Simplify cross-account and cross-Region stack output references with AWS CloudFormation and CDK's new Fn::GetStackOutput

If you’ve managed infrastructure across multiple AWS accounts or regions, you know the pain: CloudFormation stack outputs live in isolated silos. Want to reference a VPC ID from a stack in a different account? You’re stuck manually copying values, storing them in Parameter Store, or building custom Lambda functions to bridge the gap. AWS just made this significantly easier with Fn::GetStackOutput, a new CloudFormation function that lets you directly reference stack outputs across account and region boundaries. This is a small feature with surprisingly large practical implications for how teams organize and scale their infrastructure-as-code.

Here’s how it works technically. Fn::GetStackOutput accepts three parameters: the stack name, the logical output ID, and the AWS account ID and region where that stack lives. When CloudFormation evaluates this function, it securely retrieves the output value from the referenced stack—no manual lookups required. The magic happens through proper IAM permissions: the source stack’s execution role needs permission to read outputs from the target stack, which is managed just like any other cross-account access. If you’re using CDK, the syntax is even cleaner—you can reference outputs as properties on stack objects, and CDK handles the underlying Fn::GetStackOutput call automatically. This beats the old workaround patterns because it’s dynamic, auditable, and built into CloudFormation’s native dependency tracking.

Why does this matter in practice? Think about a typical enterprise setup: you have a network stack in a shared services account that manages VPCs and subnets, and application teams provision their own stacks in separate accounts that need to reference that shared infrastructure. Previously, you’d either hardcode subnet IDs (brittle and unmaintainable), manually export values through Parameter Store (extra operational overhead), or use custom Python scripts to wire things together (adds complexity). With Fn::GetStackOutput, your application stack can directly reference the network stack’s outputs—and if the network team updates the infrastructure, your application automatically picks up the new values on the next stack update. It also works beautifully for multi-region deployments where you want to reference a primary region’s resources from replicas.

The practical benefit accelerates as your infrastructure grows. Teams building multi-account strategies, microservices architectures, or disaster recovery setups can now organize stacks more logically without architectural compromises. If you’re already using CDK, update your toolkit and start simplifying those cross-account references. If you’re writing CloudFormation templates directly in JSON or YAML, familiarize yourself with the Fn::GetStackOutput syntax—it’s a small learning investment that eliminates recurring manual work. For growing teams especially, this reduces the friction that often pushes people toward less-than-ideal workarounds, keeping your infrastructure cleaner as complexity increases.