`
+ `AWS::Pinpoint::EmailChannel`
+ `AWS::Pinpoint::EmailTemplate`
+ `AWS::Pinpoint::EventStream`
+ `AWS::Pinpoint::GCMChannel`
+ `AWS::Pinpoint::PushTemplate`
+ `AWS::Pinpoint::Segment`
+ `AWS::Pinpoint::SMSChannel`
+ `AWS::Pinpoint::SmsTemplate`
+ `AWS::Pinpoint::VoiceChannel`
+ `AWS::PinpointEmail::ConfigurationSet`
+ `AWS::PinpointEmail::ConfigurationSetEventDestination`
+ `AWS::PinpointEmail::DedicatedIpPool`
+ `AWS::PinpointEmail::Identity`
+ `AWS::QLDB::Ledger`
+ `AWS::RDS::DBSecurityGroup`
+ `AWS::RDS::DBSecurityGroupIngress`
+ `AWS::Redshift::ClusterSecurityGroup`
+ `AWS::Redshift::ClusterSecurityGroupIngress`
+ `AWS::Route53::RecordSet`
+ `AWS::Route53::RecordSetGroup`
+ `AWS::SageMaker::CodeRepository`
+ `AWS::SageMaker::EndpointConfig`
+ `AWS::SageMaker::Model`
+ `AWS::SageMaker::NotebookInstance`
+ `AWS::SageMaker::NotebookInstanceLifecycleConfig`
+ `AWS::SageMaker::Workteam`
+ `AWS::SDB::Domain`
+ `AWS::ServiceCatalog::AcceptedPortfolioShare`
+ `AWS::ServiceCatalog::LaunchRoleConstraint`
+ `AWS::ServiceCatalog::Portfolio`
+ `AWS::ServiceCatalog::StackSetConstraint`
+ `AWS::ServiceDiscovery::HttpNamespace`
+ `AWS::ServiceDiscovery::Instance`
+ `AWS::ServiceDiscovery::PrivateDnsNamespace`
+ `AWS::ServiceDiscovery::PublicDnsNamespace`
+ `AWS::ServiceDiscovery::Service`
+ `AWS::SES::ReceiptFilter`
+ `AWS::SES::ReceiptRule`
+ `AWS::SES::ReceiptRuleSet`
+ `AWS::SSM::MaintenanceWindow`
+ `AWS::SSM::MaintenanceWindowTarget`
+ `AWS::SSM::MaintenanceWindowTask`
+ `AWS::WAF::ByteMatchSet`
+ `AWS::WAF::IPSet`
+ `AWS::WAF::Rule`
+ `AWS::WAF::SizeConstraintSet`
+ `AWS::WAF::SqlInjectionMatchSet`
+ `AWS::WAF::WebACL`
+ `AWS::WAF::XssMatchSet`
+ `AWS::WAFRegional::ByteMatchSet`
+ `AWS::WAFRegional::GeoMatchSet`
+ `AWS::WAFRegional::IPSet`
+ `AWS::WAFRegional::RateBasedRule`
+ `AWS::WAFRegional::RegexPatternSet`
+ `AWS::WAFRegional::Rule`
+ `AWS::WAFRegional::SizeConstraintSet`
+ `AWS::WAFRegional::SqlInjectionMatchSet`
+ `AWS::WAFRegional::WebACL`
+ `AWS::WAFRegional::WebACLAssociation`
+ `AWS::WAFRegional::XssMatchSet`
+ `AWS::WorkSpaces::Workspace`
+ `AWS::AmazonMQ::ConfigurationAssociation`
+ `AWS::ApiGateway::DomainNameAccessAssociation`
+ `AWS::AppConfig::ExtensionAssociation`
+ `AWS::AppStream::ApplicationEntitlementAssociation`
+ `AWS::AppStream::ApplicationFleetAssociation`
+ `AWS::AppSync::DomainNameApiAssociation`
+ `AWS::AppSync::SourceApiAssociation`
+ `AWS::CleanRooms::ConfiguredTableAssociation`
+ `AWS::CleanRooms::IdNamespaceAssociation`
