AWS CloudFormation Tutorials
- Simplifies our Infrastructure Management.
- Quickly replicates our infrastructure.
- Easily controls and tracks changes to our infrastructure.
How does CloudFormation works?
Stack Core Features
- Create Stack
- Update Stack
- Create Change Set
- Roll back
- Managing collection of AWS resources as a single unit is called stack.
- We can create, update, delete the collection of AWS resources by creating, updating and deleting stacks.
- To create AWS resources, we create a stack by submitting the template that we created, AWS CloudFormation provisions all those resources automatically for us.
- If we want to make changes to our stack, we can update the stack.
- Before making changes to resources, we can generate a change set, which is summary of proposed changes.
- Change sets allow us to see how our changes might impact current running resources in a stack especially for critical resources, before implementing them we get an idea about the impact.
- For example: If we associate a new keypair to ec2 instance, AWS will delete the current ec2 instance and replaces it with new ec2 instance by adding new keypair to it.
What is Resources
- Resources are key components of a stack.
- Resources section is a required section that need to be defined in cloud formation template.
What is parameter
Parameters: Parameters enable us to input custom values to our template each time when we create or update stack.
- We can have maximum of 60 parameters in a cfn template.
- Each parameter must be given a logical name (logical id) which must be alphanumeric and unique among all logical names within the template.
- Each parameter must be assigned a parameter type that is supported by AWS CloudFormation.
- Each parameter must be assigned a value at runtime for AWS CloudFormation to successfully provision the stack. We can optionally specify a default value for AWS CloudFormation to use unless another value is provided.
- Parameters must be declared and referenced within the same template.
- We can reference parameters from the Resources and Outputs sections of the template.
What is mapping
- Mappings section matches a key to a corresponding set of named values.
- For example, if we want to set values based on a region, we can create a mapping that uses region name as a key and contains the values we want to specify for each region
- We can use Fn::FindInMap intrinsic function to retrieve values in map.
Intrinsic Function: FindInMap
The intrinsic function FindInMap returns the value corresponding to keys in a two-level map that is declared in Mappings section.
- Map Name
- Top Level Key
- Second Level Key
- Return Value
- Conditions section contains statements that define the circumstances under which entities are created or configured.
- Example: 1 – We can create a condition and then associate it with a resource or output so that AWS CloudFormation only creates the resource or output if the condition is true.
- Example:2 – We can associate the condition with a property so that AWS CloudFormation only sets the property to a specific value if the condition is true, if the condition is false, AWS CloudFormation sets the property to a different value that we specify.
- We will use conditions, when we want to re-use the template in different contexts like dev and prod environments.
- Conditions are evaluated based on predefined Psuedo parameters or input parameter values that we specify when we create or update stack.
- Within each condition we can reference the other condition.
- We can associate these conditions in three places.
- Resource Properties
- At stack creation or stack update, AWS CloudFormation evaluates all conditions in our template. During stack update, Resources that are now associated with a false condition are deleted.
- Important Note: During stack update, we cannot update conditions by themselves. We can update conditions only when we include changes that add, modify or delete resources.
- Outputs section declares output values that we can
- Import in to other stacks (to create cross-stack references)
- When using Nested stacks, we can see how outputs of a nested stack are used in Root Stack.
- We can view outputs on the CloudFormation console
- We can declare maximum of 60 outputs in a cfn template.
- Exports contain resource output used for cross-stack reference.
- For each AWS account, Export name must be unique with in the region. As it should be unique we can use the export name as “AWS::StackName”-ExportName
- We can’t create cross-stack references across regions.
- We can use the intrinsic function Fn::ImportValue to import values that have been exported within the same region. We will see this practically.
- In simple terms, export availability zone in stack1 and use it stack2
- For outputs, the value of the Name property of an Export can’t use Ref or GetAtt functions that depend on a resource.
- We can’t delete a stack if another stack references one of its outputs.
- We can’t modify or remove an output value that is referenced by another stack.
- We can use Outputs in combination with Conditions. We will see that in our practice sessions for Outputs.
- Metadata provides details about the cfn template.
- We have three types of metadata keys which are listed below.
- Metadata Keys
- Auto generated during resources drag and drop to canvas.
- Used for parameter grouping.
- Used for application installation and configurations on our aws compute (EC2 instances).
- This is core and important feature of CloudFormation.
- We have one complete section outlining the end to end details of init.
