CloudFormation

What is CloudFormation:

CloudFormation is a service where it allows the user to create Infrastructure as Code (IaC) deployments using either JSON or YAML languages. Build templates for consistent provisioning of resources with peer reviewing and version control functionality. Ultimately, it also means less time to provision resources once the initial template has been configured. The service is free to use but the resources it makes are not free. 

CloudFormation Components:

TemplatesYAML/JSON text document with IaC.
StacksEntire environment described by template. Created, updated and deleted as a single unit.
StackSetExtends stacks to multiple accounts/regions.
ChangeSetsSummary of proposed changes to see how they affect the stack before its implemented.

Stacks can be nested, a nested stack allows for re-use of common code such as Load-Balancers or Web Servers. They can be referenced within the template.

Templates: Deep Dive

  • Logical ID is a reference within the template
  • Physical ID is a reference to resources outside of the template - only after it has been created.
Templates: Intrinsic Functions
  • Used in templates to assign values to properties that are not available until runtime.
  • Below are some examples:
  • Ref - Reference value of specified parameter or resource.
  • Fn::GetAtt - Returns the value of attribute from a resource in the template.
  • Fn::FindInMap - Returns value in 'Mappings' section.
Templates: Sections
Resources:
  • Mandatory.
  • Declare AWS resources to include in the Stack.
  • Resources can reference eachother.
Parameters:
  • Optional section.
  • Used to customise templates.
  • Useful for recycling of template.
Mappings:
  • Optional section.
  • Matches a 'key' to a corresponding named 'value'.
  • Exam Tip: Set mapping based on region, region-name as key and value is what you want for each region.
Outputs:
  • Optional section.
  • Declare output values to import to other stacks, return in response or view in CloudFront Console.
Conditions:
  • Optional section.
  • Statements for circumstances under which resources are created/configured.
Transform:
  • Optional section.
  • Specifies a macro CloudFront uses to process a template.
  • Reference additional code in S3 (Lambda functions or reusable CloudFormation code).
  • AWS::Serverless - specifies version of 'Serverless Application Model' to use.
  • AWS::Include - Works with snippets stored separately from the CloudFormation template.
Templates: Diagram

Click here to see a labelled CloudFormation template which uses some of the referenced sections above.

CloudFormation Helper Script: 'init' and 'signal'.

cfn-init:

cfn-init reads template meta-data from AWS::CloudFormation::Init key and acts to:

  • Fetch and Parse Meta-data from CloudFormation.
  • Install software packages.
  • Write files to disk.
  • Enable/Disable or Start/Stop services.
  • Logs for cfn-init got to /var/logs/cfn-init.log
  • To install apps, UserData and MetaData properties can be added to template.
cfn-signal:
  • Used to signal whether EC2 instances have been created or updated.
  • Used to signal when software installed and ready on EC2.
  • Can use the cfn-signal with 'CreationsPolicy' or ASG with 'WaitOnResourceSignal' UpdatePolicy.
  • UserData property uses cfn-signal with exit code if all services are configured and started successfully.

Creation and Deletion Policies

Creation Policy:
  • Prevents completion of stack until a resource sends success signal or a timeout period is exceeded.
  • cfn-signal is used for the signal.
  • Can find valid signals in the 'stack events' for tracking.
  • ASGs, EC2 and WaitConditions support CreationPolicy
Deletion Policy
  • Preserve or backup a resource when stack is deleted.
  • Retain = Preserve resource (Dont delete).
  • Snapshot = Take snapshot of resource before deleting.
  • Delete = Delete resource (default).

DependOn Attribute and WaitCondition

DependOn:
  • Makes sure a creation or update follows after another.
  • Creation will only occur after creation of another resource.
  • The resrouce in DependsOn attribute means it is created first.
WaitCondition:
  • Ensures resources are ready.
  • Co-ordinate resource creation in stack with config actions outside of stack.
  • Tracks the status of configuration process.

UpdatePolicy and UpdateReplacePolicy

UpdatePolicy:
  • Attribute that specifies how to handle updates to ASGs, ElastiCache Replication Groups, ElastiSearch Domains and Lambda Alias.
UpdateReplacePolicy:
  • Attribute used to retain or backup physical instance before it is replaced in stack update.

Stack Rollbacks, Creation and Update Failures

Creation Failures:
  • If a CloudFormation stack fails for various reasons, it will delete everything.
  • You can have optional behaviours such as:
  • DO_NOTHING - Resources left as is, good for troubleshooting.
  • Rollback - Rolls stack back.
  • Delete - Deletes resources.
Stack Update Failures:
  • "UPDATE_ROLLBACK_FAILED" - Resource can not turn back to its original state after an update failed.
  • Can manually fix and continue the rollback or continue to rollback to its previous working state "UPDATE_ROLLBACK_COMPLETE".