+ `AWS::CodeGuruReviewer::RepositoryAssociation`
+ `AWS::Cognito::IdentityPoolRoleAttachment`
+ `AWS::Cognito::UserPoolRiskConfigurationAttachment`
+ `AWS::Cognito::UserPoolUICustomizationAttachment`
+ `AWS::Cognito::UserPoolUserToGroupAttachment`
+ `AWS::Connect::IntegrationAssociation`
+ `AWS::Deadline::QueueFleetAssociation`
+ `AWS::Deadline::QueueLimitAssociation`
+ `AWS::EC2::EIPAssociation`
+ `AWS::EC2::EnclaveCertificateIamRoleAssociation`
+ `AWS::EC2::GatewayRouteTableAssociation`
+ `AWS::EC2::IPAMResourceDiscoveryAssociation`
+ `AWS::EC2::IpPoolRouteTableAssociation`
+ `AWS::EC2::LocalGatewayRouteTableVPCAssociation`
+ `AWS::EC2::LocalGatewayRouteTableVirtualInterfaceGroupAssociation`
+ `AWS::EC2::NetworkInterfaceAttachment`
+ `AWS::EC2::RouteServerAssociation`
+ `AWS::EC2::SecurityGroupVpcAssociation`
+ `AWS::EC2::SubnetNetworkAclAssociation`
+ `AWS::EC2::SubnetRouteTableAssociation`
+ `AWS::EC2::TransitGatewayAttachment`
+ `AWS::EC2::TransitGatewayMulticastDomainAssociation`
+ `AWS::EC2::TransitGatewayPeeringAttachment`
+ `AWS::EC2::TransitGatewayRouteTableAssociation`
+ `AWS::EC2::TransitGatewayVpcAttachment`
+ `AWS::EC2::VPCDHCPOptionsAssociation`
+ `AWS::EC2::VPCGatewayAttachment`
+ `AWS::EC2::VolumeAttachment`
+ `AWS::ECS::ClusterCapacityProviderAssociations`
+ `AWS::EKS::PodIdentityAssociation`
+ `AWS::FSx::DataRepositoryAssociation`
+ `AWS::FSx::S3AccessPointAttachment`
+ `AWS::GlobalAccelerator::CrossAccountAttachment`
+ `AWS::LakeFormation::TagAssociation`
+ `AWS::NetworkFirewall::VpcEndpointAssociation`
+ `AWS::NetworkManager::ConnectAttachment`
+ `AWS::NetworkManager::CustomerGatewayAssociation`
+ `AWS::NetworkManager::DirectConnectGatewayAttachment`
+ `AWS::NetworkManager::LinkAssociation`
+ `AWS::NetworkManager::SiteToSiteVpnAttachment`
+ `AWS::NetworkManager::TransitGatewayRouteTableAttachment`
+ `AWS::NetworkManager::VpcAttachment`
+ `AWS::Notifications::ChannelAssociation`
+ `AWS::Notifications::ManagedNotificationAccountContactAssociation`
+ `AWS::Notifications::ManagedNotificationAdditionalChannelAssociation`
+ `AWS::Notifications::OrganizationalUnitAssociation`
+ `AWS::ResourceExplorer2::DefaultViewAssociation`
+ `AWS::Route53Profiles::ProfileAssociation`
+ `AWS::Route53Profiles::ProfileResourceAssociation`
+ `AWS::Route53Resolver::FirewallRuleGroupAssociation`
+ `AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation`
+ `AWS::Route53Resolver::ResolverRuleAssociation`
+ `AWS::SSM::Association`
+ `AWS::SecretsManager::SecretTargetAttachment`
