Version-control your AWS infrastructure

cfnbuddy helps DevOps engineers automate and understand more of their AWS cloud by turning their existing infra into CloudFormation templates and handy architecture diagrams. All automatically and regularly delivered to their git repos.

(More visuals below)

The fastest way to automate and understand your AWS infrastructure

Check out the rest of the features and what's in it for you.

Unlimited users

One plan for the whole team; we don't penalise big teams for being... big.

Easier onboarding

Teammates ramp up faster by visually exploring how your AWS infra looks like on their own. cfnbuddy's up-to-date architecture diagrams saves time by reducing the need to document or explain your evolving infra.

Reuse knowledge

cfnbuddy encourages teams to learn from each other. Reuse their best practices, lessons learned or even full infras that others already figured out even if they already left the company. Teams using the same AWS account don't have to pay more.

Reduce communication challenges

Anybody can come and grasp your infra without interrupting colleagues due to trivialities. Invite architects, DB admins, and security specialists to cooperate with reduced friction. No need to give everybody access to your full infra, just allow them to use the cfnbuddy git repo.

Quickly find your resources

Don't navigate through a dozen pages on the AWS console or write scripts; find your resources and how they fit together, all in one git repo

Recreate infra accurately

How were your default VPCs created? Could you replicate it accurately? With your infrastructure represented accurately under CloudFormation, you always know the exact components needed to write reproducible CloudFormation templates.

Opportunity cost

Engineers could be working on more meaningful things than writing boilerplate templates or drawing diagrams that get outdated quickly.

Reduce redundant work

What's worse than drawing images? Drawing those that get outdated by the time you go get coffee. cfnbuddy works hard on your behalf and sends you any changes in pull requests.

15+ diagram types

Go beyond crowded and generic VPC images; cfnbuddy generates various images covering security groups, IAM roles, load balancer flows, CloudWatch alarms, events, etc.

Visualises your own templates, too

Previously to generate images for your templates, you'd have to manually get them from AWS CloudFormation designer. With cfnbuddy, you eliminate this step by having these images drawn for you. This works even with big stacks generated with the AWS CDK.

Hi-res PNGs

We send images of at least 4000x3000 so they look good when you zoom in. We even automatically increase their resolution in denser images. (up to 8000x6000)

Efficient commits

Redundant copies of images bloat git repos. That's why we send updates only if needed.

Your source code, your intellectual property

We use a git repo of yours only to write what we need. What's yours always remain yours. For more privacy, we can also create a free private git repo on CodeCommit and GitHub or GitLab.

Secure credentials

We use AWS recommended security practices like IAM roles. From it, we generate short-lived temporary credentials to interact with your account. No AWS access keys and passwords ever. For GitHub and GitLab, the personal access token used to push there remains encrypted in your account by AWS Secrets Manager and cannot reach cfnbuddy servers.

About your data

We don't ask for information that's none of our business. We only ask for read-only permissions that we need. You can have a security specialist review the IAM role that cfnbuddy needs to do its job (see template further below). Also, we don't hold on to your data more than we should. After the pull request is sent, your resources' data is deleted.

Yours to keep forever

cfnbuddy cannot restrict access to what we sent you. If you decide to cancel, keep everything since they are all in your git repository. Using git means there's no need to even export your data from us.

Unlimited usage

Scale means scale: Have as many resources as you want in all your regions. You only pay per AWS account for which you subscribed. To sweeten the deal even more, invite as many colleagues as you want for free.

Supports 200+ resource types

At launch, 200+ resource types are offered. These include VPCs, serverless, docker, etc and it's a business priority to add more of them. Early adopters can request for more needed ones and they will be added shortly.

It's like your own drift detection

Native drift detection from CloudFormation only supports a handful resource types for now. cfnbuddy supports 200+ resource types. Git diffs will help you spot how your configuration changes. You can then cross-check against the templates you authored if they are up-to-date.

It just works

We have sought to eliminate any friction points possible. A team member deploys our Cloudformation template once, accepts the defaults and works everyday in the background for the whole team. Bring your own git repo or, with your permission, let it create one where you need it. It will even auto-accept the pull requests.

Team Management

There's no extra layer of authentication. Engineers use your familiar authentication system they are already familiar in GitHub, GitLab or CodeCommit.


