AWS CloudFormation is an infrastructure deployment utility provided by AWS. It lets you easily create, update or delete AWS resources with minimal, simplistic code. It has powerful integration with all the important AWS services and can be scaled to deploy across different AWS Regions or even across different AWS Accounts!
Let's imagine you are creating an application using AWS Lambda. As you develop the application, you decide that you will use AWS DynamoDB as a database and AWS SNS to send notifications. Then you realize you also need to use a few Amazon S3 buckets to store some files. Suddenly, you are working with 3-4 AWS services, each with their own configurations - and this is without accounting for all the IAM roles you will need to configure!
AWS CloudFormation provides an easy way to both provision (create) as well as manage AWS resources for your applications. AWS CloudFormation allows you to define your configurations using code in a JSON or YAML file - this approach is popularly called "Infrastructure as Code" or "IaC". AWS CloudFormation enables you to manage your application with AWS Lambda, AWS DynamoDB, AWS SNS, and Amazon S3 with ease, add more AWS services, and modify configurations using your favorite code editor!
Key Concepts of AWS CloudFormation
Let's take a look at a few concepts of AWS CloudFormation:
An AWS CloudFormation Template is a JSON or YAML formatted text file that contains the different AWS services you want to create as well as the configuration for each service. Each AWS service is defined under a "Resource" section. The template can also contain other fields such as "Rules", "Parameters", "Conditions" etc.
Except for the "Resources" field, all the other fields are optional.
Here is an example of an AWS CloudFormation Template:
Using the above template you can provision an EC2 instance which uses the AMI ID ami-0aa3a51537f66c564, t3.large instance type, and a 100 GB EBS volume.
The above example shows the YAML format, but the same example can be converted to the JSON format as well.
An AWS CloudFormation Stack is a collection of AWS resources or services. You can use AWS CloudFormation Templates to define a Stack. A Stack is what AWS CloudFormation uses to manage related resources as a single unit.
Consider the example application mentioned earlier - the AWS Lambda function, AWS DynamoDB table, and AWS SNS topic as well the Amazon S3 buckets are the resources. An AWS CloudFormation Stack contains all of these resources, which can be defined in a single AWS CloudFormation Template. When you need to make any change to your application, you can update the template and CloudFormation automatically updates the stack with the required changes. When you no longer need to run the application, you can delete the stack, and all of its related resources are deleted automatically.
A Change Set is what allows you to track and make changes in your AWS CloudFormation Stack. A change set is essentially a modified AWS CloudFormation template. The modified template contains all the updated configurations for that stack. You can also add or remove resources using change sets.
In our example application, suppose you needed to add a few additional fields to the AWS DynamoDB table and include a new Amazon S3 bucket, you can modify the template with these changes and upload the new template using the AWS Console (or even AWS CLI). AWS will compare the differences in our new template against the older one, and display a list of the changes. You can review the changes and then "Execute" the change set for the changes to take place.
Template Resource Attributes
In addition to specifying the "Type" and different "Properties" in an AWS CloudFormation Template's "Resource", you can also specify Template Resource Attributes to control additional behaviors and relationships.
1. CreationPolicy Attribute
Allows you to control when a resource's status reaches the "create complete" state based on a number of success signals from another resource or when a timeout period is exceeded. This can be used with Amazon EC2 Instance, AWS AutoScaling, and AWS AppStream.
In the below example snippet, CloudFormation waits for 5 signals with a period of 15 minutes between signals before proceeding with the next resource in the stack.
2. DeletionPolicy Attribute
Allows you to control what happens to a resource when you delete the associated stack. By default, AWS CloudFormation will delete the resource and all associated data. With a DeletionPolicy, you can specify if you want to backup or even preserve a resource after the associated stack has been deleted. For preserving a resource you can use the "Retain" policy.
In the below example snippet, CloudFormation will not delete the "example-bucket" S3 bucket even after the stack has been deleted.
3. DependsOn Attribute
Allows you to define the dependent resources for a resource, and hence ensure those dependent resources are created beforehand. This is useful in cases like when you need a database to be running before your application is started. DependsOn attribute overrides the default parallelism that CloudFormation uses while creating/updating/deleting resources.
In the below example snippet, CloudFormation will wait for the myDB RDS database to be created before provisioning the EC2 Instance.
4. Metadata Attribute
Allows you to add additional structured data to a resource. This data is used only as a reference and not used by CloudFormation for stack creation.
In the below example snippet, Object1 and Object2 are the additional metadata associated with the example-bucket Amazon S3 bucket.
5. UpdatePolicy Attribute
Allows you to control what happens to a resource when you update the associated stack. This can be used with certain resources under AWS AutoScaling, AWS ElastiCache, AWS OpenSearchService, and AWS AppStream.
In the below example snippet, the AutoScalingRollingUpdate policy has been used to specify how CloudFormation handles rolling updates for an Auto Scaling group.
6. UpdateReplacePolicy Attribute:
Allows you to control what happens to a resource when you update the associated stack, and the resource is replaced. You can choose to backup or preserve the original resource being replaced. For preserving a resource you can use the "Retain" policy. This policy can be used with certain resources like AWS EBS Volumes, AWS ElastiCache, AWS RDS, and AWS Redshift.
In the below example snippet, when the myDB RDS database is replaced with a new resource with a new physical ID, CloudFormation will still retain the old database and not terminate it.