+ `AWS::SecurityHub::PolicyAssociation`
+ `AWS::ServiceCatalog::PortfolioPrincipalAssociation`
+ `AWS::ServiceCatalog::PortfolioProductAssociation`
+ `AWS::ServiceCatalog::ServiceActionAssociation`
+ `AWS::ServiceCatalog::TagOptionAssociation`
+ `AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation`
+ `AWS::ServiceCatalogAppRegistry::ResourceAssociation`
+ `AWS::VpcLattice::ServiceNetworkResourceAssociation`
+ `AWS::VpcLattice::ServiceNetworkServiceAssociation`
+ `AWS::VpcLattice::ServiceNetworkVpcAssociation`
+ `AWS::WAFv2::WebACLAssociation`
+ `AWS::Wisdom::AssistantAssociation`
+ `AWS::WorkspacesInstances::VolumeAssociation`
+ `AWS::IAM::Policy`
+ `AWS::SNS::TopicPolicy`
+ `AWS::SQS::QueuePolicy`
+ `AWS::EC2::NetworkAclEntry`
+ `AWS::EC2::VPNGatewayRoutePropagation`
+ `AWS::CloudFormation::Stack`
+ `AWS::CloudWatch::MetricStream`
+ `AWS::WorkSpaces::ConnectionAlias`
+ `AWS::IoT::ProvisioningTemplate`
+ `AWS::MediaPackage::Channel`
+ `AWS::CloudFront::OriginRequestPolicy`
+ `AWS::Route53Resolver::ResolverQueryLoggingConfig`
+ `AWS::NetworkManager::TransitGatewayRegistration`
+ `AWS::ImageBuilder::Image`
+ `AWS::Config::ConformancePack`
+ `AWS::S3::AccessPoint`
+ `AWS::CodeStarConnections::Connection`
+ `AWS::CloudFront::CachePolicy`
+ `AWS::FMS::NotificationChannel`
+ `AWS::ImageBuilder::InfrastructureConfiguration`
+ `AWS::Detective::Graph`
+ `AWS::EC2::CarrierGateway`
+ `AWS::CloudWatch::CompositeAlarm`
+ `AWS::CodeArtifact::Repository`
+ `AWS::GroundStation::DataflowEndpointGroup`
+ `AWS::ElasticLoadBalancingV2::Listener`
+ `AWS::ImageBuilder::ImageRecipe`
+ `AWS::NetworkManager::Device`
+ `AWS::Kendra::DataSource`
+ `AWS::Timestream::Database`
+ `AWS::CodeGuruProfiler::ProfilingGroup`
+ `AWS::Lambda::EventSourceMapping`
+ `AWS::ECR::Repository`
+ `AWS::WAFv2::IPSet`
+ `AWS::GameLift::Alias`
+ `AWS::IoTSiteWise::Asset`
+ `AWS::OpsWorksCM::Server`
+ `AWS::IoT::Authorizer`
+ `AWS::WAFv2::RuleGroup`
+ `AWS::NetworkManager::Site`
+ `AWS::ResourceGroups::Group`
+ `AWS::MediaPackage::PackagingConfiguration`
+ `AWS::ImageBuilder::ImagePipeline`
+ `AWS::ECS::TaskDefinition`
+ `AWS::Macie::CustomDataIdentifier`
+ `AWS::MediaPackage::OriginEndpoint`
+ `AWS::Logs::LogGroup`
+ `AWS::CodeArtifact::Domain`
+ `AWS::Kendra::Faq`
+ `AWS::ECS::TaskSet`
+ `AWS::WAFv2::RegexPatternSet`
+ `AWS::ECS::Cluster`
+ `AWS::SSO::Assignment`
+ `AWS::GlobalAccelerator::Listener`
+ `AWS::ServiceCatalog::CloudFormationProvisionedProduct`
+ `AWS::RDS::DBProxy`
+ `AWS::EC2::FlowLog`
