ops0 supports AWS CloudFormation as a first-class IaC engine alongside Terraform and OpenTofu. Write CloudFormation templates, deploy stacks across multiple regions and accounts with change sets, enforce policies, and migrate to Terraform when you're ready.
Click IaC in the sidebar and then + New Project.
In the IaC Type dropdown, choose CloudFormation.
Select the AWS integration to use for deployments.
Click Create to open the editor.
The editor supports YAML and JSON CloudFormation templates with syntax highlighting. Use the AI assistant to generate templates from natural language:
Create a CloudFormation template for an ECS Fargate service with
an ALB, target group, security groups, and CloudWatch log group
AWSTemplateFormatVersion: "2010-09-09"
Description: "ECS Fargate service with ALB"
Parameters:
Environment:
Type: String
Default: production
Resources:
ALB:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Scheme: internet-facing
Subnets: !Ref PublicSubnets
ECSService:
Type: AWS::ECS::Service
Properties:
Cluster: !Ref ECSCluster
TaskDefinition: !Ref TaskDefinition
DesiredCount: 2
LaunchType: FARGATE
Outputs:
LoadBalancerDNS:
Value: !GetAtt ALB.DNSName
CloudFormation deployments in ops0 use change sets — AWS creates a preview of the changes before any resources are modified.
Click the Deploy button in the editor toolbar.
ops0 calls CreateChangeSet on AWS. For a new stack this uses CREATE; for an existing stack it uses UPDATE.
The change set shows every resource that will be added, modified, or deleted — equivalent to terraform plan.
Policies attached to the project are evaluated against the template.
Click Apply to execute the change set. Stack events stream in real time.
Stack reaches CREATE_COMPLETE or UPDATE_COMPLETE. Outputs are available immediately.
During apply, CloudFormation stack events are streamed to the deployment log:
CREATE_IN_PROGRESS AWS::CloudFormation::Stack MyStack
CREATE_IN_PROGRESS AWS::EC2::VPC VPC
CREATE_COMPLETE AWS::EC2::VPC VPC
CREATE_IN_PROGRESS AWS::EC2::Subnet PublicSubnet1
CREATE_COMPLETE AWS::EC2::Subnet PublicSubnet1
CREATE_COMPLETE AWS::CloudFormation::Stack MyStack
Stack creation complete. 4 resources created.
Deploy the same CloudFormation template to multiple AWS regions in a single deployment run.
In the deployment panel, expand Regions and select all target regions:
✓ us-east-1 (primary)
✓ us-west-2
✓ eu-west-1
ops0 creates and executes change sets in each selected region in parallel:
| Region | Status |
|---|---|
| us-east-1 | ✓ CREATE_COMPLETE |
| us-west-2 | ✓ CREATE_COMPLETE |
| eu-west-1 | ✗ ROLLBACK_COMPLETE (error shown) |
Each region's change set and stack events are tracked independently. A failure in one region does not automatically roll back other regions.
StackSets let you deploy CloudFormation stacks to multiple AWS accounts and regions from a single operation. ops0 supports both permission models.
| Model | When to Use |
|---|---|
| SELF_MANAGED | You manually grant CloudFormation execution roles in each target account |
| SERVICE_MANAGED | AWS Organizations manages permissions automatically (requires trusted access) |
In the deployment panel, toggle Deploy as StackSet.
Choose Self-Managed or Service-Managed.
For Self-Managed: enter target account IDs and regions. For Service-Managed: select an Organizational Unit (OU) and regions.
ops0 creates the StackSet and deploys stack instances to all targets.
Progress is tracked per account and per region:
StackSet: MyInfraStackSet
├── 123456789012 / us-east-1 ✓ CURRENT
├── 123456789012 / eu-west-1 ✓ CURRENT
├── 987654321098 / us-east-1 ⟳ RUNNING
└── 987654321098 / eu-west-1 ○ PENDING
Destroying a StackSet first calls DeleteStackInstances to remove all stack instances across all accounts and regions, then calls DeleteStackSet to remove the StackSet itself.
CloudFormation templates are evaluated against policies before any change set is executed. Policies are authored using OPA/Rego and can check for:
See Policy Checking for how to create and attach policies.
If you want to migrate an existing CloudFormation project to Terraform or OpenTofu, ops0 provides a one-click migration path.
| Item | Outcome |
|---|---|
| CloudFormation template | Converted to equivalent HCL resources |
| Parameters | Mapped to Terraform variables |
| Outputs | Mapped to Terraform outputs |
| Resource types | Mapped to equivalent aws_* Terraform resources |
| IaC type | Project is updated from CloudFormation to Terraform/OpenTofu |
Automated migration handles common resource types but complex templates with custom resources (AWS::CloudFormation::CustomResource) or nested stacks may require manual adjustment after migration.