{"id":296422,"date":"2022-01-05T12:00:00","date_gmt":"2022-01-05T20:00:00","guid":{"rendered":"https:\/\/digitalcloud.training\/?p=296422"},"modified":"2022-05-06T14:00:41","modified_gmt":"2022-05-06T22:00:41","slug":"aws-cloudformation","status":"publish","type":"post","link":"https:\/\/digitalcloud.training\/aws-cloudformation\/","title":{"rendered":"AWS CloudFormation"},"content":{"rendered":"
Please use the menu below to navigate the article sections:<\/p>
AWS CloudFormation is a service that allows you to manage, configure and provision your AWS infrastructure as code.<\/p>\n\n\n\n
AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment.<\/p>\n\n\n\n
Resources are defined using a CloudFormation template.<\/p>\n\n\n\n
CloudFormation interprets the template and makes the appropriate API calls to create the resources you have defined.<\/p>\n\n\n\n
Supports YAML or JSON.<\/p>\n\n\n\n
CloudFormation can be used to provision a broad range of AWS resources.<\/p>\n\n\n\n
Think of CloudFormation as deploying infrastructure as code.<\/p>\n\n\n\n
CloudFormation has some similarities with AWS Elastic Beanstalk though they are also quite different as detailed in the table below:<\/p>\n\n\n\n Infrastructure is provisioned consistently, with fewer mistakes (human error).<\/p>\n\n\n\n Less time and effort than configuring resources manually.<\/p>\n\n\n\n You can use version control and peer review for your CloudFormation templates.<\/p>\n\n\n\n Free to use (you\u2019re only charged for the resources provisioned).<\/p>\n\n\n\n It can be used to manage updates and dependencies.<\/p>\n\n\n\n It can be used to rollback and delete the entire stack as well.<\/p>\n\n\n\n The following table describes the key concepts associated with AWS CloudFormation:<\/p>\n\n\n\n A template is a YAML or JSON template used to describe the end-state of the infrastructure you are either provisioning or changing.<\/p>\n\n\n\n After creating the template, you upload it to CloudFormation directly or using Amazon S3.<\/p>\n\n\n\n CloudFormation reads the template and makes the API calls on your behalf.<\/p>\n\n\n\n The resulting resources are called a \u201cStack\u201d.<\/p>\n\n\n\n Logical IDs are used to reference resources within the template.<\/p>\n\n\n\n Physical IDs identify resources outside of AWS CloudFormation templates, but only after the resources have been created.<\/p>\n\n\n\n Mandatory:<\/p>\n\n\n\n Not mandatory:<\/p>\n\n\n\n Resources<\/strong> \u2013 the required<\/em> Resources section declares the AWS resources that you want to include in the stack, such as an Amazon EC2 instance or an Amazon S3 bucket.<\/p>\n\n\n\n The following example YAML code declares an EC2 instance as a resource:<\/p>\n\n\n\n Use the optional<\/em> Parameters section to customize your templates. Parameters enable you to input custom values to your template each time you create or update a stack.<\/p>\n\n\n\n The following example declares a parameter named InstanceTypeParameter. This parameter lets you specify the Amazon EC2 instance type for the stack to use when you create or update the stack.<\/p>\n\n\n\n Note:<\/em><\/strong> the InstanceTypeParameter has a default value of t2.micro. This is the value that AWS CloudFormation uses to provision the stack unless another value is provided.<\/em><\/p>\n\n\n\n Pseudo parameters are parameters that are predefined by AWS CloudFormation. You do not declare them in your template. Use them the same way as you would a parameter, as the argument for the Ref function.