+ `AWS::ImageBuilder::Component`
+ `AWS::CloudFront::RealtimeLogConfig`
+ `AWS::NetworkManager::GlobalNetwork`
+ `AWS::RDS::DBProxyTargetGroup`
+ `AWS::WAFv2::WebACL`
+ `AWS::IVS::StreamKey`
+ `AWS::IVS::PlaybackKeyPair`
+ `AWS::Macie::Session`
+ `AWS::Route53::HealthCheck`
+ `AWS::Synthetics::Canary`
+ `AWS::Lambda::CodeSigningConfig`
+ `AWS::EFS::AccessPoint`
+ `AWS::Timestream::Table`
+ `AWS::MediaPackage::PackagingGroup`
+ `AWS::ECS::PrimaryTaskSet`
+ `AWS::Config::ConfigurationAggregator`
+ `AWS::GroundStation::Config`
+ `AWS::IoTSiteWise::AssetModel`
+ `AWS::SES::ConfigurationSet`
+ `AWS::ImageBuilder::DistributionConfiguration`
+ `AWS::Config::OrganizationConformancePack`
+ `AWS::EC2::LocalGatewayRoute`
+ `AWS::KMS::Key`
+ `AWS::Detective::MemberInvitation`
+ `AWS::EKS::FargateProfile`
+ `AWS::MediaPackage::Asset`
+ `AWS::GlobalAccelerator::EndpointGroup`
+ `AWS::Macie::FindingsFilter`
+ `AWS::IoT::Certificate`
+ `AWS::SageMaker::MonitoringSchedule`
+ `AWS::IVS::Channel`
+ `AWS::Kendra::Index`
+ `AWS::EventSchemas::RegistryPolicy`
+ `AWS::KinesisFirehose::DeliveryStream`
+ `AWS::GlobalAccelerator::Accelerator`
+ `AWS::EC2::PrefixList`
+ `AWS::GameLift::GameServerGroup`
+ `AWS::NetworkManager::Link`
+ `AWS::EFS::FileSystem`
+ `AWS::Route53::HostedZone`
+ `AWS::GroundStation::MissionProfile`
+ `AWS::KMS::Alias`
+ `AWS::FMS::Policy`
+ `AWS::SSO::PermissionSet`
+ `AWS::StepFunctions::StateMachine`
+ `AWS::QLDB::Stream`
+ `AWS::IoTSiteWise::Gateway`
+ `AWS::ECS::Service`
+ `AWS::ECS::CapacityProvider`
+ `AWS::EC2::SecurityGroup`
+ `AWS::EC2::SecurityGroupIngress`
+ `AWS::EC2::SecurityGroupEgress`
+ `AWS::EC2::EC2Fleet`
+ `AWS::IAM::Group`
+ `AWS::IAM::Role`
+ `AWS::IAM::User`
+ `AWS::ApiGateway::GatewayResponse`
+ `AWS::S3::BucketPolicy`
+ `AWS::SNS::Topic`
+ `AWS::SNS::Subscription`
+ `AWS::RDS::DBInstance`
+ `AWS::RDS::DBParameterGroup`
+ `AWS::RDS::DBCluster`
+ `AWS::RDS::DBClusterParameterGroup`
+ `AWS::RDS::DBSubnetGroup`
+ `AWS::RDS::EventSubscription`
+ `AWS::RDS::GlobalCluster`
+ `AWS::RDS::OptionGroup`
+ `AWS::Neptune::DBInstance`
+ `AWS::Neptune::DBParameterGroup`
+ `AWS::Neptune::DBCluster`
+ `AWS::Neptune::DBClusterParameterGroup`
+ `AWS::Neptune::DBSubnetGroup`
+ `AWS::Redshift::Cluster`
+ `AWS::Redshift::ClusterParameterGroup`
+ `AWS::Redshift::ClusterSubnetGroup`
+ `AWS::Redshift::EndpointAccess`
+ `AWS::Redshift::EndpointAuthorization`
+ `AWS::Redshift::EventSubscription`
+ `AWS::Redshift::ScheduledAction`
+ `AWS::ElastiCache::SubnetGroup`