AWS CloudFormation StackSet
AWS CloudFormation StackSet is an extension of stacks that enables you to create, update, or delete stacks across multiple AWS Regions and multiple AWS Accounts with a single operation. A stack set will create stacks in AWS Accounts across regions by using a single CloudFormation template. When you create a stack set you also specify the order of Regions, the number of concurrent account operations, and the fault tolerance threshold.
To create a stack set, you need an administrator account, which can be an organization-level management account or a delegated administrator account. Target accounts are the account(s) into which you create, update, or delete one or more stacks from your stack set. In order to use a stack set, there needs to be a trust relationship set up between the administrator and target account by enabling Trusted Access.
Benefits and Use Cases of AWS CloudFormation
Let's explore some of the benefits and use cases of using AWS CloudFormation:
Infrastructure As Code
One of the major benefits of using AWS CloudFormation is that it is convenient to use as infrastructure as code, especially when your application uses a lot of AWS services. You can define all the different resources you need to use and CloudFormation will take care of the deployment. Whenever you need to make a change, you can easily do so using change sets. Using AWS CloudFormation and a version control system like Git, you can easily track the changes to your infrastructure and document its history in the form of commits.
Global Scaling and Deployment
With the use of AWS CloudFormation Templates and StackSets, you can easily scale to multiple AWS Regions as well as AWS Accounts, enabling your application to have a point of presence in multiple geographic locations. You can reuse the same templates and don't need to manage resources across different regions independently.
Integration with AWS Services
AWS CloudFormation has wide integration with almost all the AWS Services, allowing you to provision, manage, scale, or terminate resources with ease. AWS provides all the required tools and SDKs to work with CloudFormation.
Reducing Human Error
When you use AWS CloudFormation instead of manual deployment using the AWS Console, you reduce the risk of human errors, while at the same time automating your deployment. This also ensures your deployment is reusable and provides a mechanism to easily revert to previous versions of your infrastructure in case of deployment issues.
AWS CloudFormation also can be useful in the event of a disaster. You can use AWS CloudFormation Templates to quickly rebuild your infrastructure in another region and have your application available to use in a few minutes to a few hours, depending on the complexity of your application.
How To Create An AWS CloudFormation Stack Using AWS Console
Let's explore how to create an Amazon EC2 Instance using AWS CloudFormation from the AWS Console.
- AWS Account
- Code Editor like VS Code
- Open a code editor. For example, you can use VS Code.
- Create a new file called template.yaml and save the file on your computer.
- Copy and paste the below contents to template.yaml and save the file.
- Login to your AWS Account. Go to any region. For example, "us-west-2".
- Open the AWS Console. Search for "CloudFormation" in the Search Bar. Select CloudFormation.
- Click on the Create stack button.
- On the "Create stack" page:
- For "Prepare template", select "Template is ready".
- For "Specify template", select "Upload a template file"
- Click the "Choose file" button, and select the template.yaml file which was created in step 2.
- Click the Next button.
- In the "Specify stack details" page, add "LambdaSum" as the "Stack name", and then click the Next button.
- In the "Configure stack options" page, keep every option as the default and then click the Next button.
- In the "Review" page, scroll to the bottom of the page and select the acknowledgment. Then, click the Create stack button.
- After a few minutes go to the CloudFormation page in AWS Console and select the LambdaSum stack. You see the "Status" as CREATE_COMPLETE.
- You can now go to the Lambda page in AWS Console. You will see that there is a "LambdaSum" AWS Lambda Function created. ' You can create a test event using the following input to execute the function.
How To Create An AWS CloudFormation Stack Using AWS CLI
The same AWS CloudFormation Stack can be created using the AWS CLI as well.
- AWS Account
- Code Editor like VS Code
- Terminal with AWS CLI configured*
* If you do not have AWS CLI configured on your terminal, you can follow the official documentation from AWS to install and configure AWS CLI on your system (Windows, Mac OS or Linux).
Instead of using the AWS Console, create the template.yml using the first two steps mentioned in the above section.
Then go to your terminal (which should have permission to create AWS CloudFormation Stacks) and run the following command:
This will create the AWS CloudFormation Stack and you should be able to see the AWS Lambda function created after a few minutes.
AWS CloudFormation is extremely cost effective. For AWS-associated services, i.e., the ones that are under the AWS::* or Alexa::* namespace, there are no additional charges - AWS charges only for the resources you use. For example, it charges for the Amazon EC2 instances or Amazon S3 buckets that are created using CloudFormation.
In case you are using third party resource providers, the first 1000 operations are free. After that, you are charged 0.00008 per additional second.
- In this article, we understood what AWS CloudFormation is and how it helps you to deploy resources in AWS automatically.
- The key concepts associated with AWS CloudFormation are Templates (infrastructure definition), Stacks (track infrastructure deployments), and ChangeSets (allows you to make changes to your infrastructure).
- Template Resource Attributes are policies that allow you to control how CloudFormation handles resouce changes like creating new resources or deleting existing resources.
- StackSets can be used to deploy to different AWS Regions and AWS Accounts.
- The benefits and use cases of AWS CloudFormation include - infrastructure as code, global scaling, and deployment, integration with AWS services, reducing human error, and disaster recovery.
- AWS CloudFormation Stacks can be created in two ways: using the AWS Console or using the AWS CLI.
- AWS CloudFormation is extremely cost-effective and only charges for the AWS resources created and for the third party resource operations.