What is AWS Cloudformation?
CloudFormation is a method of provisioning AWS infrastructure using code. It allows you to model a collection of related resources, both AWS and third party, to provision them quickly and consistently.
AWS CloudFormation also provides you with a mechanism to manage the resources through their lifecycle.
CloudFormation is designed to help you manage your AWS resources, especially associated resources. You can use CloudFormation to group resources with dependencies into stacks using templates.
CloudFormation works by defining your AWS resources in a structured text file in either JSON or YAML formats. This is known as a CloudFormation template. Using the template, you then create a CloudFormation stack in AWS which contains all the resources you defined.
To manage your resources you amend your CloudFormation template and update it, which will execute the changes to the resources in your stack.
When you make changes, CloudFormation tracks the template and executes the changes or optionally creates a “Change Set” for approval.
The major benefits of CloudFormation include:
Best Practice Automation
With CloudFormation you can integrate with DevOps and GitOps best practices like establishing a Git repository and deploying infrastructure through a CI/CD pipeline. This allows you to audit changes and trigger deployments using pipeline integration tools like AWS CodePipeline and GitHub Actions.
Global Scaling and Deployment
Templates help simplify scaling in that you can apply best practices and company policy requirements within your templates that can then be used in CloudFormation StackSets to create, update and delete stacks across multiple AWS regions and accounts.
AWS Service Integration
CloudFormation meshes in with many other AWS services to automate resource and security management. CloudFormation will integrate with AWS Identity and Access Management (IAM) for secure access control, AWS Config for best practice compliance and builder tools like AWS CodePipeline to implement the latest DevOps best practices for improving automation, testing and deployment.
Manage private and 3rd party resources
You can provision and manage 3rd party resources like monitoring, CI/CD and version control using the open source CloudFormation CLI to build your own resource providers.
Managing your Infrastructure using code.
With CloudFormation you can manage all your infrastructure using code. Infrastructure management can be approached as if it were application code. Different users can create CloudFormation templates and submit them to your code repository for review. Once approved, the template can be merged into your main branch.
Merging to your main branch initiates the build process that will create your new AWS resources.
Cost reduction at the development stage.
If you are working on proof of concept or learning new services or resource types, CloudFormation allows you to quickly spin up or destroy a stack of related resources. This means you can spin up a group of resources for development and testing, but easily destroy them when they are not in use. As you move into production, you can quickly deploy from your templates and scale up as needed.
If you have a catastrophic infrastructure failure you can easily recreate your infrastructure in a different region or account from your CloudFormation templates quickly to assist in the disaster recovery process.
There are a number of other considerations when adopting CloudFormation to manage your AWS infrastructure provisioning. While it is possible to create your Cloudformation stacks manually from the console, AWS recommends adopting a CI/CD pipeline so that code updates can be better managed before merging to your main branch to deploy infrastructure.
It is also important to avoid manual changes to your stack infrastructure when you are using CloudFormation. Always use your templates to update infrastructure otherwise changes made manually will almost certainly be lost.
How much does CloudFormation cost?
CloudFormation is essentially free to use. You only pay for the API calls CloudFormation makes on your behalf and the resources you provision, which is no different than manually creating them.
There is also a small per operation charge if you are managing third party resources.
What Resources can you provision with CloudFormation?
Basically any AWS resources you can create from the AWS console can be provisioned within a CloudFormation template. This includes things like
- S3 Buckets
- EC2 instances,
- Amazon SQS queues
- Route Tables
- Network ACLs
- EC2 Security Groups
- Autoscaling Groups
- Elastic Load Balancers
- RDS Database Instances
- AWS RDS Security Groups in a VPC
What language are CloudFormation templates written in?
Templates are constructed of structured text. The declarations in your CloudFormation stack templates are written in JSON or YAML formats.
What is a CloudFormation Stack?
A stack is a collection of AWS resources provisioned by a template that you can manage as a single unit.
What is a CloudFormation StackSet?
A StackSet is a named set of stacks that use the same template that is used to provision resources across different accounts and regions. This enables a single operation to create, update or delete stacks across multiple regions and accounts.
How to Create CloudFormation Stacks from the AWS Console
To create a CloudFormation stack from the AWS console follow the steps below. In this example we’ll use a sample YAML template provided by AWS.
The first step is to navigate to the CloudFormation Service on your Services console which can be found under “Management and Governance”
The first step is to click on create stack:
In this example we’ll tell CloudFormation our template is ready and that we want to upload it.
At this point you have the ability to enter the location of a template stored in a S3 bucket or you can use a sample template for common stacks like:
- LAMP Stack (using a single EC2 instance and local MySQL)
- Ruby on Rails Stack (using a single EC2 instance and local MySQL)
- Wordpress Blog (With local MySQL)
- Wordpress Blog (Multi AZ with Amazon RDS database)
- Windows Active Directory
On the next step you need to name your stack and complete any parameters that were defined in the template. In this budget example, we have an email parameter that will receive the budget notifications.
In the next step you can specify up to 50 tag key/value pairs that will be attached to all the resources created when you create your stack.
You can nominate an IAM role to use for the stack. If you do not specify a role, then the permissions will be based on the user credentials being used to create the stack.
There are also some advanced options:
Stack Policy: This is a JSON document that defines the update actions that can be performed on nominated resources. This allows you to protect resources from unintentional updates during a stack update.
Rollback Configuration: This allows you to specify a CloudWatch alarm and time period to monitor CloudFormation when creating or updating a stack. If the operation breaches an alarm threshold, the update operation is rolled back.
Notification Options: Here, you can specify a SNS topic ARN to send notifications to.
Stack Creation Options: Here, you can specify whether to roll back on failure, specify a stack creation timeout period and set the stack termination protection. If the termination protection is enabled, your stack cannot be deleted until you update the setting via stack actions.
The final step is a review page that allows you to review and amend the options before selecting the “Create Stack”
This will start creating the stack and report back the status of each event as it is performed. Once complete all your resources will show a status of “CREATE_COMPLETE”
Create Cloud Formation Stacks from the AWS CLI
If you have the AWS command line interface installed and configured, you can use the CLI to create a stack using the “create-stack” command.
The command will require you to supply a stack name and a template which can be hosted on S3 or be a file locally on your computer.
The “describe-stacks” command entered in the CLI will return basic information about your stacks.
So that’s a very brief glimpse at what CloudFormation is and what it does, however we have barely scratched the surface of this widely used AWS service.
Whatever you are building with AWS (with or without CloudFormation) you can visualise the end result of your network topology by connecting your AWS account to Hava.
Hava polls your AWS configuration and creates a network topology diagram for every VPC discovered. Once the diagram is created, Hava polls your config and automatically updates the diagram, placing the superseded diagrams into a fully interactive version history.
To open a free account to evaluate Hava using Demo data, take a free 14 day trial of all the paid plans or to jump straight in and start importing and visualizing your AWS, Azure and GCP environments, visit https://www.hava.io
Originally published at https://www.hava.io.