CloudFormation

Solution Architect Associate

Developer Associate

Security Specialty

  • Service that allows you to manage, configure and provision your AWS infrastructure as Code
  • Resources are defined using a CloudFormation template
  • CloudFormation interprets the template and makes the appropriate API calls to create the resources you’ve defined
  • Supports YAML or JSON
  • Allows you to be consistent with provisioning infrastructure, and version control/peer review your templates
  • Free to use (but you’re charged for what you create)
  • Can be used to manage updates & dependencies, as well as rollback/delete entire stacks
  • After creating your template, you upload it to CloudFormation using S3
  • CloudFormation then reads the template and makes API calls on your behalf
  • Resulting resources are called a Stack
  • AWSTemplateFormatVersion: ‘2010-09-09’ (only supported version)
  • Metadata allows you to add custom data to your template
  • Parameters are input values that you put into CloudFormation when you launch the stack
  • Conditions are used to test conditions and take action based upon the outcome of the condition’s evaluation
  • Mappings are used to set user defined values for use within the template
  • Transform allows you to include snippets of code outside the main template
    • Ex: Code for a Lambda function, code snippets provided by AWS, etc.
    • You can store these in S3 and CloudFormation allows you to reference them
  • Resources are used to define the AWS resources that you want CloudFormation to deploy for you
  • Outputs are the results of CloudFormation running the stack. These outputs can also be used as inputs to other CloudFormation templates
  • To make changes to an existing stack, you can use a Change Set. If you generate a change set, you will see the ramifications of proposed changes prior to them being run
    • A change set is simply a new version of the CloudFormation template. CloudFormation will compare the modified template with the original and generate a change set for you
  • Maximum of 200 stacks per AWS account. Can request more through AWS support.
  • Maximum of 20 stack sets that can be created in your administrator account.
  • You can use cross-stack references to export shared resources
    • Fn::ImportValue function is used to rely upon exported resources
  • You can separate out common components in your templates and use Nested Stacks to use them. Nested stacks are stacks that create other stacks.
    • Use AWS::CloudFormation::Stack resource in your template to reference other templates
  • Do not make changes to resources created by CloudFormation outside of CloudFormation. Doing so creates a mismatch between your stack’s template and the state of your resources, which can cause errors if you delete or update the stack.
  • Use Stack Policies to protect critical stack resources from unintentional updates or deletes which could case service interruptions.
    • Stack Policy is a JSON document that describes what actions can be performed on designated resources
  • Use CloudTrail to log AWS CloudFormation calls

Serverless Application Model (SAM)

  • Extension to CloudFormation which can be used to define serverless applications
  • Simplified syntax for defining these resources
  • Has its own command line interface, SAM CLI
  • sam package creates a SAM compatable template and uploads it to S3
  • sam deploy takes the template from sam package and deploys it to infrastructure

Nested Stacks

  • Nested stacks allow re-use of CloudFormation code for common use cases
  • Nested stacks are stacks that create other stacks
  • Instead of copying code for a load balancer each time you use it, you can instead create a load balancer template and then reference it from within another CF template
  • Created as a Resource of type AWS::CloudFormation::Stack, must specify a TemplateURL.
    • The TemplateURL must be a file that exists within an S3 bucket
< Previous: Management & Governance Next: CloudTrail >