Use their private repos and leverage existing features like the great web browsing experience, webhooks, blame view, jump straight to code sections, markdown rendering of docs. cfnbuddy's documentation is delivered in Markdown so you can easily read them on GitHub.

AWS CodeCommit

You can use this integration to keep a private repository in an AWS account that you control. CodeCommit is free for 5 users and is cheap if you have many team members. Use familiar IAM permissions to control who may view your cfnbuddy repository. Features you can leverage: high availability, notifications and serverless functions.


Use their free private repos and leverage their existing features like webhooks, unlimited users and integrations to Trello, JIRA, etc.


cfn-nag has 150+ rules that scans for potential security and other misconfiguration issues of your AWS resources. Get cfn-nag results for your templates but also for your broader infra.

cfnbuddy at a glance

Here are some samples and screenshots of what you can expect.

How it works


Sign up

Confirm you agree with our Privacy Policy and our Terms of Service, then choose the period for which you want to subscribe (monthly, quarterly or annual)


Follow the guided setup (once per account)

Once payment is successful, you will be redirected to a form showing you exactly how to link your AWS account to cfnbuddy. This involves deploying a CloudFormation template in your account
(Step doable in 5 minutes)


Clone your repo

After you deploy the template, your account will be picked up within 2 minutes. You should then receive a first commit in about 10 minutes. Then, do a pull once a while to receive updates to your templates and images.


* All plans include a free 7-day trial

All-inclusive, surprise-free, honest pricing.
No surcharges and other such BS. Choose among 20+ currencies.

ROI calculator

If your team of people who earn each yearly and wasting hours each on CloudFormation or
drawing diagrams every week, then cfnbuddy will pay for itself within days weeks on the monthly annual plan.

Monthly plan per AWS account

no long-term commitment

US$ 49/ month
  • Early-adopter perks for 10 people (see below)
  • Choose among CodeCommit and GitHub/GitLab
  • Unlimited AWS resources
  • 200+ resource types (and more to come)
  • 15+ diagram types across all regions
  • Unlimited users
  • 150+ cfn-nag security scans
  • All current & future AWS regions
  • Pull requests every hour
  • Discounts
Choose This Plan

Next: A step-by-step guide to link your AWS account

Quarterly plan per AWS account

with a small discount

US$ 136/ 3 months
  • Early-adopter perks for 10 people (see below)
  • Choose among CodeCommit and GitHub/GitLab
  • Unlimited AWS resources
  • 200+ resource types (and more to come)
  • 15+ diagram types across all regions
  • Unlimited users
  • 150+ cfn-nag security scans
  • All current & future AWS regions
  • Pull requests every hour
  • Quarterly discount of 7.5% ($11)
Choose This Plan

Next: A step-by-step guide to link your AWS account

Annual plan per AWS account

2 months free

US$ 489/ year
  • Early-adopter perks for 10 people (see below)
  • Choose among CodeCommit and GitHub/GitLab
  • Unlimited AWS resources
  • 200+ resource types (and more to come)
  • 15+ diagram types across all regions
  • Unlimited users
  • 150+ cfn-nag security scans
  • All current & future AWS regions
  • Pull requests every hour
  • Annual discount of 16.8% ($99)
Choose This Plan

Next: A step-by-step guide to link your AWS account

Questions you may have about...

