AWS CloudFormation Introduction
Jakob Jenkov |
AWS CloudFormation is an AWS Infrastructure as Code (IaC) tool - meaning a tool that lets you specify infrastructure using code. This code is called a CloudFormation template. AWS CloudFormation lets you specify almost all of their infrastructure via CloudFormation templates. AWS can then create the resources specified in the CloudFormation template.
There are several advantages to specifying AWS infrastructure as code:
- AWS can create the infrastructure for you.
- The risk errors or omissions is much smaller.
- The CloudFormation templates function as documentation of your infrastructure configuration.
Creating AWS resources manually in the AWS web console (or via the AWS CLI) can take some time, and it is easier to forget something or make a mistake when doing so manually. It is also harder to remember how the infrastructure was configured, or to remember to document it accurately. With AWS CloudFormation templates these problems are much smaller.
AWS CloudFormation Website
The official AWS CloudFormation website can be found here:
https://aws.amazon.com/cloudformation/CloudFormation Stacks
An AWS CloudFormation template can specify more than one piece of infrastructure. Each piece of infrastructure specified in a CloudFormation template is referred to as a resource by the way. I will get back to resources later.
When an AWS CloudFormation template is deployed, the infrastructure resources created are associated with each other in what AWS calls a stack. If you deploy the same AWS CloudFormation template multiple times, then each deployment results in a unique stack of resources being deployed.
CloudFormation will deploy all the resources in a given stack (CloudFormation template). If creating any of the resources fails for any reason, CloudFormation will by default roll (undeploy) back all the deployed resources.
It is possible to update a running stack by asking AWS CloudFormation to update the stack according to a CloudFormation template. CloudFormation will then try to figure out what the difference is between the currently deployed stack and the resources specified in the changed CloudFormation template. Any resources added to the CloudFormation template will be deployed to the stack. Any changed resources will be attempted changed to match the specification in the CloudFormation template. Any deleted resources will be attempted undeployed from the stack.
It is also possible to delete a CloudFormation stack. AWS CloudFormation will then delete all the resources associated with that stack.
Deploying a CloudFormation Stack
To deploy a CloudFormation stack from a CloudFormation template - the template must first be located in an AWS S3 bucket.
You can either upload the CloudFormation template to an S3 bucket and point AWS to that template (by giving AWS CloudFormation the S3 URL to the CloudFormation template in the S3 bucket), or you can upload the CloudFormation template during creation (deployment) of the CloudFormation stack.
If you upload the CloudFormation template during creation of the CloudFormation stack, AWS will store the CloudFormation template in an S3 bucket created for the purpose by AWS.
You will usually create your own S3 bucket for CloudFormation templates and create stacks by pointing AWS CloudFormation to those templates. That way you can control which S3 bucket(s) contain what CloudFormation templates.
JSON or YAML
AWS CloudFormation templates can be written in either JSON or YAML. Some people prefer YAML because there are less curly brackets. Others prefer JSON because multiple properties can be listed per line, vs. only 1 property per line in YAML. Personally, I have no favourite.
CloudFormation Template Basics
An AWS CloudFormation template consists of the following parts:
- AWSTemplateFormatVersion
- Description
- Metadata
- Parameters
- Mappings
- Resources
- Outputs
Of these sections, only the Resources section is required. The rest of the sections are optional.
CloudFormation Template Example
Here is an example, empty CloudFormation template "template", in JSON, which shows how a CloudFormation template looks, with the major sections mentioned in the section above, but without any actual content inside of each of its sections:
{ "AWSTemplateFormatVersion":"2010-09-09", "Description":"... text ... ", "Parameters":{ }, "Metadata":{ }, "Mappings":{ }, "Resources":{ }, "Outputs":{ } }
Here is how the same CloudFormation template would look in YAML:
AWSTemplateFormatVersion: "2010-09-09" Description: A sample template Parameters: Metadata: Mappings: Resources: Outputs:
Resources
The Resources section of a CloudFormation template consists of one or more resource specifications. A resource specification consists of the following parts:
- Name
- Type
- Properties
Here is an example CloudFormation template in JSON with a Resources section filled in:
{ "AWSTemplateFormatVersion":"2010-09-09", "Resources":{ "MyResourceName" : { "Type": "AWS::S3::Bucket", "Properties": { "AccessControl": "PublicRead" } }, "MyNextResourceName": { } } }
Here is the same CloudFormation template snippet in YAML:
AWSTemplateFormatVersion: "2010-09-09" Resources: MyResourceName: Type: "AWS::S3::Bucket" Properties: AccessControl: "PublicRead" MyNextResourceName:
As you can see, the resource name is the name of a JSON property ("MyResourceName" and "MyNextResourceName"). There is not a separate field / property named "Name" anywhere.
The first resource is named "MyResourceName" (the quotes are not included in the name). This resource has a "Type" and "Properties" property.
The resource type (the "Type" property) is typically an AWS specific identifier that identifies an AWS resource type, such as an S3 bucket, an EC2 instance, a VPC etc. You need to lookup the specific identifier required for the specific resource type you want to create. See the AWS CloudFormation docs, or search online for it (Google, DuckDuckGo, Brave Search etc.).
The resource properties (the "Properties" property) are resource specific - meaning the properties (fields) nested inside the "Properties" property are specific to the type of resource you are creating. An S3 bucket will have one set of properties, an EC2 instance will have another set of properties, a VPC yet another set of properties etc. To see what properties a given resource type has, consult the AWS CloudFormation docs.
Parameters
AWS CloudFormation Templates can contain parameters. The parameter values are provided when the CloudFormation template is used to create a CloudFormation stack. The CloudFormation template can use the parameters internally so that the template can be customized at deployment time. For instance, an S3 bucket CloudFormation template could have the name of the S3 bucket to create as a parameter - so the name can be provided from the outside every time the same CloudFormation template is used to create a new stack.
I have written more about AWS CloudFormation template parameters here:
Tweet | |
Jakob Jenkov |