CloudFormation Stack ARN — IaC Resource References
Parse a CloudFormation stack ARN to understand the stack name, unique ID format, and how nested stack ARNs work. Covers cross-stack references and exports.
Detailed Explanation
CloudFormation Stack ARN Format
CloudFormation stack ARNs include both the stack name and a unique identifier, connected by a slash within the resource portion.
Example ARN
arn:aws:cloudformation:us-east-1:123456789012:stack/my-vpc-stack/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
Parsed Components
| Component | Value |
|---|---|
| Partition | aws |
| Service | cloudformation |
| Region | us-east-1 |
| Account ID | 123456789012 |
| Resource Type | stack |
| Resource ID | my-vpc-stack/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 |
Stack Name + Unique ID
The resource portion contains two parts separated by a slash: the human-readable stack name (my-vpc-stack) and a UUID (a1b2c3d4-...). The UUID ensures uniqueness — if you delete and recreate a stack with the same name, it gets a new UUID and therefore a new ARN.
Nested Stack ARNs
Nested stacks have their own ARNs with auto-generated names:
arn:aws:cloudformation:us-east-1:123456789012:stack/my-vpc-stack-NetworkSubnets-ABC123/uuid
The nested stack name includes the parent stack name as a prefix, making it easy to identify the hierarchy.
StackSet ARNs
CloudFormation StackSets for multi-account/multi-region deployments use a different resource type:
arn:aws:cloudformation:us-east-1:123456789012:stackset/my-org-baseline:a1b2c3d4-uuid
Cross-Stack References
CloudFormation exports use stack ARNs implicitly. When Stack A exports a value and Stack B imports it, CloudFormation tracks the dependency using the stack ARNs. You cannot delete Stack A while Stack B references its exports.
Change Sets
Change sets have their own ARNs under the changeSet resource type, referencing the parent stack's ARN components.
Use Case
Tracking infrastructure deployments across environments by parsing stack ARNs from deployment logs. Also used in IAM policies that restrict CloudFormation permissions to specific stacks, preventing unauthorized modification of production infrastructure.