- Designer, Visually depicts how our resources are laid out
- Designer automatically add this information when we use it to create view and update templates. Its a system generated metadata.
- It defines the information about our resources such as their size and relative position in template metadata. All layout information is stored in designer metadata.
- In designer we drag and drop the resources.
- When we create templates in Designer, it enforces some basic relationships between resources to help us create valid template.
- Example: We cannot directly add EC2 instance in a VPC, we must add a subnet in a VPC.
- We can also validate template directly in designer.
- We can bring our template which we have written manually and validate in designer using validate template.
- Integrated Editor:
- We can make all our template modifications with this editor.
- It also provides the auto-complete feature that lists all property names for a resource so we don’t need to memorize all the properties of a resource or refer documentation.
- We can use integrated editor to convert from JSON to YAML and vice versa.
How I use Designer?
- Firstly, I write my cfn templates manually in editor by referring documentation
- Which gives me greater confidence on that particular resource for which I am writing template.
- I use visual studio code as my editor due to the fact that dealing with YAML spaces is simplified in this editor. I just use tabs and VS code editor takes care of yaml spaces.
- Copy template to Integrated Editor and Validate Template.
- Convert template from JSON to YAML or YAML to JSON.
- Drag resources to canvas and see their properties (some times).
- Copy template to Integrated Editor and review template visually on canvas.
- When we create or update stacks in the console, the console lists input parameters in alphabetical order by their logical IDs.
- By using this key, we can define our own parameter grouping and ordering so that users can efficiently specify parameter values.
- We can also define labelsfor parameters.
- A label is a friendly name or description that the console displays instead of a parameter’s logical ID which helps users understand the values to specify for each parameter.
CloudFormation & UserData
- We can use UserData in CloudFormation template for ec2.
- We need to use a intrinsic function Fn::Base64 with UserData in CFN templates. This function returns the Base64 representation of input string. It passes encoded data to ec2 Instance.
- YAML Pipe (|): Any indented text that follows should be interpreted as a multi-line scalar value which means value should be interpreted literally in such a way that preserves newlines.
- UserData Cons
- By default, user data scripts and cloud-init directives run only during the boot cycle when we first launch an instance.
- We can update our configuration to ensure that our user data scripts and cloud-init directives run every time we restart our instance. (Reboot of server required)
Helper Scripts cfn-init, cfn-hup and cfn-signal
AWS CloudFormation provides the following Python helper scripts that we can use to install software and start services on Amazon EC2 that we create as part of stack.
We can create more than one config key and have cfn-init process them in a specific order.
- Single Configset
- Multiple Configset
- The AWS::CloudFormation::Stack type nests a stack as a resource in a top-level template.
- We can add output values from a nested stack within the root stack.
- We use Fn::GetAtt function with nested stacks logical name and the name of the output value in nested stack
Nested Stacks – Practice – Create Templates
|S3 Bucket||VPC Nested Stack Template||Root Stack Template|
|• Create S3 bucket
• This is required for uploading the Nested stack templates to S3
• Create Metadata
• Create Resources
• Create VPC
• Create Subnets
• Create Route Table
• Associate Subnet & Route Table
• Create IGW
• Associate IGW to VPC
• Create Route
• Create Outputs
• Test Template
• Upload to S3
|• Create Parameters
o Create Resources
o Create VPC Stack
• Create EC2 Instance
• Create Outputs
Step#3: For VPC Nested Stack
- Create Root Stack
- It automatically creates the vpc nested stack
Step#4: Security Group Nested Stack Template
- Create Parameters
- Create Resources
- Create Security Group
- Create Outputs
Step#5: Root Stack Template
- Create Parameters
- Create Resources
- Create VPC Stack
- Create EC2 Instance
- Create Outputs
- Create Resource
- Create Security Group Stack
- Update VM Instance resource with security group
Nested Stacks vs Outputs
- A nested stack is a stack that you create within another stack by using the AWS::CloudFormation::Stack (p. 954) resource. With nested stacks, you deploy and manage all resources from a single stack.
- You can use outputs from one stack in the nested stack group as inputs to another stack in the group. This differs from exporting values.
- If you want to isolate information sharing to within a nested stack group, we suggest that you use nested stacks. To share information with other stacks (not just within the group of nested stacks), export values.
- For example, you can create a single stack with a subnet and then export its ID. Other stacks can use that subnet by importing its ID; each stack doesn’t need to create its own subnet. Note that as long as stacks are importing the subnet ID, you can’t change or delete it.