CloudFormation

Introduction to CloudFormation

CloudFormation is a service that allows you to manage, configure, and provision your AWS infrastructure as code
Resources are defined using a CloudFormation template
CloudFormation interprets the template and makes the appropriate API calls to create the resources you have defined
Supports YAML or JSON

CloudFormation Benefits

Infrastructure is provisioned consistently, with fewer mistakes
Less time and effort than configuring things manually
You can version control and peer review your templates
Free to use (charged for what you create)
Can be used to manage updates & dependencies
Can be used to rollback and delete the entire stack as well

CloudFormation Template

YAML or JSON template used to describe the endstate of the infrastructure you are either provisioning or changing
After creating the template, you upload it to CloudFormation using S3
CloudFormation reads the template and makes the API calls on your behalf
The resulting resources are called a Stack

CloudFormation Template Structure (YAML)

AWSTemplateFormatVersion: "2010-09-09"
Description: "Template to create an EC2 instance"
Metadata:
    Instances:
        Description: "Web Server Instance"

Paramters: #input values
    EnvType:
        Description: "Environment Type"
        Type: String
        AllowedValues:
            -prod
            -test
Conditions:
    CreateProdResources: !Equals [!Ref EnvType, prod]

Mappings: #e.g. set values baed on a region
    RegionMap:
        eu-west-1:
            "ami": "ami-0bdb1d6c15a40392c"

Transform: #include snippets of vode outside the main template
    Name: 'AWS::Include'
    Parameters:
        Location: 's3://MyAmazonS3BucketName/MyFileName.yaml'

Resources: #the AWS resources you are deploying
    EC2Instance:
        Type: AWS::EC2::Instance
        Properties
            InstanceType: t2.micro
            ImageId: ami-0bdb1d6c15a40392c
Outputs: #outputs displayed in console or input into cloudformation stack
    InstanceID:
        Description: The Instance ID
        Value: !Ref EC2Instance

Resources is the only mandatory section of the CloudFormation template
Remember that the Transform section is used to reference additional code stored in S3, allowing for code re-use, e.g. for Lambda code or template snippets/reusable pieces of CloudFormation code

CloudFormation Exam Tips

CloudFormation allows you to manage, configure and provision AWS infrastructure as code. (YAML/JSON)
Remember the main sections in the CloudFormation Template:
- Paramters - input custom values
- Conditions - e.g. provision resources based on environment
- Resources - mandatory. The AWS resources to create
- Mappings - create custom mappings like Region: AMI
- Transforms - reference code located in S3 e.g. Lambda Code or reusable snippets of CloudFormation code

CloudFormation and Systems Manager Parameter Store

You can use the existing Parameters section of your CloudFormation template to define Systems Manager parameters, along with other parameters. Systems manager parameters are unique type that is different from existing parameters because they refer to actual values in the Parameter Store. The value for this type of parameter would be the SSM parameter key instead of a string or other value. CloudFormation will fetch values stored against these keys in SSM in your account and use them for the current stack operation.

If the parameter referenced in the template does not exist in Systems Manager, there will be synchronous validation error that will be thrown. Also, if you have defined any parameter value validations (AllowedValues, AllowedPattern, etc) forSystems Manager parameters, they will be performed against SSM keys which are given as input values for template parameters, not actual values stored in Systems Manager.

Parameters stored in Systems manager are mutable. Any time you use a template containing Systems Manager parameters to create/update your stacks, CloudFormation uses the values for these Ssystems manager parameters at the time of the create/update operation. So, as the parameters are updated in Systems Manager, you can have the new value of the parameter take effect just by executing a stack update operation. The Parameters section in the output for Describe API will show an additional 'ResolvedValue' field that containst he resolved value of the Systems Manager PArameter that was used for the last stack operation.

CloudFormation StackSets

AWS CloudFormation StackSets extends the functionality of stacks by enabling you to create, update, or delete stacks across multiple accounts and regions with a single operation. Using an administrator account, you define and manage an AWS CloudFormation template, and use the template as the basis for provisioning stacks into selected target accounts across specified regions.

