The definition of idempotent according to Wikipedia is as follows:
In computer science, the term idempotent is used more comprehensively to describe an operation that will give the same results if it is performed one or more times.
CloudFormation is considered not idempotent in several aspects of its behavior:
- Calling the create API for an existing stack will result in an error
- Calling the update API with the CloudFormation stack unchanged results in an error
- Creating and deleting the same stack will lead to the creation of resources with different ARNs for IAM users, security group identifiers, EC2 instance identifiers, VPC identifiers, etc.
- Resources modified outside of CloudFormation will not be reverted to their original values if the existing stack is updated with existing content
However, from a high level, one of the main reasons for using CloudFormation is that you present your infrastructure as code so that you can use it to recreate the same infrastructure. This is almost identical to the original definition of an idempotent, but the difference here is multiple. As stated above when using the same stack and applying it on top of it or deleting the stack and re-creating it, you technically do not get exact exact results, but from a practical point of view this is quite understandable and often quite acceptable.