- \n
- CloudFormation is a declarative way of outlining your AWS Infrastructure, for any resources (most of them are supported).<\/li>\n
- For example, within a CloudFormation template, you say\n
- \n
- I want a security group<\/li>\n
- I want two EC2 machines using this security group<\/li>\n
- I want two Elastic IPs for these EC2 machines<\/li>\n
- I want an S3 bucket<\/li>\n
- I want a load balancer (ELB) in front of these machines<\/li>\n<\/ul>\n<\/li>\n
- Then CloudFormation creates those for you, in the right order, with the exact configuration that you specify.<\/li>\n<\/ul>\n
Benefits of AWS CloudFormation<\/p>\n
- \n
- Infrastructure as code<\/li>\n
- No resources are manually created, which is excellent for control<\/li>\n
- The code can be version controlled for example using git<\/li>\n
- Changes to the infrastructure are reviewed through code<\/li>\n
- Cost\n
- \n
- Each resources within the stack is stagged with an identifier so you can easily see how much a stack costs you<\/li>\n
- You can estimate the costs of your resources using the CloudFormation template<\/li>\n
- Savings strategy: In Dev, you could automation deletion of templates at 5 Pm and recreated at 8 Am, safely<\/li>\n<\/ul>\n<\/li>\n
- Productivity\n
- \n
- Ability to destroy and re-create an infrastructure on the cloud on the fly<\/li>\n
- Automated generation of Diagram for your templates!<\/li>\n
- Declarative programming (no need to figure out ordering and orchestration)<\/li>\n<\/ul>\n<\/li>\n
- Separation of concern: create many stacks for many apps, and many layers. Ex:\n
- \n
- VPC stacks<\/li>\n
- Network stacks<\/li>\n
- App stacks<\/li>\n<\/ul>\n<\/li>\n
- Don’t re-invent the wheel\n
- \n
- Leverage existing templates on the web!<\/li>\n
- Leverage the documentation<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
How CloudFormation Works<\/span><\/p>\n
- \n
- Templates have to be uploaded in S3 and then referenced in CloudFormation<\/li>\n
- To update a template, we can’t edit previous ones. We have to re-upload a new version of the template to AWS<\/li>\n
- Stacks are identified by a name<\/li>\n
- Deleting a stack deletes every single artifact that was created by CloudFormation.<\/li>\n<\/ul>\n
<\/p>\n
Deploying CloudFormation templates<\/span><\/p>\n
- \n
- Manual way:\n
- \n
- Editing templates in the CloudFormation Designer<\/li>\n
- Using the console to input parameters, etc<\/li>\n<\/ul>\n<\/li>\n
- Automated way:\n
- \n
- Editing templates in aYAML file<\/li>\n
- Using the AWS CLI (Command Line Interface) to deploy the templates<\/li>\n
- Recommended way when you fully want to automate your flow<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
<\/p>\n
CloudFormation Building Blocks<\/span><\/p>\n
- \n
- Templates components (one course section for each):\n
- \n
- Resources: your AWS resources declared in the template (MANDATORY)<\/li>\n
- Parameters: the dynamic inputs for your template<\/li>\n
- Mappings:the static variables for your template<\/li>\n
- Outputs: References to what has been created<\/li>\n
- Conditionals: List of conditions to perform resource creation<\/li>\n
- Metadata<\/li>\n<\/ol>\n<\/li>\n
- Templates helpers:\n
- \n
- References<\/li>\n
- Functions<\/li>\n<\/ol>\n<\/li>\n<\/ul>\n
<\/p>\n
Consider such an yaml file<\/p>\n
\n---\r\nResources:\r\n MyEC2Instance:\r\n Type: AWS::EC2::Instance\r\n Properties:\r\n AvailabilityZone: eu-central-1a\r\n ImageId: ami-00a205cb8e06c3c4e\r\n InstanceType: t2.micro\r\n<\/pre>\n
Create a stack in North Virginia:<\/p>\n<\/div>\n
CloudFormation -> Stacks -> Create stack<\/code><\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation01.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation02.jpg\")
<\/p>\nNext -> Create stack<\/code><\/p>\nAt the EC2 -> Instances we can see that our EC2 instance has been created.<\/p>\n
<\/p>\n
Update and delete the stack<\/span><\/p>\n
Now, let’s update the stack.<\/p>\n
CloudFormation -> Stacks -> MyFirstCloudFormationTemplate -> Update stack -> Upload a temple file<\/code><\/p>\n---\r\nParameters:\r\n\u00a0\u00a0SecurityGroupDescription:\r\n\u00a0\u00a0\u00a0\u00a0Description: Security Group Description\r\n\u00a0\u00a0\u00a0\u00a0Type: String\r\n\r\n\r\nResources:\r\n\u00a0\u00a0MyEC2Instance:\r\n\u00a0\u00a0\u00a0\u00a0Type: AWS::EC2::Instance\r\n\u00a0\u00a0\u00a0\u00a0Properties:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0AvailabilityZone: eu-central-1a\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ImageId: ami-00a205cb8e06c3c4e\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0InstanceType: t2.micro\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SecurityGroups:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- !Ref