A stack set lets you create stacks in AWS accounts across regions by using a single AWS CloudFormation template. All the resources included in each stack are defined by the stack set's AWS CloudFormation template. As you create the stack set, you specify the template to use, as well as any parameters and capabilities that the template requires.

After you've defined a stack set, you can create, update, or delete stacks in the target accounts and regions you specify. When you create, update, or delete stacks, you can also specify operational preferences, such as the order of regions in which you want the operations to be performed, the failure tolerance beyond which stack operations stop, and the number of accounts in which operations are performed on stacks concurrently. Remember that a stack set is a regional resource so if you create a stack set in one region, you cannot see it or change it in other regions.

A stack instance is a reference to a stack in a target account within a region.

Working with AWS CloudFormation StackSets

Python Helper Scripts

cfn-init
- use to retrieve and interpret resource metadata, install packages, create files, and start services
cfn-signal
- use to signal with a CreationPolicy or WaitCondition, so you can synchronize other resources in the stack when the prerequisite resource or application is ready
cfn-get-metadata
- used to retrieve metadata for a resource or path to a specific key
cfn-hup
- used to check for updates to metadata and execute custom hooks when changes are detected

You call the scripts directly from your template. The scripts work in conjunction with resource metadata thats's defined in the same template. The scripts run on the Amazon EC2 instance during the stack creation process. The scripts are not executed by default. You must include calls in your template to execute specific helper scripts.

Extras

Ruby Statements cannot be used inside a CloudFormation Template
CloudFormation template anatomy: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html
By Default, you may have 200 CloudFormation stacks per region per account.
- To increase this number, contact AWS.
- NOTE: there is no limit to the number of CloudFormation templates you can have
CloudFormation Condition section allows you to set up differing instance types based on environment type (e.g. Prod or QA)
- Conditions are created in their own property section and then referenced in the resource declaration, allowing for the conditional creation of resources
If your CloudFormation stack encounters an error during creation, you will get the ROLLBACK_IN_PROGRESS status message
- http://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_Stack.html
Invalid JSON syntax will cause an error message during template validation
- Since the stack will never start creating, there is nothing to roll back
Parameters section does not allow for conditions.
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html
To export a stack's output value, use the Export field in the Output section of the stacks template
The intrinsic function Ref returns the value of the specified parameter or resource.
- When you specify a parameter's logical name, it returns the value of the parameter.
- When you specify a resource's logical name, it returns a value that you can typically use to refer to that resource such as a physical ID
There is no groups section.
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html
The order in which resources are created does not need to be specified.
- CloudFormation is declarative, not imperative. You don't have to specify the order in which resources are created, updated, or deleted. CloudFormation automatically determines the correct sequence of actions to create your environment.
In CloudFormation, parameters are all independent and cannot depend on each other.
- https://aws.amazon.com/blogs/devops/using-the-new-cloudformation-parameter-types/
FindInMap Function can be invoked with !FindInMap [ MapName, TopLevelKey, SecondLevelKey ]
With regards to getting a website for an application with a loud balancer:
- In the cloud formation template, you can get the attribute "DNSName" from the elastic load balancer and join (contatenate) to make a URL
- There is no URL attribute
Cloudformation package
- packages the local artifacts (local paths) that your AWS CloudFormation template refferences
- upload local artifacts such as your source code for lambda functions
Cloudformation deploy
- deploys the specified AWS CloudFormation template by creating and then executing a change set
CloudFormation valid parameter types
- deploys the specified AWS CloudFormation template by creating and then executing a change set
If you need to declare a Lambda function in CloudFormation
- Upload the code as a zip to S3 and refer to the object in AWS::Lambda::Function block
- Write the AWS Lambda Function inline in the AWS::Lambda::Function block (in Python or Node.js) as long as there are no dependencies for your code
- NOTE: Include the code in the ZipFile parameter, which is a child to the parent Code parameter
If you are using SAM with CloudFormation:
- include the Resources and Templates sections