What does CloudFormation do?
CloudFormation allows us to manage infrastructure as code, enabling the modeling, provisioning, and management of AWS and third-party resources efficiently and consistently.
We define these resources using a CloudFormation template, a structured text file written in either YAML or JSON. With this template, we can create a CloudFormation stack in AWS, which provisions the specified resources. Updates to the stack are managed by modifying the template, with CloudFormation handling the necessary changes while ensuring the resources remain in a stable state.
Additionally, CloudFormation offers the option to generate Change Sets for review and approval before applying updates.
By leveraging infrastructure as code, CloudFormation provides a streamlined way to:
- Define and organize AWS and third-party resources
- Provision them quickly and reliably
- Maintain and update them throughout their lifecycle
What problem does CloudFormation solve?
CloudFormation simplifies the management of AWS resources, particularly those with dependencies. It allows us to organize resources into stacks using declarative templates. With CloudFormation, we can handle the creation, updating, and deletion of resources within a stack. Resources can be provisioned in parallel when feasible or in a specific order if dependencies exist.
How can we architect a cloud solution using CloudFormation?
With CloudFormation, we can manage our entire infrastructure as code.
Since our AWS resources are defined through code, they should be managed like any other codebase. Multiple users can create CloudFormation templates and submit them to a shared code repository. After undergoing code reviews, the approved templates are merged into the main branch. This triggers a build process that provisions the specified AWS resources.
How can we use CloudFormation?
- Individual Developers – Cost Efficiency: CloudFormation enables us to quickly create and delete groups of related resources, making it ideal for experimenting with new AWS services. We can easily tear down a stack when not in use and recreate it later. As we transition to production, these templates provide a scalable starting point.
- Enterprises – Infrastructure as Code: Many organizations rely on CloudFormation to manage their entire AWS infrastructure. By integrating it with CI/CD pipelines, they can automate stack creation directly from code. Some companies even extend its use to manage non-AWS resources.
- Disaster Recovery: When infrastructure is built with CloudFormation, it can be swiftly recreated in a different Region or account, ensuring disaster recovery and seamless business continuity.
What else should we be aware of when using CloudFormation?
A key consideration is determining how to create CloudFormation stacks. While it is possible to create them manually via the console, a more efficient approach is to use an integration pipeline. By setting up a pipeline, any changes merged into the main branch of the template repository can automatically create or update stacks, with standard code review practices ensuring the quality of the templates.
Another important aspect is managing the lifecycle of individual resources. For instance, if a change to a resource requires it to be replaced, extra caution should be taken while that resource is being updated to avoid disruptions.
Lastly, manually modifying resources within a CloudFormation stack is highly discouraged. All changes should be made through CloudFormation to maintain consistency and prevent issues.
How much does CloudFormation cost?
CloudFormation has a straightforward cost structure. The service itself is free to use for managing AWS resources. Charges apply only for the resources we create and the API calls made by CloudFormation on our behalf.
For managing third-party resources with CloudFormation, a per-operation pricing model is used.
What are the basic technical concepts of CloudFormation?
- Resources – These are the AWS components we can create, such as Amazon S3 buckets, EC2 instances, or SQS queues.
- Stack – A group of AWS resources that are managed together as a single entity.
- Templates – JSON or YAML files that define CloudFormation stacks and specify all resources, including their dependencies.
- StackSet – A collection of stacks using the same template, but deployed across multiple accounts and Regions. This allows us to create, update, or delete stacks across different accounts and Regions in one action.
Sample CloudFormation template
---
AWSTemplateFormatVersion: "2024-10-31"
Description: "Simple SQS example"
Parameters:
QueueName:
Type: String
Default: MyQueue1
Description: Please enter the name of the Queue.
Resources:
MyQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: !Ref QueueName
MyQueueUpdaterRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2024-10-31
Satement:
-
Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
Policies:
-
PolicyName: QueueUpdater
PolicyDocument:
Version: 2024-10-31
Statement:
-
Effect: Allow
Action:
- sqs:Get*
- sqs:List*
- sqs:SendMessage*
- sqs:RecieveMessage*
Resource: !GetAtt MyQueue.Arn
Outputs:
QueueUrl:
Value: !Ref MyQueue
QueueARN:
Value: !GetAtt MyQueue.Arn
The CloudFormation template above creates an Amazon SQS queue and demonstrates the use of parameters and outputs.
It defines two resources: an SQS queue beginning at line 10 and an IAM role starting at line 14.
The template includes a parameter defined at line 5, which must be supplied when creating a stack from this template. This allows for the creation of multiple stacks from the same template by providing different parameter values.
Additionally, the template defines two outputs, which are values associated with the stack. These outputs can be viewed in the console or accessed programmatically.
How can we create CloudFormation stacks using the AWS Command Line Interface?
If the AWS Command Line Interface (AWS CLI) is installed and configured, we can create a stack using the CloudFormation create-stack command. This requires specifying the stack name and the template, which can be either a local file or stored on S3. To retrieve basic information about the stack, we can use the CloudFormation describe-stacks command.