A stack is a set of resources that's created by a template. A stack can represent a complete application or a part of the resources that are deployed from a specific template. For example, we can use separate stacks to create separate layers of our application. These can be deployed by separate teams, and these teams are hence able to maintain the segregation of duties, even when working in the cloud.

In the real world, the network team would be in charge of creating the VPC, internet gateways, VPNs, and Direct Connect connections. The Security team would then take over and create the NACLs, and the Security Groups would provision the groups, users, and roles, and then define permissions. A shared resources team would deploy a stack with the queues, the SES and SNS services, and other shared resources. The database team would then be able to deploy the databases and tables, and lastly the application team would deploy the servers and connect them to the resources being deployed by the other teams.

Each stack in this scenario would only be controlled by the team that deployed it. For example, the server team would have no way of modifying the network stack as their stacks only create the servers and vice-versa.

We can also specify stacks as part of templates, hence sort of nesting stacks within stacks. Supplying nested stacks allows us to create dependencies on complete stacks. For example, we would not want to deploy an EC2 stack before the VPC stack completes as there would be no VPC to deploy into and server stack creation would fail.