How can I specify a signed S3 URL as template in CloudFormation?


In AWS CloudFormation, you can specify a template by uploading a template file or by specifying a S3 URL to a template. (Specify an Amazon S3 template URL)

If the bucket is public, you can construct a URL for anyone to access the object/template. This works fine as long as the S3 template URL is a simple URL:

But if the bucket is private, you can generate a signed S3 URL if you want to share an object to others. I am given a URL that is a signed S3 URL for a template in a private bucket:

Unfortunately CF is not honoring the signed URL and strips everything after .template. Due to this I get Access Denied error. Does anyone know a way to specify a signed S3 URL as a template in CloudFormation?


AWS finally acknowledged that it is a bug in CloudFormation and they are working on a fix. No ETA on that yet.

Leave a Reply