Docs/cookbook/aws/checklists/deployment

AWS Deployment Checklist

Version: 1.1.0 | Updated: 2026-07-16

Purpose

Gate promotion and rollback of a AWS account workload, CloudFormation/CDK stack, IAM role, VPC path, Lambda function, or release.

Why

A syntactically valid AWS artifact can still fail because of policy-chain AccessDenied, CloudFormation create/update/rollback failure, Lambda timeout, cold start, or concurrency exhaustion, service throttling or quota exhaustion, VPC route, security, endpoint-policy, or DNS failure. Promotion therefore requires target-state and rollback evidence.

How

Run against the exact target and immutable candidate. Preserve outputs from aws sts get-caller-identity and aws configure list; aws cloudformation validate-template --template-body file://template.yaml; aws cloudformation create-change-set ... then aws cloudformation describe-change-set ...; aws iam simulate-principal-policy --policy-source-arn <role> --action-names <action>; aws cloudformation detect-stack-drift --stack-name <stack>. Stop promotion on any failed item.

Version-aware caution

Capture AWS CLI/CDK/CloudFormation transform versions, partition, region, service API, runtime, and quota. Managed-service behavior and availability vary by region, account, runtime, architecture, and feature release.

Tradeoffs

Promotion waits for "caller identity and target account/region are printed before any mutation" and "template validation, lint/tests, synthesized diff, and change set show no unapproved replacement". Those AWS target checks slow release but directly bound policy-chain AccessDenied and make this rollback executable: Shift weighted traffic or aliases to the prior immutable version/cell, then use CloudFormation rollback for infrastructure; do not delete a failed stack when retained data or forensic events are required.

Anti-patterns

  • A single shared production account and VPC turns IAM, quota, network, and deployment failures into organization-wide incidents.
  • Do not remove a native warning, validator, policy, or safety limit merely to make generated output pass.
  • Do not claim a successful result without preserving the command, target, artifact/revision, and observed output.

Enterprise considerations

AWS governance enforces organization policies, centralized CloudTrail/configuration evidence, break-glass role controls, region restrictions, data classification, and cost allocation.

Official sources

Checklist

  • caller identity and target account/region are printed before any mutation.
  • template validation, lint/tests, synthesized diff, and change set show no unapproved replacement.
  • service quotas, reserved concurrency, IP capacity, and regional dependencies are preflighted.
  • IAM Access Analyzer/simulation covers the deployment and workload roles.
  • alarms and dashboards exist before traffic enters the new cell or function version.
  • weighted alias, target-group, or cell routing stops on user-impact alarms.
  • CloudFormation rollback triggers and stack events are monitored to completion.
  • rollback preserves event/schema compatibility and stateful resource retention.
  • Shift weighted traffic or aliases to the prior immutable version/cell, then use CloudFormation rollback for infrastructure; do not delete a failed stack when retained data or forensic events are required.
  • Evidence identifies version, target, artifact/revision, command or manual method, UTC time, and result.

Changelog

  • 1.1.0 (2026-07-16): Replaced generic gates with native AWS evidence and failure controls.
  • 1.0.0 (2026-07-16): Added initial checklist.