AWS CloudFormation: Simplifying Infrastructure as Code
What is CloudFormation?
CloudFormation is a service provided by Amazon Web Services (AWS) that enables users to create and manage AWS resources using templates. These templates are written in either JSON or YAML and describe the resources that need to be created, along with their properties and configurations.
The templates can be used to provision and configure resources such as Amazon Elastic Compute Cloud (EC2) instances, Amazon Relational Database Service (RDS) databases, and Amazon Simple Storage Service (S3) buckets, among others.
Features of CloudFormation
- CloudFormation Designer: AWS CloudFormation Designer is a visual tool that allows you to create, view and edit CloudFormation templates. It provides a drag-and-drop interface for creating and editing templates, making it easier to understand the structure of your templates and identify potential errors
- StackSets: CloudFormation StackSets enables you to create, update and manage multiple CloudFormation stacks across multiple accounts and regions. This feature is useful for organizations that want to manage their AWS infrastructure centrally, and ensure consistency across different accounts and regions.
- Support for multiple resource types: CloudFormation supports a wide range of resource types, including EC2 instances, RDS databases, S3 buckets, Elastic Load Balancers, and many more. This allows you to create a complete infrastructure for your application with a single CloudFormation template, and manage all the resources as a single unit.
- Built-in Rollback: CloudFormation provides built-in rollback capabilities. This means that if an update to a stack fails, CloudFormation will automatically roll back the update to the previous version of the stack, ensuring that your infrastructure remains stable and operational.
- AWS Templates: CloudFormation provides a library of pre-built templates that can be used to quickly create common resources such as VPCs, security groups, and load balancers. These templates can be used as a starting point for your own templates, and can save time and effort when creating new resources.
- Custom Resources: CloudFormation allows you to create custom resources by using AWS Lambda functions. This feature allows you to perform custom actions during the creation or deletion of CloudFormation stacks, and can be used to perform tasks such as sending notifications, or integrating with other services.
CloudFormation template format
A template is a JSON- or YAML-formatted text file that describes your AWS infrastructure.
JSON based AWS CloudFormation template
{
"AWSTemplateFormatVersion" : "version date",
"Description" : "JSON string",
"Metadata" : {
template metadata
},
"Parameters" : {
set of parameters
},
"Rules" : {
set of rules
},
"Mappings" : {
set of mappings
},
"Conditions" : {
set of conditions
},
"Transform" : {
set of transforms
},
"Resources" : {
set of resources
},
"Outputs" : {
set of outputs
}
}
YAML based AWS CloudFormation template
---
AWSTemplateFormatVersion: "version date"
Description:
String
Metadata:
template metadata
Parameters:
set of parameters
Rules:
set of rules
Mappings:
set of mappings
Conditions:
set of conditions
Transform:
set of transforms
Resources:
set of resources
Outputs:
set of outputs
CloudFormation Template sections
CloudFormation templates include several sections where Resources section is the only required section. The following list describes the use of each section –
- Format Version (optional) : – The AWS CloudFormation template version that the template complies with rules.
- Description (optional): – A text string that describes the purpose of template. This section must always follow the template format version section.
- Metadata (optional): – Objects that provide additional information about the template.
- Parameters (optional): – Parametrized values to pass to your template at runtime (when you create or update a stack).
- Rules (optional):- Validates a parameter or a combination of parameters passed to a template during a stack creation or stack update.
- Mappings (optional): – A mapping of keys and associated values that you can use to specify conditional parameter values, similar to a lookup table.
- Conditions (optional): – Conditions that control whether certain resources are created or whether certain resource properties are assigned a value during stack creation or update.
- Transform (optional):- For serverless applications, specifies the version of the AWS Serverless Application Model (AWS SAM) to use.
- Resources (required):- Specifies the stack resources and their properties, such as an Amazon Elastic Compute Cloud instance or an Amazon Simple Storage Service bucket
- Outputs (optional): – Describes the values that are returned whenever you view your stack’s properties.
Examples of CloudFormation
A real-world example of using CloudFormation is the creation and deployment of a multi-tier web application. Let’s take a look how to create simple basic CloudFormation templates:
Creating an S3 bucket
In this example, we are creating an S3 bucket named cloudiofy-s3-bucket using the AWS::S3::Bucket resource type. The Resources section of the template defines the resources that will be created, and the Properties section defines the properties of the resource, such as the name of the bucket.
{
"Resources": {
"CloudiofyS3Bucket ": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketName": "cloudiofy-s3-bucket"
}
}
}
}
Creating an EC2 instance
In this example, we are creating an EC2 instance of type t2.micro, using the specified Amazon Machine Image (AMI) and a key pair named cloudiofy-key-pair. Also, we are attaching a security group sg-01234567890aaadef0 to the instance.
The Resources section of the template defines the resources that will be created, and the Properties section defines the properties of the resource, such as the instance type, image id, key pair, and security group.
{
"Resources": {
"CloudiofyEC2Instance": {
"Type": "AWS::EC2::Instance",
"Properties": {
"InstanceType": "t2.micro",
"ImageId": "ami-0ff8a91507f77f867",
"KeyName": "cloudiofy-key-pair",
"SecurityGroupIds": [
"sg-01234567890aaadef0"
]
}
}
}
}
Note – that this is just a basic example and in real-world scenario you would need to add more details like subnet, IAM roles, and other properties.
Limitations of CloudFormation
- Complexity: CloudFormation templates can become complex, especially when dealing with multiple resources and inter-dependencies. This can make it difficult to understand the structure of the templates, and troubleshoot issues that may arise.
- Limited Support: CloudFormation does not support all AWS services, and not all features of supported services are available. This can be a limitation when trying to use CloudFormation to manage certain resources or perform specific tasks.
- Update Limitations: CloudFormation does not support updates to all properties of a resource. This means that certain properties of a resource cannot be changed once they have been created, which can be a limitation if you need to make changes to your infrastructure.
- Slow Deployment: CloudFormation can take a long time to deploy resources, especially when dealing with a large number of resources or complex templates. This can be a limitation when trying to deploy resources quickly, or when dealing with time-sensitive tasks.
- Limited Error Handling: CloudFormation does not provide detailed error messages when something goes wrong. This can make it difficult to troubleshoot issues, and can lead to delays in resolving problems.
Conclusion
AWS CloudFormation is a powerful service that enables infrastructure as code, simplifying the process of creating and managing resources in the AWS cloud. With CloudFormation, you can automate the deployment and management of your cloud infrastructure, saving you time and effort. The service offers a wide range of features such as CloudFormation Designer, StackSets and pre-built templates. By following best practices and utilizing the features of CloudFormation, you can optimize your CloudFormation deployments and ensure that your infrastructure is reliable and secure.