Our offer

If you're among the first 10 people, you'll benefit from the following:
  • Lock in on the price you paid forever; you'll always pay the cheapest price.
  • Free demo and onboarding call with the founder.
  • Vote on features you'll need to get them faster.
  • Direct access to the founder for your most pressing questions.
At launch, we're looking for 10 people who have the most pressing need to automate their AWS infrastructure. They will work directly with the founder to build the right feature set.
The ROI calculator provided above makes it clear that the investment can be recouped within days. To ensure a sustainable business, we can afford to guarantee the low price only for a handful of people. Besides, the founder's time does not scale and will not be able to give individual attention to too many people while also running the business.
cfnbuddy is currently available in public beta. It has been fairly well tested in all public regions across several AWS accounts. Just because you're an early adopter does not mean we treat you as our bug hunters! Great care has been taken to ensure stability and security before offering it to the general public. However, you should probably expect a couple of bugs as it's almost certainly not perfect!
It's important that you have the right expectations before purchasing: This product focuses on CloudFormation and automatic architecture diagrams. The following are not a good fit in the product vision and are not available:
  • Does not offer alternative descriptions for your infra, e.g via Terraform, CDK and shell scripts
  • Diagrams are meant to be drawn automatically and edits are not supported.
Unlimited email support for all your team members on weekdays. On weekends, it may be a bit slower to get back to you. Early adopter exclusive: Expect the CEO to jump in on a call and fix any trouble.
Former2 is the best free tool to automate your AWS infrastructure. First, it does not support just CloudFormation but several other automation tools. Besides, it supports more AWS resource types than cfnbuddy.
That said, it has some important limitations. It does not version-control your cloud, does not generate any architecture diagrams, does not organise files properly and works in only 1 region at a time. Also, Former2 is more suited for a single user to generate snippets than for teams to collaborate. cfnbuddy sends everything in the team's git repo for maximum convenience. Finally, it's a business priority to support as many resource types as possible. If you're looking for an out-of-the-box solution, then cfnbuddy is a much better fit for you. Otherwise, Former2 is your next best alternative.

CloudCraft images certainly look great. For the same price, you get CloudCraft for 1 user and for unlimited AWS accounts or cfnbuddy for unlimited users and 1 AWS account.

Choose CloudCraft if:
1. You don't need the CloudFormation templates
2. You need the flexibility of an API
3. You don't need to track changes to your AWS infra and the images under git
4. You want live data and don't want to wait for cfnbuddy's hourly pull request

Choose cfnbuddy if:
1. You like to experiment with the console and be given a way to automate your experiment
2. You want done-for-you diagrams and static analysis
3. You want to invite more users for the same budget
4. You'd like static analysis (with cfn-nag) done for you

Product details

All available public regions are supported and you'll get the future ones for free. As for GovCloud or China, they may work but we currently have no way of confirming that since they are not available to the general public.
At the moment, more than 200 resource types are supported, incl. the VPC, Serverless and Docker ones. The full list is:

You can and should inspect everything you deploy in your account. Here's the CloudFormation template that gets your account ready for cfnbuddy:

We want to operate in as much transparency as possible. We have no interest in using your data in shady ways (e.g storing or sharing with third parties). The IAM role only asks for read-only access. We even add explicit denies which you can check in the previous section. Also, to check what's happening to your private data:
  • AWS: The IAM access advisor or CloudTrail services provide auditing for your AWS accounts, showing what api calls are being done by whom.
  • GitHub: On your security page, scroll to the Security History section. Docs for personal accounts and for for organisations available.
  • GitLab: On your user's page ($YOUR_USER/activity), you'll see cfnbuddy activites like pushes, accepting merge requests, etc.
If you're still in doubt, do not hesitate to press Support for more details!

Pricing & Payments

If for any reason you're unsatisfied with cfnbuddy, you may cancel at any time by cancelling it directly from your receipt email (or emailing Support). You will not be charged beyond the current billing period.
The return on investment is calculated based on the number of team members and their individual salary averaged by the day. A 50-week year and 8-hour workdays are assumed. If you pay annually, we estimate how many hours of your team's time is worth the $489 asking price. If you prefer monthly, in this calculator, we assume that you have the same subscription length but without the ~17% discount in the annual plan, $49 * 12 = $588. We compare for a 12-month period in both cases to make it an apples-to-apples comparison.
People may want to sign up for multiple accounts for the automated diagrams or to check how much their environments are consistent with each other. If you don't have such a use-case, then sign up for only one account or those that you most need analysed.
If you have multiple environments in the same account but in different regions, you can still get a lot of value out of cfnbuddy. E.g you can compare and have automated diagrams for your test environment in Ohio, your staging environment in Frankfurt and your production environment in Ireland.
If you don't want to pay for anything, you can check out some free alternatives like AWS CloudFormer, AWS Console Recorder or Former2. The latter is the best after cfnbuddy :)
If you'd like to buy for at least 10 AWS accounts, contact to enquire about a bulk discount. Note that this is only available for the annual plan.

Coming soon...

Broader CloudFormation coverage? More pull requests? S3 integration? A private API?

What else would you like to see?
Early adopters' feature requests go on top of the queue.