<\/p>\n\n\n\n Examples include:<\/p>\n\n\n\n The optional<\/em> Mappings section matches a key to a corresponding set of named values.<\/p>\n\n\n\n The following example has region keys that are mapped to two sets of values: one named HVM64 and the other HVMG2.<\/p>\n\n\n\n Exam tip:<\/em><\/strong>\u00a0with mappings you can, for example, set values based on a region. You can create a mapping that uses the region name as a key and contains the values you want to specify for each specific region.<\/em><\/p>\n\n\n The optional<\/em> Outputs section declares output values that you can import into other stacks (to create cross-stack references), return in response (to describe stack calls), or view on the AWS CloudFormation console.<\/p>\n\n\n\n In the following example YAML code, the output named StackVPC returns the ID of a VPC, and then exports the value for cross-stack referencing with the name VPCID appended to the stack\u2019s name<\/p>\n\n\n\n The optional<\/em> Conditions section contains statements that define the circumstances under which entities are created or configured.<\/p>\n\n\n\n In the sample YAML code below, resources are created only if the EnvType parameter is equal to prod:<\/p>\n\n\n\n The optional Transform section specifies one or more macros that AWS CloudFormation uses to process your template.<\/p>\n\n\n\n The transform section can be used to reference additional code stored in S3, such as Lambda code or reusable snippets of CloudFormation code.<\/p>\n\n\n\n The AWS::Serverless transform, which is a macro hosted by AWS CloudFormation, takes an entire template written in the AWS Serverless Application Model (AWS SAM) syntax and transforms and expands it into a compliant AWS CloudFormation template.<\/p>\n\n\n\n In the following example, the template uses AWS SAM syntax to simplify the declaration of a Lambda function and its execution role:<\/p>\n\n\n\n AWS CloudFormation provides several built-in functions that help you manage your stacks. Use intrinsic functions in your templates to assign values to properties that are not available until runtime.<\/p>\n\n\n\n EXAM TIP:<\/em><\/strong> At a minimum, know the intrinsic functions listed below for the exam. The full list can be found at: https:\/\/docs.aws.amazon.com\/AWSCloudFormation\/latest\/UserGuide\/intrinsic-function-reference.html<\/em><\/p>\n\n\n\n Ref<\/strong><\/p>\n\n\n\n The following resource declaration for an Elastic IP address needs the instance ID of an EC2 instance and uses the Ref function to specify the instance ID of the MyEC2Instance resource:<\/p>\n\n\n\n Fn::GetAtt<\/strong><\/p>\n\n\n\n The following example template returns the SourceSecurityGroup.OwnerAlias and SourceSecurityGroup.GroupName of the load balancer with the logical name myELB.<\/p>\n\n\n\n Fn::FindInMap<\/strong><\/p>\n\n\n\n The following example shows how to use Fn::FindInMap for a template with a Mappings section that contains a single map, RegionMap, that associates AMIs with AWS regions:<\/p>\n\n\n\n Fn::ImportValue<\/strong><\/p>\n\n\n\n Fn::Join<\/strong><\/p>\n\n\n\n The following example uses Fn::Join to construct a string value. It uses the Ref function with the Partition parameter and the AWS::AccountId pseudo parameter.<\/p>\n\n\n\n Fn::Sub<\/strong><\/p>\n\n\n\n The following example uses a mapping to substitute the ${Domain} variable with the resulting value from the Ref function:<\/p>\n\n\n\n Deployed resources based on templates.<\/p>\n\n\n\n Create, update, and delete stacks using templates.<\/p>\n\n\n\n Deployed through the Management Console, CLI or APIs.