Skip to main content
  1. Projects/
  2. Certification: AWS DevOps Pro/
  3. 2: Configuration Mgmt / Infrastructure as Code/
  4. 2: CloudFormation/

0: CloudFormation Overview

·2 mins

What is CF?

  • Infrastructure as Code service
  • Leverages version control and automation
  • Single or multiple templates to make an env
  • Can interact with other tools e.g. puppet
    • CF creates instances;
    • Puppet puts the instances in a certain state

What sort of stuff can we update in the stack?

  • AMI of instances
  • Update a cloudwatch alarm
  • Auto-scaling groups

How do we update the stack?

  1. Update the template
  2. Update the stack with the new template

What are stack policies good for?

  • Perhaps you don’t want just anybody updating the stack
  • Preventing resource updates:
    • JSON documents
    • Similar to IAM and bucket policies

Why might stack rollbacks fail?

  • Nested stacks.
    • Dependencies between resources
    • Resource modified outside of template

What’s the CF Template?

  • Declaration of resources that make up a stack
  • Declares an object as a name-value pair
    • Or a pair of name + enclosed objects
  • The “resource” object is the only required object in the template

What else is in a CF template?

  • Metadata: Assists with config
  • Parameters: Good for secrets
  • Rules: Evaluate parameters
  • Mappings: Map an instance type to a certain architecture, e.g.
  • Conditions: Flags to dictate, say, size of server
  • Transform: Sort of like an “import” statement. (Include lambdas)
  • Resources: Define resources; the main thing
  • Outputs: URL to the web server, e.g.

How are CF templates a disaster recovery tool?

  • You can store templates in a second region

How do we safeguard template integrity?

  • Use source control
  • Use “drift detection”
    • Make sure templates match their backups between regions