CloudFormation

AWS CloudFormation: Concepts, Templates

CloudFormation is an automation tool which automates the process of creating resources for your infrastructure in AWS. You can write YAML or JSON scripts (also called templates) where you specify details for each of your resources and their dependencies. Once the scripts get executed successfully all the resources mentioned in it will be created exactly as per provided configurations. It is important to note that in case of any failure, all the changes are rolled back. 

Or in other words we can say AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS resources and provision them in an orderly and predictable fashion. 

CloudFormation is a declarative way of outlining your AWS Infrastructure, for any resources (most of them are supported). 

AWS CloudFormation provides users with a simple way to create and manage a collection of Amazon Web Services (AWS) resources by provisioning and updating them in a predictable way. AWS CloudFormation enables you to manage your complete infrastructure or AWS resources in a text file. 

Benefits of AWS CloudFormation: 

Infrastructure as code: 

  • No resources are manually created, which is excellent for control
  • The code can be version controlled for example using git
  • Changes to the infrastructure are reviewed through code

Cost:  

  • Each resource within the stack is tagged with an identifier so you can easily see how much a stack costs you. 
  • You can estimate the costs of your resources using theCloudFormationtemplate 
  • Savings strategy: In Dev, you could automation deletion of templates at 5 PM and recreated at 8 AM, safely

Productivity: 

  • Ability to destroy and re-create an infrastructure on the cloud on the fly
  • Automated generation of Diagram for your templates!
  • Declarative programming (no need to figure out ordering and orchestration)
  1.  Separation of concern: create many stacks for many apps, and many layers. Ex: 
  • VPC stacks
  • Network stacks
  • App stacks
  1. Don’t re-invent the wheel 
  • Leverage existing templates on the web!
  • Leverage the documentation

 Features of AWS CloudFormation: 

  1. Extensibility 
  1. Cross account and cross-region management: CloudFormation StackSets let you provision a common set of AWS resources across multiple accounts and regions, with a single CloudFormation template. StackSets takes care of automatically and safely provisioning, updating, or deleting stacks, no matter where they are. 
  1. Authoring with JSON/YAML: CloudFormation allows you to model your entire cloud environment in text files. You can use open-source declarative languages, such as JSON or YAML, to describe what AWS resources you want to create and configure 
  1. Authoring with familiar programming languages: With the AWS Cloud Development Kit (AWS CDK), you can define your cloud environment using TypeScript, Python, Java, and .NET 
  1. Build serverless application with SAM: Build serverless applications faster with the AWS Serverless Application Model (SAM), an open-source framework that provides shorthand syntax.  
  1. Safety Controls: CloudFormation automates provisioning and updating your infrastructure in a safe and controlled manner. There are no manual steps or controls that can lead to errors. 
  1. Preview changes to your environment: AWS CloudFormation Change Sets allow you to preview how proposed changes to a stack might affect your running resources, for example to check whether your changes will delete or replace any critical resources. CloudFormation makes the changes to your stack only after you decide to execute the Change Set.  
  1. Dependency Management: AWS CloudFormation automatically manages dependencies between your resources during stack management actions. You don’t need to worry about specifying the order in which resources are created, updated, or deleted; CloudFormation determines the correct sequence of actions to take for each resource when performing stack operations.  

AWS CloudFormation Concepts: 

1) Templates: 

A JSON or YAML formatted text file. CloudFormation uses these templates as blueprints for building your AWS resources. 

2) Stacks: 

Manage related resources as a single unit. All the resources in a stack are defined by the stack’s CloudFormation template. 

3) Change Sets: 

Before updating your stack and making changes to your resources, you can generate a change set, which is a summary of your proposed changes. 

Change sets allow you to see how your changes might impact your running resources, especially for critical resources, before implementing them. 

With AWS CloudFormation and AWS CodePipeline, you can use continuous delivery to automatically build and test changes to your CloudFormation templates before promoting them to production stacks. 

4) Stacks: 

If a resource cannot be created, CloudFormation rolls the stack back and automatically deletes any resources that were created. If a resource cannot be deleted, any remaining resources are retained until the stack can be successfully deleted. 

Stack update methods – i) Direct update ii) Creating and executing change sets 

Drift detection enables you to detect whether a stack’s actual configuration differs, or has drifted, from its expected configuration. Use CloudFormation to detect drift on an entire stack, or on individual resources within the stack. 

A resource is considered to have drifted if any if its actual property values differ from the expected property values. 

A stack is considered to have drifted if one or more of its resources have drifted. 

To share information between stacks, export a stack’s output values. Other stacks that are in the same AWS account and region can import the exported values. 

You can nest stacks. 

5) Templates: 

Templates include several major sections. The Resources section is the only required section. 

CloudFormation Designer is a graphic tool for creating, viewing, and modifying CloudFormation templates. You can diagram your template resources using a drag-and-drop interface, and then edit their details using the integrated JSON and YAML editor. 

Custom resources enable you to write custom provisioning logic in templates that CloudFormation runs anytime you create, update (if you changed the custom resource), or delete stacks. 

Template macros enable you to perform custom processing on templates, from simple actions like find-and-replace operations to extensive transformations of entire templates. 

6) StackSets: 

CloudFormation StackSets allow you to roll out CloudFormation stacks over multiple AWS accounts and in multiple Regions with just a couple of clicks. StackSets is commonly used together with AWS Organizations to centrally deploy and manage services in different accounts. 

Administrator and target accounts – An administrator account is the AWS account in which you create stack sets. A stack set is managed by signing in to the AWS administrator account in which it was created. A target account is the account into which you create, update, or delete one or more stacks in your stack set. 

Stack sets – A stack set lets you create stacks in AWS accounts across regions by using a single Cloud Formation template. All the resources included in each stack are defined by the stack set’s Cloud Formation template. A stack set is a regional resource. 

Stack instances – A stack instance is a reference to a stack in a target account within a region. A stack instance can exist without a stack; for example, if the stack could not be created for some reason, the stack instance shows the reason for stack creation failure. A stack instance can be associated with only one stack set. 

Stack set operations – Create stack set, update stack set, delete stacks, and delete stack set. 

Tags – You can add tags during stack set creation and update operations by specifying key and value pairs. 

7) Monitoring: 

CloudFormation is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in CloudFormation. CloudTrail captures all API calls for Cloud Formation as events, including calls from the Cloud Formation console and from code calls to the Cloud Formation APIs. 

8) Security:

You can use IAM with Cloud Formation to control what users can do with AWS Cloud Formation, such as whether they can view stack templates, create stacks, or delete stacks. A service role is an IAM role that allows Cloud Formation to make calls to resources in a stack on your behalf. You can specify an IAM role that allows Cloud Formation to create, update, or delete your stack resources. 

You can improve the security posture of your VPC by configuring Cloud  Formation to use an interface VPC endpoint. 

9) Cloud Formation Pricing: 

No additional charge for Cloud Formation. You pay for AWS resources created using Cloud Formation in the same manner as if you created them manually. 

How Cloud Formation Works: 

  • Templates have tobe uploaded in S3 and then referenced in Cloud Formation  
  • To update a template, we can’t edit previous ones. Wehave toreupload a new version of the template to AWS. 
  • Stacks are identified by a name 
  • Deleting a stack deletes every single artifact that was created byCloudFormation.

Related Posts:

Amazon Web Service – AWS Tutorial

Top 13 Reasons to Why Learn AWS in 2022

What is AWS CloudTrail ? – AWS CloudTrail

Amazon Simple Workflow Service (Amazon SWF)