<\/p>\n\n\n\n Stack creation errors:<\/p>\n\n\n\n Updating stacks:<\/p>\n\n\n\n AWS CloudFormation StackSets extends the functionality of stacks by enabling you to create, update, or delete stacks across multiple accounts and regions with a single operation.<\/p>\n\n\n\n Using an administrator account, you define and manage an AWS CloudFormation template, and use the template as the basis for provisioning stacks into selected target accounts across specified regions.<\/p>\n\n\n\n An administrator account is the AWS account in which you create stack sets.<\/p>\n\n\n\n A stack set is managed by signing in to the AWS administrator account in which it was created.<\/p>\n\n\n\n A target account is the account into which you create, update, or delete one or more stacks in your stack set.<\/p>\n\n\n\n Before you can use a stack set to create stacks in a target account, you must set up a trust relationship between the administrator and target accounts.<\/p>\n\n\n\n Nested stacks allow re-use of CloudFormation code for common use cases.<\/p>\n\n\n\n For example standard configuration for a load balancer, web server, application server etc.<\/p>\n\n\n\n Instead of copying out the code each time, create a standard template for each common use case and reference from within your CloudFormation template.<\/p>\n\n\n\n AWS provides Python \u201chelper scripts\u201d which can help you install software and start services on your EC2 instances.<\/p>\n\n\n\n Use SAM for deploying serverless applications using CloudFormation.<\/p>\n\n\n\n SAM is an extension to CloudFormation used to define serverless applications.<\/p>\n\n\n\n Simplified syntax for defining serverless resources: APIs, Lambda Functions, DynamoDB Tables etc.<\/p>\n\n\n\n Use the SAM CLI to package your deployment code, upload it to S3 and deploy your serverless application.<\/p>\n\n\n\n User data can be included in CloudFormation.<\/p>\n\n\n\n The script is passed into Fn::Base64<\/p>\n\n\n\n The user data script logs are stored in \/var\/log\/cloud-init-output.log<\/p>\n\n\n\n Binary is available on Amazon EC2 at \/opt\/aws\/bin\/cfn-init<\/p>\n\n\n\n cfn-init:<\/p>\n\n\n\n cfn-signal:<\/p>\n\n\n\n Troubleshooting errors:<\/p>\n\n\n\n The following CloudFormation resources support creation policies:<\/p>\n\n\n\nCloudFormation<\/strong><\/td> Elastic Beanstalk<\/strong><\/td><\/tr> \u201cTemplate-driven provisioning\u201d<\/td> \u201cWeb apps made easy”<\/td><\/tr> Deploys infrastructure using code<\/td> Deploys applications on EC2 (PaaS)<\/td><\/tr> Can be used to deploy almost any AWS service<\/td> Deploys web applications based on Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker<\/td><\/tr> Uses JSON or YAML template files<\/td> Uses ZIP or WAR files<\/td><\/tr> Similar to Terraform<\/td> Similar to Google App Engine<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Key Benefits<\/span><\/h2>\n\n\n\n
Key Concepts<\/span><\/h2>\n\n\n\n
Component<\/strong><\/td> Description<\/strong><\/td><\/tr> Templates<\/td> The JSON or YAML text file that contains the instructions for building out the AWS environment<\/td><\/tr> Stacks<\/td> The entire environment described by the template and created, updated, and deleted as a single unit<\/td><\/tr> StackSets<\/td> AWS CloudFormation StackSets extends the functionality of stacks by enabling you to create, update, or delete stacks across multiple accounts and regions with a single operation<\/td><\/tr> Change Sets<\/td> A summary of proposed changes to your stack that will allow you to see how those changes might impact your existing resources before implementing them<\/td><\/tr> Templates<\/td> The JSON or YAML text file that contains the instructions for building out the AWS environment<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Templates<\/span><\/h2>\n\n\n\n