SSHSecurityGroup\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- !Ref ServerSecurityGroup\r\n\r\n\r\n\u00a0\u00a0# an elastic IP for our instance\r\n\u00a0\u00a0MyEIP:\r\n\u00a0\u00a0\u00a0\u00a0Type: AWS::EC2::EIP\r\n\u00a0\u00a0\u00a0\u00a0Properties:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0InstanceId: !Ref MyEC2Instance\r\n\r\n\r\n\u00a0\u00a0# our EC2 security group\r\n\u00a0\u00a0SSHSecurityGroup:\r\n\u00a0\u00a0\u00a0\u00a0Type: AWS::EC2::SecurityGroup\r\n\u00a0\u00a0\u00a0\u00a0Properties:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0GroupDescription: Enable SSH access via port 22\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SecurityGroupIngress:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- CidrIp: 0.0.0.0\/0\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0FromPort: 22\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0IpProtocol: tcp\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ToPort: 22\r\n\r\n\r\n\u00a0\u00a0# our second EC2 security group\r\n\u00a0\u00a0ServerSecurityGroup:\r\n\u00a0\u00a0\u00a0\u00a0Type: AWS::EC2::SecurityGroup\r\n\u00a0\u00a0\u00a0\u00a0Properties:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0GroupDescription: !Ref SecurityGroupDescription\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SecurityGroupIngress:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- IpProtocol: tcp\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0FromPort: 80\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ToPort: 80\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0CidrIp: 0.0.0.0\/0\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0- IpProtocol: tcp\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0FromPort: 22\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0ToPort: 22\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0CidrIp: 192.168.1.1\/32\r\n\r\n<\/pre>\n
![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation03.jpg\")
<\/p>\nNext -> Next -> Update Stack<\/code><\/p>\nEC2 instance has been updated. Elastic IP and security group has been created.<\/p>\n
![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation05-1.jpg\")
<\/p>\nNow, we want to get rid off all resources we created.\u00a0 So we need to delete the stack.<\/p>\n
CloudFormation -> Stacks -> MyFirstCloudFormationTemplate -> Delete -> Delete stack<\/code><\/p>\n<\/p>\n
Parameters.<\/span><\/p>\n
What are parameters?<\/p>\n
- \n
- Parameters are a way to provide inputs to your AWS CloudFormation template<\/li>\n
- They’re important to know about if:\n
- \n
- You want to reuse your templates across the company<\/li>\n
- Some inputs can not be determined ahead of time<\/li>\n<\/ul>\n<\/li>\n
- Parameters are extremely powerful, controlled, and can prevent errors from happening in your templates thanks to types.<\/li>\n<\/ul>\n
When should you use a parameter?<\/p>\n
- \n
- Ask yourself this:\n
- \n
- Is this Cloud Formation resource configuration likely to change in the future?<\/li>\n
- If so, make it a parameter.<\/li>\n<\/ul>\n<\/li>\n
- You won’t have to re-upload a template to change its content<\/li>\n<\/ul>\n
Parameters: \r\n SecurityGroupDescription: \r\n Description: Security Group Description (Simple parameter) \r\n Type: String<\/pre>\n
<\/p>\n
Parameters Settings<\/p>\n
Parameters can be controlled by all these settings:<\/p>\n
- \n
Type:<\/code>\n- \n
String<\/code><\/li>\nNumber<\/code><\/li>\nCommaDelimitedList<\/code><\/li>\nList<Type><\/code><\/li>\nAWS Parameter (to help catch invalid values \u2014 match against existing values in the AWS Account)<\/code><\/li>\n<\/ul>\n<\/li>\nDescription<\/code><\/li>\nConstraints<\/code><\/li>\nConstraintDescription (String)<\/code><\/li>\nMin\/MaxLength<\/code><\/li>\nMin\/MaxValue<\/code><\/li>\nDefaults<\/code><\/li>\nAllowedValues (array)<\/code><\/li>\nAllowedPattern (regexp)<\/code><\/li>\nNoEcho (Boolean)<\/code><\/li>\n<\/ul>\nHow to Reference a Parameter<\/p>\n
- \n
- The
Fn::Ref<\/code> function can be leveraged to reference parameters<\/li>\n- Parameters can be used anywhere in a template.<\/li>\n
- The shorthand for this in YAML is !Ref<\/li>\n
- The function can also reference other elements within the template<\/li>\n<\/ul>\n
DbSubnetl: \r\n Type: AWS::EC2::Subnet \r\n Properties: \r\n VpcId: !Ref MyVPC<\/pre>\n
<\/p>\n
Concept: Pseudo Parameters<\/p>\n
- \n
- AWS offers us pseudo parameters in any CloudFormation template.<\/li>\n
- These can be used at any time and are enabled by default<\/li>\n<\/ul>\n
- Ask yourself this:\n
- Templates components (one course section for each):\n
- Manual way:\n