Template elements<\/span><\/h3>\n\n\n\n
Template components<\/span><\/h3>\n\n\n\n
Resources:\n MyEC2Instance:\n Type: \"AWS::EC2::Instance\"\n Properties:\n ImageId: \"ami-0ff8a91507f77f867\"<\/pre>\n\n\n\n
Parameters<\/span><\/h3>\n\n\n\n
Parameters: \n InstanceTypeParameter: \n Type: String\n Default: t2.micro\n AllowedValues: \n - t2.micro\n - m1.small\n - m1.large\n Description: Enter t2.micro, m1.small, or m1.large. Default is t2.micro.<\/pre>\n\n\n\n
Pseudo Parameters<\/span><\/h3>\n\n\n\n
Mappings<\/span><\/h3>\n\n\n\n
RegionMap:\n\n us-east-1:\n\n HVM64: ami-0ff8a91507f77f867\n\n HVMG2: ami-0a584ac55a7631c0c\n\n us-west-1:\n\n HVM64: ami-0bdb828fd58c52235\n\n HVMG2: ami-066ee5fd4a9ef77f1<\/pre>\n\n\n\n
Outputs<\/span><\/h3>\n\n\n\n
Outputs:\n\n StackVPC:\n\n Description: The ID of the VPC\n\n Value: !Ref MyVPC\n\n Export:\n\n Name: !Sub \"${AWS::StackName}-VPCID\"<\/pre>\n\n\n\n
Conditions<\/span><\/h3>\n\n\n\n
Conditions:\n\n CreateProdResources: !Equals [ !Ref EnvType, prod ]<\/pre>\n\n\n\n
Transform<\/span><\/h3>\n\n\n\n
Transform: AWS::Serverless-2016-10-31\n\nResources:\n\n MyServerlessFunctionLogicalID:\n\n Type: AWS::Serverless::Function\n\n Properties:\n\n Handler: index.handler\n\n Runtime: nodejs8.10\n\n CodeUri: 's3:\/\/testBucket\/mySourceCode.zip'<\/pre>\n\n\n\n
Intrinsic Functions<\/span><\/h3>\n\n\n\n
MyEIP:\n\n Type: \"AWS::EC2::EIP\"\n\n Properties:\n\n InstanceId: !Ref MyEC2Instance<\/pre>\n\n\n\n
AWSTemplateFormatVersion: 2010-09-09<\/em>\n\nResources:<\/em>\n\n myELB:<\/em>\n\n Type: AWS::ElasticLoadBalancing::LoadBalancer<\/em>\n\n Properties:<\/em>\n\n AvailabilityZones:<\/em>\n\n - eu-west-1a<\/em>\n\n Listeners:<\/em>\n\n - LoadBalancerPort: '80'<\/em>\n\n InstancePort: '80'<\/em>\n\n Protocol: HTTP<\/em>\n\n myELBIngressGroup:<\/em>\n\n Type: AWS::EC2::SecurityGroup<\/em>\n\n Properties:<\/em>\n\n GroupDescription: ELB ingress group<\/em>\n\n SecurityGroupIngress:<\/em>\n\n - IpProtocol: tcp<\/em>\n\n FromPort: '80'<\/em>\n\n ToPort: '80'<\/em>\n\n SourceSecurityGroupOwnerId: !GetAtt myELB.SourceSecurityGroup.OwnerAlias<\/em>\n\n SourceSecurityGroupName: !GetAtt myELB.SourceSecurityGroup.GroupName<\/em><\/pre>\n\n\n\n
Mappings:\n\n RegionMap:\n\n us-east-1:\n\n HVM64: \"ami-0ff8a91507f77f867\"\n\n HVMG2: \"ami-0a584ac55a7631c0c\"\n\n us-west-1:\n\n HVM64: \"ami-0bdb828fd58c52235\"\n\n HVMG2: \"ami-066ee5fd4a9ef77f1\"\n\nResources:\n\n myEC2Instance:\n\n Type: \"AWS::EC2::Instance\"\n\n Properties:\n\n ImageId: !FindInMap\n\n - RegionMap\n\n - !Ref 'AWS::Region'\n\n - HVM64\n\n InstanceType: m1.small<\/pre>\n\n\n\n
Fn::ImportValue:\n\n !Sub \"${NetworkStackName}-SecurityGroupID\"<\/pre>\n\n\n\n
!Join\n\n - ''\n\n - - 'arn:'\n\n - !Ref Partition\n\n - ':s3:::elasticbeanstalk-*-'\n\n - !Ref 'AWS::AccountId'<\/pre>\n\n\n\n
Name: !Sub\n\n - www.${Domain}\n\n - { Domain: !Ref RootDomainName }<\/pre>\n\n\n\n
Stacks and Stack Sets<\/span><\/h2>\n\n\n\n
Stacks<\/span><\/h3>\n\n\n\n
Stack Sets<\/span><\/h3>\n\n\n\n
Nested Stacks<\/span><\/h3>\n\n\n\n
Best Practices<\/span><\/h2>\n\n\n\n
Serverless Application Model (SAM)<\/span><\/h2>\n\n\n\n
User data with EC2<\/span><\/h2>\n\n\n\n
CloudFormation Helper Scripts<\/span><\/h2>\n\n\n\n
Creation Policies and Wait Conditions<\/span><\/h2>\n\n\n\n